Skip to content

observeinc/terraform-aws-lambda

This branch is up to date with main.

Folders and files

NameName
Last commit message
Last commit date
Aug 22, 2023
May 1, 2024
May 30, 2024
May 29, 2024
Jan 14, 2022
May 1, 2024
Dec 17, 2020
Dec 17, 2020
May 30, 2024
May 1, 2024
Jul 25, 2023
May 1, 2024
May 1, 2024

Repository files navigation

AWS Lambda Terraform module

Terraform module which sets up a Lambda to forward event data towards Observe.

Usage

module "observe_lambda" {
  source = "observeinc/lambda/aws"

  name                           = "observe-lambda"
  observe_collection_endpoint    = "https://<customerid>.collect.observeinc.com"
  observe_token                  = "<token>"
}

This module will create a Lambda. If no role ARN is provided, a new role will be created.

Additionally, this repository provides submodules to interact with the lambda function set up by this module:

Examples

This repository contains examples of how to solve for concrete usecases:

Requirements

Name Version
terraform >= 1.1.1
aws >= 2.68

Providers

Name Version
aws >= 2.68

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.group resource
aws_iam_policy.kms_decrypt resource
aws_iam_policy.lambda_logging resource
aws_iam_policy.vpc_access resource
aws_iam_role.lambda resource
aws_iam_role_policy_attachment.kms_decrypt resource
aws_iam_role_policy_attachment.lambda_logs resource
aws_iam_role_policy_attachment.vpc_access resource
aws_kms_ciphertext.token resource
aws_lambda_function.this resource
aws_region.current data source

Inputs

Name Description Type Default Required
dead_letter_queue_destination Send failed events/function executions to a dead letter queue arn sns or sqs string null no
description Lambda description string "Lambda function to forward events towards Observe" no
iam_name_prefix Prefix used for all created IAM roles and policies string "observe-lambda-" no
kms_key The AWS Key Management Service (AWS KMS) key that's used to encrypt your
function's environment variables at rest. Additionally, the Observe Token
will be encrypted in transit.
object({ arn = string }) null no
kms_key_arn The ARN of the AWS Key Management Service (AWS KMS) key that's used to encrypt your function's environment variables.
If it's not provided, AWS Lambda uses a default service key. Deprecated, please use kms_key instead"
string "" no
lambda_envvars Environment variables map(any) {} no
lambda_iam_role_arn ARN of IAM role to use for Lambda string "" no
lambda_s3_custom_rules List of rules to evaluate how to upload a given S3 object to Observe
list(object({
pattern = string
headers = map(string)
}))
[] no
lambda_version Version of lambda binary to use string "arm64/latest" no
memory_size The amount of memory that your function has access to. Increasing the function's memory also increases its CPU allocation.
The value must be a multiple of 64 MB. The maximum is 10,240 MB.
number 2048 no
name Name of Lambda resource string n/a yes
observe_collection_endpoint Observe Collection Endpoint, e.g https://123456789012.collect.observeinc.com string null no
observe_customer Observe Customer ID. Deprecated, please use observe_collection_endpoint instead string null no
observe_domain Observe domain. Deprecated, please use observe_collection_endpoint instead string "observeinc.com" no
observe_token Observe Token string n/a yes
reserved_concurrent_executions The number of simultaneous executions to reserve for the function. number 100 no
retention_in_days Retention in days of cloudwatch log group number 14 no
s3_bucket S3 Bucket hosting lambda binary. If provided, overrides regional bucket map string "" no
s3_key S3 object key for lambda binary. If provided, overrides s3_key_prefix string "" no
s3_key_prefix S3 key containing lambda binaries string "lambda/observer" no
s3_object_version S3 object version for lambda binary string "" no
s3_regional_buckets Map of AWS regions to lambda hosting S3 buckets map(any) {} no
tags A map of tags to add to all resources map(string) {} no
timeout The amount of time that Lambda allows a function to run before stopping it.
The maximum allowed value is 900 seconds.
number 120 no
vpc_config VPC Config
object({
security_groups = list(object({
id = string
}))
subnets = list(object({
arn = string
id = string
}))
})
null no

Outputs

Name Description
lambda_function Observe Lambda function
log_group_name The name of the CloudWatch log group where logs for the Lambda will be written.

License

Apache 2 Licensed. See LICENSE for full details.