comtravo · Puneeth-n · Mar 1, 2021 · Feb 27, 2021 · Mar 1, 2021 · Mar 1, 2021
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM puneethn/terraform-test-workhorse:0.12.25
+FROM puneethn/terraform-test-workhorse:0.13.5
 
 WORKDIR /go/src/github.com/comtravo/terraform-aws-lambda
 COPY . .
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -23,7 +23,9 @@ pipeline {
         script {
           try {
             sh(label: 'Building docker image', script: "make build")
-            sh(label: 'Testing docker image', script: "make test-docker")
+            withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', accessKeyVariable: 'AWS_ACCESS_KEY_ID', credentialsId: 'automated-infra-testing-account', secretKeyVariable: 'AWS_SECRET_ACCESS_KEY']]) {
+              sh(label: 'Testing docker image', script: "make test-docker")
+            }
           } finally {
             sh(label: 'Cleanup', script: "make clean-all")
           }

diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 
 DOCKER_COMPOSE=docker-compose -f ./docker-compose.yml
 DOCKER_COMPOSE_DEVELOP=$(DOCKER_COMPOSE) -f ./docker-compose.develop.yml
-GENERATE_DOCS_COMMAND:=terraform-docs --sort-inputs-by-required markdown --no-escape . > README.md
+GENERATE_DOCS_COMMAND:=terraform-docs markdown . > README.md
 
 fmt:
 	@terraform fmt -recursive
@@ -16,10 +16,10 @@ lint:
 build:
 	@$(DOCKER_COMPOSE) build
 
-test-localstack:
-	@cd test && go test -tags=localstack
+test-aws:
+	@cd test && go test -tags=aws
 
-test-all: test-localstack
+test-all: test-aws
 
 test-docker:
 	@$(DOCKER_COMPOSE) run --rm terraform make lint

diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ MIT Licensed. See LICENSE for full details.
 
 | Name | Version |
 |------|---------|
-| terraform | >= 0.12 |
+| terraform | >= 0.13 |
 | aws | ~> 3.0 |
 
 ## Providers
@@ -30,36 +30,35 @@ MIT Licensed. See LICENSE for full details.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| file_name | Lambda function filename name | `string` | n/a | yes |
-| function_name | Lambda function name | `string` | n/a | yes |
-| handler | Lambda function handler | `string` | n/a | yes |
-| region | AWS region | `string` | n/a | yes |
-| role | Lambda function role | `string` | n/a | yes |
-| trigger | Trigger configuration for this lambda function | `any` | n/a | yes |
-| cloudwatch_log_retention | Enable Cloudwatch logs retention | `number` | `90` | no |
-| cloudwatch_log_subscription | Cloudwatch log stream configuration | <pre>object({<br>    enable : bool<br>    filter_pattern : string<br>    destination_arn : string<br>  })</pre> | <pre>{<br>  "destination_arn": "",<br>  "enable": false,<br>  "filter_pattern": ""<br>}</pre> | no |
+| cloudwatch\_log\_retention | Enable Cloudwatch logs retention | `number` | `90` | no |
+| cloudwatch\_log\_subscription | Cloudwatch log stream configuration | <pre>object({<br>    enable : bool<br>    filter_pattern : string<br>    destination_arn : string<br>  })</pre> | <pre>{<br>  "destination_arn": "",<br>  "enable": false,<br>  "filter_pattern": ""<br>}</pre> | no |
 | description | Lambda function description | `string` | `"Managed by Terraform"` | no |
 | environment | Lambda environment variables | `map(string)` | `null` | no |
+| file\_name | Lambda function filename name | `string` | n/a | yes |
+| function\_name | Lambda function name | `string` | n/a | yes |
+| handler | Lambda function handler | `string` | n/a | yes |
 | layers | List of layers for this lambda function | `list(string)` | `[]` | no |
-| memory_size | Lambda function memory size | `number` | `128` | no |
+| memory\_size | Lambda function memory size | `number` | `128` | no |
 | publish | Publish lambda function | `bool` | `false` | no |
-| reserved_concurrent_executions | Reserved concurrent executions  for this lambda function | `number` | `-1` | no |
+| region | AWS region | `string` | n/a | yes |
+| reserved\_concurrent\_executions | Reserved concurrent executions  for this lambda function | `number` | `-1` | no |
+| role | Lambda function role | `string` | n/a | yes |
 | runtime | Lambda function runtime | `string` | `"nodejs12.x"` | no |
 | tags | Tags for this lambda function | `map(string)` | `{}` | no |
 | timeout | Lambda function runtime | `number` | `300` | no |
-| tracing_config | https://www.terraform.io/docs/providers/aws/r/lambda_function.html | <pre>object({<br>    mode : string<br>  })</pre> | <pre>{<br>  "mode": "PassThrough"<br>}</pre> | no |
-| vpc_config | Lambda VPC configuration | <pre>object({<br>    subnet_ids : list(string)<br>    security_group_ids : list(string)<br>  })</pre> | <pre>{<br>  "security_group_ids": [],<br>  "subnet_ids": []<br>}</pre> | no |
+| tracing\_config | https://www.terraform.io/docs/providers/aws/r/lambda_function.html | <pre>object({<br>    mode : string<br>  })</pre> | <pre>{<br>  "mode": "PassThrough"<br>}</pre> | no |
+| trigger | Trigger configuration for this lambda function | `any` | n/a | yes |
+| vpc\_config | Lambda VPC configuration | <pre>object({<br>    subnet_ids : list(string)<br>    security_group_ids : list(string)<br>  })</pre> | <pre>{<br>  "security_group_ids": [],<br>  "subnet_ids": []<br>}</pre> | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | arn | AWS lambda arn |
 | dlq | AWS lambda Dead Letter Queue details |
-| function_name | AWS lambda function name |
-| invoke_arn | AWS lambda invoke_arn |
-| qualified_arn | AWS lambda qualified_arn |
+| function\_name | AWS lambda function name |
+| invoke\_arn | AWS lambda invoke\_arn |
+| qualified\_arn | AWS lambda qualified\_arn |
 | queue | AWS lambda SQS details |
-| sns_topics | AWS lambda SNS topics if any |
+| sns\_topics | AWS lambda SNS topics if any |
 | version | AWS lambda version |
-
diff --git a/docker-compose.develop.yml b/docker-compose.develop.yml
@@ -5,10 +5,5 @@ services:
     command: bash
     volumes:
       - ./:/go/src/github.com/comtravo/terraform-aws-lambda
-
-  localstack:
-    ports:
-      - 4566:4566
-      - 4584-4597:4584-4597
-      - 4567-4583:4567-4583
-      - 8080:8080
+    environment:
+      - AWS_SESSION_TOKEN=${AWS_SESSION_TOKEN:-foo} # automated infra testing acc creds
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -9,25 +9,5 @@ services:
     environment:
       - AWS_REGION=us-east-1
       - AWS_DEFAULT_REGION=us-east-1
-      - AWS_ACCESS_KEY_ID=foo
-      - AWS_SECRET_ACCESS_KEY=bar
-      - LOCALSTACK_HOST=localstack
-    depends_on:
-      - localstack
-
-  localstack:
-    image: localstack/localstack:0.11.4
-    environment:
-      - SERVICES=events,iam,logs,lambda,sns,sqs,sts
-      - AWS_REGION=us-east-1
-      - AWS_DEFAULT_REGION=us-east-1
-      - DEFAULT_REGIONc=us-east-1
-      - DOCKER_HOST=unix:///var/run/docker.sock
-      - DATA_DIR=/tmp/localstack/data
-      - DEBUG=1
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
-      - "localstack-data:/tmp/localstack"
-
-volumes:
-  localstack-data:
+      - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-foo} # automated infra testing acc creds
+      - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-foo} # automated infra testing acc creds
diff --git a/examples/api_gateway_trigger/main.tf b/examples/api_gateway_trigger/main.tf
@@ -42,7 +42,7 @@ module "api_gatewat_trigger" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "api-gateway"
   }

diff --git a/examples/cloudwatch_event_pattern_trigger/main.tf b/examples/cloudwatch_event_pattern_trigger/main.tf
@@ -42,10 +42,32 @@ module "cloudwatch_event_pattern_trigger" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
-    type                = "cloudwatch-event-trigger"
-    schedule_expression = "{}"
+    type          = "cloudwatch-event-trigger"
+    event_pattern = <<PATTERN
+{
+  "source": [
+    "aws.s3"
+  ],
+  "detail-type": [
+    "AWS API Call via CloudTrail"
+  ],
+  "detail": {
+    "eventSource": [
+      "s3.amazonaws.com"
+    ],
+    "eventName": [
+      "PutObject"
+    ],
+    "requestParameters": {
+      "bucketName": [
+        "foo-bar-baz"
+      ]
+    }
+  }
+}
+PATTERN
   }
   environment = {
     "LOREM" = "IPSUM"

diff --git a/examples/cloudwatch_event_schedule_trigger/main.tf b/examples/cloudwatch_event_schedule_trigger/main.tf
@@ -42,7 +42,7 @@ module "cloudwatch_event_schedule_trigger" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type                = "cloudwatch-event-schedule"
     schedule_expression = "cron(0 1 * * ? *)"

diff --git a/examples/cloudwatch_logs_subscription/main.tf b/examples/cloudwatch_logs_subscription/main.tf
@@ -42,7 +42,7 @@ module "cloudwatch_log_consumer" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = "${var.function_name}-consumer"
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "cloudwatch-logs"
   }
@@ -59,7 +59,7 @@ module "cloudwatch_log_producer" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = "${var.function_name}-producer"
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "api-gateway"
   }

diff --git a/examples/cloudwatch_logs_trigger/main.tf b/examples/cloudwatch_logs_trigger/main.tf
@@ -42,8 +42,8 @@ module "logs" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     type = "cloudwatch-logs"
   }

diff --git a/examples/cognito_trigger/main.tf b/examples/cognito_trigger/main.tf
@@ -42,8 +42,8 @@ module "cognito" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     type = "cognito-idp"
   }

diff --git a/examples/layers/main.tf b/examples/layers/main.tf
@@ -34,6 +34,12 @@ resource "aws_iam_role_policy" "lambda" {
   policy = data.aws_iam_policy_document.policy.json
 }
 
+resource "aws_lambda_layer_version" "test" {
+  filename   = "${path.module}/../../test/fixtures/foo.zip"
+  layer_name = "foo_layer"
+
+  compatible_runtimes = ["nodejs12.x"]
+}
 
 module "layers" {
 
@@ -42,8 +48,8 @@ module "layers" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+  layers        = [aws_lambda_layer_version.test.arn]
   trigger = {
     type = "api-gateway"
   }

diff --git a/examples/no_environment_variables/main.tf b/examples/no_environment_variables/main.tf
@@ -42,7 +42,7 @@ module "api_gatewat_trigger" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "api-gateway"
   }

diff --git a/examples/null_trigger/main.tf b/examples/null_trigger/main.tf
@@ -42,7 +42,7 @@ module "null_trigger" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "null"
   }

diff --git a/examples/publish/main.tf b/examples/publish/main.tf
@@ -42,8 +42,7 @@ module "publish" {
   function_name = var.function_name
   handler       = "index.handler"
   publish       = true
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
   trigger = {
     type = "api-gateway"
   }

diff --git a/examples/sqs_fifo_sns_trigger/main.tf b/examples/sqs_fifo_sns_trigger/main.tf
@@ -55,13 +55,13 @@ module "sqs" {
   function_name = var.function_name
   handler       = "index.handler"
   publish       = true
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     sns_topics = [
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.foo.name}",
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.bar.name}",
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.baz.name}",
+      aws_sns_topic.foo.arn,
+      aws_sns_topic.bar.arn,
+      aws_sns_topic.baz.arn,
     ]
     type       = "sqs"
     batch_size = 10

diff --git a/examples/sqs_fifo_trigger/main.tf b/examples/sqs_fifo_trigger/main.tf
@@ -42,8 +42,8 @@ module "sqs" {
   function_name = var.function_name
   handler       = "index.handler"
   publish       = true
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     type       = "sqs"
     batch_size = 10

diff --git a/examples/sqs_sns_trigger/main.tf b/examples/sqs_sns_trigger/main.tf
@@ -55,13 +55,13 @@ module "sqs" {
   function_name = var.function_name
   handler       = "index.handler"
   publish       = true
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     sns_topics = [
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.foo.name}",
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.bar.name}",
-      "arn:aws:sns:us-east-1:000000000000:${aws_sns_topic.baz.name}",
+      aws_sns_topic.foo.arn,
+      aws_sns_topic.bar.arn,
+      aws_sns_topic.baz.arn,
     ]
     type       = "sqs"
     batch_size = 10
@@ -74,6 +74,12 @@ module "sqs" {
   tags = {
     "Foo" : var.function_name
   }
+
+  depends_on = [
+    aws_sns_topic.foo,
+    aws_sns_topic.bar,
+    aws_sns_topic.baz,
+  ]
 }
 
 output "arn" {

diff --git a/examples/sqs_trigger/main.tf b/examples/sqs_trigger/main.tf
@@ -42,8 +42,8 @@ module "sqs" {
   function_name = var.function_name
   handler       = "index.handler"
   publish       = true
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     type       = "sqs"
     batch_size = 10

diff --git a/examples/step_function_trigger/main.tf b/examples/step_function_trigger/main.tf
@@ -42,8 +42,8 @@ module "step_function" {
   file_name     = "${path.module}/../../test/fixtures/foo.zip"
   function_name = var.function_name
   handler       = "index.handler"
-  role          = aws_iam_role.lambda.name
-  layers        = ["arn:aws:lambda:us-east-1:284387765956:layer:BetterSqlite3:8"]
+  role          = aws_iam_role.lambda.arn
+
   trigger = {
     type = "step-function"
   }