diff --git a/EXAMPLE.md b/EXAMPLE.md
index 2432651..61bc573 100644
--- a/EXAMPLE.md
+++ b/EXAMPLE.md
@@ -40,14 +40,15 @@ module "lambda_test" {
Api gateway will invoke the lambda function where function is created from zip file named lambda.zip uploaded in s3 bucket where key is path for zip file in the bucket.
```
module "lambda_test" {
- source = "./lambda"
- function_name = "${var.prefix}-test-lambda"
- handler = "lambda.handler"
- lambda_runtime = "python3.x"
- s3_bucket = "${var.prefix}-test-lambda"
- s3_key = "lambda.zip"
- description = "Allow apigw to invoke lambda"
- apigw_execution_arn = "arn:aws:apigateway:region::resource-path-specifier"
+ source = "./lambda"
+ function_name = "${var.prefix}-test-lambda"
+ handler = "lambda.handler"
+ lambda_runtime = "python3.x"
+ s3_bucket = "${var.prefix}-test-lambda"
+ s3_key = "lambda.zip"
+ description = "Allow apigw to invoke lambda"
+ enable_api_invoke_permission = true
+ apigw_execution_arn = "arn:aws:apigateway:region::resource-path-specifier"
logs_retention = 14
}
```
diff --git a/README.md b/README.md
index 64f25e6..c18d2e4 100644
--- a/README.md
+++ b/README.md
@@ -45,6 +45,12 @@ No modules.
| [cloudwatch\_scheduler\_arn](#input\_cloudwatch\_scheduler\_arn) | Cloudwatch scheduler arn | `string` | `""` | no |
| [cognito\_pool\_arn](#input\_cognito\_pool\_arn) | Cognito pool arn | `string` | `""` | no |
| [description](#input\_description) | Lambda function description | `any` | n/a | yes |
+| [enable\_api\_invoke\_permission](#input\_enable\_api\_invoke\_permission) | Enable api invoke permission | `bool` | `false` | no |
+| [enable\_cognito\_invoke\_permission](#input\_enable\_cognito\_invoke\_permission) | Enable cognito invoke permission | `bool` | `false` | no |
+| [enable\_eventbridge\_invoke\_permission](#input\_enable\_eventbridge\_invoke\_permission) | Enable eventbridge invoke permission | `bool` | `false` | no |
+| [enable\_scheduler\_invoke\_permission](#input\_enable\_scheduler\_invoke\_permission) | Enable scheduler invoke permission | `bool` | `false` | no |
+| [enable\_sns\_invoke\_permission](#input\_enable\_sns\_invoke\_permission) | Enable sns invoke permission | `bool` | `false` | no |
+| [enable\_sqs\_invoke\_permission](#input\_enable\_sqs\_invoke\_permission) | Enable sqs invoke permission | `bool` | `false` | no |
| [env\_vars\_from\_parameter\_store](#input\_env\_vars\_from\_parameter\_store) | Lambda environment variables from SSM parameter store | `map(any)` | `{}` | no |
| [environment\_variables](#input\_environment\_variables) | Environment Variables for Lambda Functions | `map(any)` | `{}` | no |
| [eventbridge\_rule\_arn](#input\_eventbridge\_rule\_arn) | Eventbridge rule arn | `string` | `""` | no |
diff --git a/main.tf b/main.tf
index b7bc4af..3a5b151 100644
--- a/main.tf
+++ b/main.tf
@@ -70,7 +70,7 @@ resource "aws_lambda_function" "lambda" {
# ------------------------------------------------------------------------------------------
resource "aws_lambda_permission" "api" {
- count = length(var.apigw_execution_arn) > 0 ? 1 : 0
+ count = var.enable_api_invoke_permission ? 1 : 0
statement_id = "AllowAPIGWLambdaInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
@@ -79,7 +79,7 @@ resource "aws_lambda_permission" "api" {
}
resource "aws_lambda_permission" "cognito" {
- count = length(var.cognito_pool_arn) > 0 ? 1 : 0
+ count = var.enable_cognito_invoke_permission ? 1 : 0
statement_id = "AllowCognitoPoolLambdaInvoke"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
@@ -88,7 +88,7 @@ resource "aws_lambda_permission" "cognito" {
}
resource "aws_lambda_permission" "sqs" {
- count = length(var.sqs_queue_arn) > 0 ? 1 : 0
+ count = var.enable_sqs_invoke_permission ? 1 : 0
statement_id = "AllowExecutionFromSQS"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
@@ -97,7 +97,7 @@ resource "aws_lambda_permission" "sqs" {
}
resource "aws_lambda_permission" "eventbridge" {
- count = length(var.eventbridge_rule_arn) > 0 ? 1 : 0
+ count = var.enable_eventbridge_invoke_permission ? 1 : 0
statement_id = "AllowExecutionFromEventBridge"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
@@ -106,7 +106,7 @@ resource "aws_lambda_permission" "eventbridge" {
}
resource "aws_lambda_permission" "sns" {
- count = length(var.sns_topic_arn) > 0 ? 1 : 0
+ count = var.enable_sns_invoke_permission ? 1 : 0
statement_id = "AllowInvocationFromSNS"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
@@ -115,7 +115,7 @@ resource "aws_lambda_permission" "sns" {
}
resource "aws_lambda_permission" "cloudwatch_scheduler" {
- count = length(var.cloudwatch_scheduler_arn) > 0 ? 1 : 0
+ count = var.enable_scheduler_invoke_permission ? 1 : 0
statement_id = "AllowExecutionFromEventbridge"
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.lambda.function_name
diff --git a/variables.tf b/variables.tf
index 6001af7..7dea15a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -134,4 +134,34 @@ variable "eventbridge_rule_arn" {
variable "cloudwatch_scheduler_arn" {
description = "Cloudwatch scheduler arn"
default = ""
-}
\ No newline at end of file
+}
+
+variable "enable_api_invoke_permission" {
+ description = "Enable api invoke permission"
+ default = false
+}
+
+variable "enable_cognito_invoke_permission" {
+ description = "Enable cognito invoke permission"
+ default = false
+}
+
+variable "enable_sqs_invoke_permission" {
+ description = "Enable sqs invoke permission"
+ default = false
+}
+
+variable "enable_eventbridge_invoke_permission" {
+ description = "Enable eventbridge invoke permission"
+ default = false
+}
+
+variable "enable_sns_invoke_permission" {
+ description = "Enable sns invoke permission"
+ default = false
+}
+
+variable "enable_scheduler_invoke_permission" {
+ description = "Enable scheduler invoke permission"
+ default = false
+}