From a5cd8ffc9e175c14374ede14fdbd6fa396840bc9 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Fri, 3 Nov 2023 13:06:53 +0100 Subject: [PATCH] Removed unnecessary examples/s3-custom-kms-key --- .pre-commit-config.yaml | 4 +- README.md | 1 - examples/s3-custom-kms-key/.gitignore | 1 - examples/s3-custom-kms-key/README.md | 69 --------- examples/s3-custom-kms-key/main.tf | 57 ------- examples/s3-custom-kms-key/outputs.tf | 73 --------- examples/s3-custom-kms-key/variables.tf | 0 examples/s3-custom-kms-key/versions.tf | 14 -- wrappers/alias/main.tf | 20 +-- wrappers/deploy/main.tf | 54 +++---- wrappers/docker-build/main.tf | 14 +- wrappers/main.tf | 188 ++++++++++++------------ 12 files changed, 140 insertions(+), 355 deletions(-) delete mode 100644 examples/s3-custom-kms-key/.gitignore delete mode 100644 examples/s3-custom-kms-key/README.md delete mode 100644 examples/s3-custom-kms-key/main.tf delete mode 100644 examples/s3-custom-kms-key/outputs.tf delete mode 100644 examples/s3-custom-kms-key/variables.tf delete mode 100644 examples/s3-custom-kms-key/versions.tf diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e79e67b2..e809a4e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 + rev: v1.83.5 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index f5ea3dee..6f6f7a19 100644 --- a/README.md +++ b/README.md @@ -651,7 +651,6 @@ Q4: What does this error mean - `"We currently do not support adding policies fo - [Event Source Mapping](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/event-source-mapping) - Create Lambda Function with event source mapping configuration (SQS, DynamoDB, Amazon MQ, and Kinesis). - [Triggers](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/triggers) - Create Lambda Function with some triggers (eg, Cloudwatch Events, EventBridge). - [Code Signing](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/code-signing) - Create Lambda Function with code signing configuration. -- [S3 Custom KMS Key](https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/s3-custom-kms-key) - Upload Lambda package to S3 using a custom KMS key # Examples by the users of this module diff --git a/examples/s3-custom-kms-key/.gitignore b/examples/s3-custom-kms-key/.gitignore deleted file mode 100644 index b205ba3d..00000000 --- a/examples/s3-custom-kms-key/.gitignore +++ /dev/null @@ -1 +0,0 @@ -builds/* diff --git a/examples/s3-custom-kms-key/README.md b/examples/s3-custom-kms-key/README.md deleted file mode 100644 index af03d947..00000000 --- a/examples/s3-custom-kms-key/README.md +++ /dev/null @@ -1,69 +0,0 @@ -# AWS Lambda Function with custom KMS key encryption in S3 - -Configuration in this directory creates AWS Lambda Function that is uploaded to S3 using a self-managed KMS key. - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources. - - -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0 | -| [aws](#requirement\_aws) | >= 4.63 | -| [random](#requirement\_random) | >= 2.0 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | >= 4.63 | -| [random](#provider\_random) | >= 2.0 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [lambda\_function](#module\_lambda\_function) | ../../ | n/a | -| [s3\_bucket](#module\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | ~> 3.0 | - -## Resources - -| Name | Type | -|------|------| -| [aws_kms_key.objects](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [random_pet.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/pet) | resource | - -## Inputs - -No inputs. - -## Outputs - -| Name | Description | -|------|-------------| -| [lambda\_cloudwatch\_log\_group\_arn](#output\_lambda\_cloudwatch\_log\_group\_arn) | The ARN of the Cloudwatch Log Group | -| [lambda\_function\_arn](#output\_lambda\_function\_arn) | The ARN of the Lambda Function | -| [lambda\_function\_arn\_static](#output\_lambda\_function\_arn\_static) | The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions) | -| [lambda\_function\_invoke\_arn](#output\_lambda\_function\_invoke\_arn) | The Invoke ARN of the Lambda Function | -| [lambda\_function\_last\_modified](#output\_lambda\_function\_last\_modified) | The date Lambda Function resource was last modified | -| [lambda\_function\_name](#output\_lambda\_function\_name) | The name of the Lambda Function | -| [lambda\_function\_qualified\_arn](#output\_lambda\_function\_qualified\_arn) | The ARN identifying your Lambda Function Version | -| [lambda\_function\_qualified\_invoke\_arn](#output\_lambda\_function\_qualified\_invoke\_arn) | The Invoke ARN identifying your Lambda Function Version | -| [lambda\_function\_source\_code\_hash](#output\_lambda\_function\_source\_code\_hash) | Base64-encoded representation of raw SHA-256 sum of the zip file | -| [lambda\_function\_source\_code\_size](#output\_lambda\_function\_source\_code\_size) | The size in bytes of the function .zip file | -| [lambda\_function\_version](#output\_lambda\_function\_version) | Latest published version of Lambda Function | -| [lambda\_role\_arn](#output\_lambda\_role\_arn) | The ARN of the IAM role created for the Lambda Function | -| [lambda\_role\_name](#output\_lambda\_role\_name) | The name of the IAM role created for the Lambda Function | -| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) | - diff --git a/examples/s3-custom-kms-key/main.tf b/examples/s3-custom-kms-key/main.tf deleted file mode 100644 index 081b3635..00000000 --- a/examples/s3-custom-kms-key/main.tf +++ /dev/null @@ -1,57 +0,0 @@ -provider "aws" { - region = "eu-west-1" - - # Make it faster by skipping something - skip_metadata_api_check = true - skip_region_validation = true - skip_credentials_validation = true - skip_requesting_account_id = true -} - -module "lambda_function" { - source = "../../" - - function_name = "${random_pet.this.id}-lambda-s3-custom-kms-key" - handler = "index.lambda_handler" - runtime = "python3.8" - source_path = "${path.module}/../fixtures/python3.8-app1" - - store_on_s3 = true - s3_bucket = module.s3_bucket.s3_bucket_id - s3_prefix = "lambda-builds/" - - # Upload to S3 using our self-managed KMS key - s3_kms_key_id = aws_kms_key.objects.arn -} - -resource "random_pet" "this" { - length = 2 -} - -resource "aws_kms_key" "objects" { - description = "KMS key used to encrypt bucket objects" - deletion_window_in_days = 7 -} - -module "s3_bucket" { - source = "terraform-aws-modules/s3-bucket/aws" - version = "~> 3.0" - - bucket_prefix = "${random_pet.this.id}-" - force_destroy = true - - # S3 bucket-level Public Access Block configuration - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true - - # Only allow uploads with specific KMS key - attach_deny_incorrect_kms_key_sse = true - allowed_kms_key_arn = aws_kms_key.objects.arn - attach_deny_unencrypted_object_uploads = true - - versioning = { - enabled = true - } -} diff --git a/examples/s3-custom-kms-key/outputs.tf b/examples/s3-custom-kms-key/outputs.tf deleted file mode 100644 index aa2457d1..00000000 --- a/examples/s3-custom-kms-key/outputs.tf +++ /dev/null @@ -1,73 +0,0 @@ -# Lambda Function -output "lambda_function_arn" { - description = "The ARN of the Lambda Function" - value = module.lambda_function.lambda_function_arn -} - -output "lambda_function_arn_static" { - description = "The static ARN of the Lambda Function. Use this to avoid cycle errors between resources (e.g., Step Functions)" - value = module.lambda_function.lambda_function_arn_static -} - -output "lambda_function_invoke_arn" { - description = "The Invoke ARN of the Lambda Function" - value = module.lambda_function.lambda_function_invoke_arn -} - -output "lambda_function_name" { - description = "The name of the Lambda Function" - value = module.lambda_function.lambda_function_name -} - -output "lambda_function_qualified_arn" { - description = "The ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_arn -} - -output "lambda_function_qualified_invoke_arn" { - description = "The Invoke ARN identifying your Lambda Function Version" - value = module.lambda_function.lambda_function_qualified_invoke_arn -} - -output "lambda_function_version" { - description = "Latest published version of Lambda Function" - value = module.lambda_function.lambda_function_version -} - -output "lambda_function_last_modified" { - description = "The date Lambda Function resource was last modified" - value = module.lambda_function.lambda_function_last_modified -} - -output "lambda_function_source_code_hash" { - description = "Base64-encoded representation of raw SHA-256 sum of the zip file" - value = module.lambda_function.lambda_function_source_code_hash -} - -output "lambda_function_source_code_size" { - description = "The size in bytes of the function .zip file" - value = module.lambda_function.lambda_function_source_code_size -} - -# IAM Role -output "lambda_role_arn" { - description = "The ARN of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_arn -} - -output "lambda_role_name" { - description = "The name of the IAM role created for the Lambda Function" - value = module.lambda_function.lambda_role_name -} - -# CloudWatch Log Group -output "lambda_cloudwatch_log_group_arn" { - description = "The ARN of the Cloudwatch Log Group" - value = module.lambda_function.lambda_cloudwatch_log_group_arn -} - -# Deployment package -output "s3_object" { - description = "The map with S3 object data of zip archive deployed (if deployment was from S3)" - value = module.lambda_function.s3_object -} diff --git a/examples/s3-custom-kms-key/variables.tf b/examples/s3-custom-kms-key/variables.tf deleted file mode 100644 index e69de29b..00000000 diff --git a/examples/s3-custom-kms-key/versions.tf b/examples/s3-custom-kms-key/versions.tf deleted file mode 100644 index 5afa48b5..00000000 --- a/examples/s3-custom-kms-key/versions.tf +++ /dev/null @@ -1,14 +0,0 @@ -terraform { - required_version = ">= 1.0" - - required_providers { - aws = { - source = "hashicorp/aws" - version = ">= 4.63" - } - random = { - source = "hashicorp/random" - version = ">= 2.0" - } - } -} diff --git a/wrappers/alias/main.tf b/wrappers/alias/main.tf index 81d3aad9..7729dd06 100644 --- a/wrappers/alias/main.tf +++ b/wrappers/alias/main.tf @@ -3,23 +3,23 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) create = try(each.value.create, var.defaults.create, true) - use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) - refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) + create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) create_qualified_alias_async_event_config = try(each.value.create_qualified_alias_async_event_config, var.defaults.create_qualified_alias_async_event_config, true) create_version_allowed_triggers = try(each.value.create_version_allowed_triggers, var.defaults.create_version_allowed_triggers, true) - create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) - name = try(each.value.name, var.defaults.name, "") + create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) function_name = try(each.value.function_name, var.defaults.function_name, "") function_version = try(each.value.function_version, var.defaults.function_version, "") - routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + name = try(each.value.name, var.defaults.name, "") + refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) + routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) + use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) } diff --git a/wrappers/deploy/main.tf b/wrappers/deploy/main.tf index e09fa0f1..47cc3d8b 100644 --- a/wrappers/deploy/main.tf +++ b/wrappers/deploy/main.tf @@ -3,39 +3,39 @@ module "wrapper" { for_each = var.items - create = try(each.value.create, var.defaults.create, true) - tags = try(each.value.tags, var.defaults.tags, {}) - alias_name = try(each.value.alias_name, var.defaults.alias_name, "") - function_name = try(each.value.function_name, var.defaults.function_name, "") - current_version = try(each.value.current_version, var.defaults.current_version, "") - target_version = try(each.value.target_version, var.defaults.target_version, "") - before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, "") - interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) - description = try(each.value.description, var.defaults.description, "") - create_app = try(each.value.create_app, var.defaults.create_app, false) - use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) + alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) + alarms = try(each.value.alarms, var.defaults.alarms, []) + alias_name = try(each.value.alias_name, var.defaults.alias_name, "") app_name = try(each.value.app_name, var.defaults.app_name, "") - create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) - use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) - deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") - deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) + attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) auto_rollback_enabled = try(each.value.auto_rollback_enabled, var.defaults.auto_rollback_enabled, true) auto_rollback_events = try(each.value.auto_rollback_events, var.defaults.auto_rollback_events, ["DEPLOYMENT_STOP_ON_ALARM"]) - alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) - alarms = try(each.value.alarms, var.defaults.alarms, []) - alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) - triggers = try(each.value.triggers, var.defaults.triggers, {}) aws_cli_command = try(each.value.aws_cli_command, var.defaults.aws_cli_command, "aws") - save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") + codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) + codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") + create = try(each.value.create, var.defaults.create, true) + create_app = try(each.value.create_app, var.defaults.create_app, false) + create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) create_deployment = try(each.value.create_deployment, var.defaults.create_deployment, false) - run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) + current_version = try(each.value.current_version, var.defaults.current_version, "") + deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") + description = try(each.value.description, var.defaults.description, "") force_deploy = try(each.value.force_deploy, var.defaults.force_deploy, false) - wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) - create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) - codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") - codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) - attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) - attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) + function_name = try(each.value.function_name, var.defaults.function_name, "") get_deployment_sleep_timer = try(each.value.get_deployment_sleep_timer, var.defaults.get_deployment_sleep_timer, 5) + interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) + run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + tags = try(each.value.tags, var.defaults.tags, {}) + target_version = try(each.value.target_version, var.defaults.target_version, "") + triggers = try(each.value.triggers, var.defaults.triggers, {}) + use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) + wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) } diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index c53be636..81afa562 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -3,19 +3,19 @@ module "wrapper" { for_each = var.items + build_args = try(each.value.build_args, var.defaults.build_args, {}) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) + docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") ecr_address = try(each.value.ecr_address, var.defaults.ecr_address, null) + ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) ecr_repo = try(each.value.ecr_repo, var.defaults.ecr_repo, null) + ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) + ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) image_tag = try(each.value.image_tag, var.defaults.image_tag, null) - source_path = try(each.value.source_path, var.defaults.source_path, null) - docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") image_tag_mutability = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE") - scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) - ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) - ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) - build_args = try(each.value.build_args, var.defaults.build_args, {}) - ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) keep_remotely = try(each.value.keep_remotely, var.defaults.keep_remotely, false) platform = try(each.value.platform, var.defaults.platform, null) + scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) + source_path = try(each.value.source_path, var.defaults.source_path, null) } diff --git a/wrappers/main.tf b/wrappers/main.tf index c1b4f2dc..d842223d 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -3,123 +3,123 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) + architectures = try(each.value.architectures, var.defaults.architectures, null) + artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") + assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) + attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) + attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) + attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) + attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) + attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) + attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) + attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) + attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) + attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) + attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) + authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") + build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) + cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) + code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) + compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) + compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) + cors = try(each.value.cors, var.defaults.cors, {}) create = try(each.value.create, var.defaults.create, true) - create_package = try(each.value.create_package, var.defaults.create_package, true) + create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) + create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) + create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) create_function = try(each.value.create_function, var.defaults.create_function, true) + create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_layer = try(each.value.create_layer, var.defaults.create_layer, false) + create_package = try(each.value.create_package, var.defaults.create_package, true) create_role = try(each.value.create_role, var.defaults.create_role, true) - create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) - putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) - lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) - lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) - function_name = try(each.value.function_name, var.defaults.function_name, "") - handler = try(each.value.handler, var.defaults.handler, "") - runtime = try(each.value.runtime, var.defaults.runtime, "") - lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") - description = try(each.value.description, var.defaults.description, "") - code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) - layers = try(each.value.layers, var.defaults.layers, null) - architectures = try(each.value.architectures, var.defaults.architectures, null) - kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) - memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) - ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) - publish = try(each.value.publish, var.defaults.publish, false) - reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) - timeout = try(each.value.timeout, var.defaults.timeout, 3) + create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) + create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) dead_letter_target_arn = try(each.value.dead_letter_target_arn, var.defaults.dead_letter_target_arn, null) + description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) + docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") + docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) + docker_file = try(each.value.docker_file, var.defaults.docker_file, "") + docker_image = try(each.value.docker_image, var.defaults.docker_image, "") + docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) + docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) environment_variables = try(each.value.environment_variables, var.defaults.environment_variables, {}) - tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) - vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) - vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) - tags = try(each.value.tags, var.defaults.tags, {}) + ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) + file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) + function_name = try(each.value.function_name, var.defaults.function_name, "") function_tags = try(each.value.function_tags, var.defaults.function_tags, {}) - s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) - s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) - package_type = try(each.value.package_type, var.defaults.package_type, "Zip") - image_uri = try(each.value.image_uri, var.defaults.image_uri, null) - image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) + handler = try(each.value.handler, var.defaults.handler, "") + hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") + ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) image_config_command = try(each.value.image_config_command, var.defaults.image_config_command, []) + image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) - snap_start = try(each.value.snap_start, var.defaults.snap_start, false) - replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) - replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) - timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) - create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) - authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") - cors = try(each.value.cors, var.defaults.cors, {}) + image_uri = try(each.value.image_uri, var.defaults.image_uri, null) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) + lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) + lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) + lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") layer_name = try(each.value.layer_name, var.defaults.layer_name, "") layer_skip_destroy = try(each.value.layer_skip_destroy, var.defaults.layer_skip_destroy, false) + layers = try(each.value.layers, var.defaults.layers, null) license_info = try(each.value.license_info, var.defaults.license_info, "") - compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) - compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) - create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) - create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) + number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) + number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) + package_type = try(each.value.package_type, var.defaults.package_type, "Zip") + policies = try(each.value.policies, var.defaults.policies, []) + policy = try(each.value.policy, var.defaults.policy, null) + policy_json = try(each.value.policy_json, var.defaults.policy_json, null) + policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) + policy_name = try(each.value.policy_name, var.defaults.policy_name, null) + policy_path = try(each.value.policy_path, var.defaults.policy_path, null) + policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) - create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) - create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) - use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) - cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) - cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) - cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) - role_name = try(each.value.role_name, var.defaults.role_name, null) + publish = try(each.value.publish, var.defaults.publish, false) + putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) + replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) + reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) role_description = try(each.value.role_description, var.defaults.role_description, null) - role_path = try(each.value.role_path, var.defaults.role_path, null) role_force_detach_policies = try(each.value.role_force_detach_policies, var.defaults.role_force_detach_policies, true) + role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_path = try(each.value.role_path, var.defaults.role_path, null) role_permissions_boundary = try(each.value.role_permissions_boundary, var.defaults.role_permissions_boundary, null) role_tags = try(each.value.role_tags, var.defaults.role_tags, {}) - role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) - policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) - attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) - attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) - attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) - attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) - attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) - attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) - attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) - attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) - number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) - number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) - attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) - trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) - assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) - policy_json = try(each.value.policy_json, var.defaults.policy_json, null) - policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) - policy = try(each.value.policy, var.defaults.policy, null) - policies = try(each.value.policies, var.defaults.policies, []) - policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) - file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) - file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) - artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") - s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) - ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) - local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) + runtime = try(each.value.runtime, var.defaults.runtime, "") + s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) s3_existing_package = try(each.value.s3_existing_package, var.defaults.s3_existing_package, null) - store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) s3_object_storage_class = try(each.value.s3_object_storage_class, var.defaults.s3_object_storage_class, "ONEZONE_IA") - s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) - s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) + s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) + s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) - s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) + snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) - hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") - build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) - docker_file = try(each.value.docker_file, var.defaults.docker_file, "") - docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") - docker_image = try(each.value.docker_image, var.defaults.docker_image, "") - docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) - docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) - docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) - docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) - recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + tags = try(each.value.tags, var.defaults.tags, {}) + timeout = try(each.value.timeout, var.defaults.timeout, 3) + timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) + tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) + trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) + use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) + vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) + vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) }