From eb339d658c232d0afa0a7f4f7902becab2a2a2e9 Mon Sep 17 00:00:00 2001 From: Joscha Nassenstein <44116079+joschna@users.noreply.github.com> Date: Fri, 3 Nov 2023 13:26:59 +0100 Subject: [PATCH] feat: Allow to specify custom KMS key for S3 object (#505) Co-authored-by: Anton Babenko --- .pre-commit-config.yaml | 4 +- README.md | 11 +- main.tf | 1 + variables.tf | 6 ++ wrappers/alias/main.tf | 20 ++-- wrappers/deploy/main.tf | 54 +++++----- wrappers/docker-build/main.tf | 14 +-- wrappers/main.tf | 187 +++++++++++++++++----------------- 8 files changed, 153 insertions(+), 144 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index e79e67b2..e809a4e4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.81.0 + rev: v1.83.5 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each @@ -24,7 +24,7 @@ repos: - '--args=--only=terraform_standard_module_structure' - '--args=--only=terraform_workspace_remote' - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: end-of-file-fixer diff --git a/README.md b/README.md index 7ff45dff..6f6f7a19 100644 --- a/README.md +++ b/README.md @@ -558,31 +558,31 @@ module "lambda_function_existing_package_from_remote_url" { ``` ## How to use AWS SAM CLI to test Lambda Function? -[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless +[AWS SAM CLI](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-command-reference.html) is an open source tool that help the developers to initiate, build, test, and deploy serverless applications. SAM CLI tool [supports Terraform applications](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-terraform-support.html). SAM CLI provides two ways of testing: local testing and testing on-cloud (Accelerate). ### Local Testing Using SAM CLI, you can invoke the lambda functions defined in the terraform application locally using the [sam local invoke](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-local-invoke.html) -command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. +command, providing the function terraform address, or function name, and to set the `hook-name` to `terraform` to tell SAM CLI that the underlying project is a terraform application. You can execute the `sam local invoke` command from your terraform application root directory as following: ``` -sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] +sam local invoke --hook-name terraform module.hello_world_function.aws_lambda_function.this[0] ``` You can also pass an event to your lambda function, or overwrite its environment variables. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-invoke.html) for more information. You can also invoke your lambda function in debugging mode, and step-through your lambda function source code locally in your preferred editor. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/serverless-sam-cli-using-debugging.html) for more information. ### Testing on-cloud (Accelerate) -You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, +You can use AWS SAM CLI to quickly test your application on your AWS development account. Using SAM Accelerate, you will be able to develop your lambda functions locally, and once you save your updates, SAM CLI will update your development account with the updated Lambda functions. So, you can test it on cloud, and if there is any bug, you can quickly update the code, and SAM CLI will take care of pushing it to the cloud. Check [here](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/accelerate.html) for more information about SAM Accelerate. You can execute the `sam sync` command from your terraform application root directory as following: ``` -sam sync --hook-name terraform --watch +sam sync --hook-name terraform --watch ``` ## How to deploy and manage Lambda Functions? @@ -838,6 +838,7 @@ No modules. | [s3\_acl](#input\_s3\_acl) | The canned ACL to apply. Valid values are private, public-read, public-read-write, aws-exec-read, authenticated-read, bucket-owner-read, and bucket-owner-full-control. Defaults to private. | `string` | `"private"` | no | | [s3\_bucket](#input\_s3\_bucket) | S3 bucket to store artifacts | `string` | `null` | no | | [s3\_existing\_package](#input\_s3\_existing\_package) | The S3 bucket object with keys bucket, key, version pointing to an existing zip-file to use | `map(string)` | `null` | no | +| [s3\_kms\_key\_id](#input\_s3\_kms\_key\_id) | Specifies a custom KMS key to use for S3 object encryption. | `string` | `null` | no | | [s3\_object\_storage\_class](#input\_s3\_object\_storage\_class) | Specifies the desired Storage Class for the artifact uploaded to S3. Can be either STANDARD, REDUCED\_REDUNDANCY, ONEZONE\_IA, INTELLIGENT\_TIERING, or STANDARD\_IA. | `string` | `"ONEZONE_IA"` | no | | [s3\_object\_tags](#input\_s3\_object\_tags) | A map of tags to assign to S3 bucket object. | `map(string)` | `{}` | no | | [s3\_object\_tags\_only](#input\_s3\_object\_tags\_only) | Set to true to not merge tags with s3\_object\_tags. Useful to avoid breaching S3 Object 10 tag limit. | `bool` | `false` | no | diff --git a/main.tf b/main.tf index a7bbf09b..76ce118d 100644 --- a/main.tf +++ b/main.tf @@ -175,6 +175,7 @@ resource "aws_s3_object" "lambda_package" { storage_class = var.s3_object_storage_class server_side_encryption = var.s3_server_side_encryption + kms_key_id = var.s3_kms_key_id tags = var.s3_object_tags_only ? var.s3_object_tags : merge(var.tags, var.s3_object_tags) diff --git a/variables.tf b/variables.tf index b085b895..b1713c82 100644 --- a/variables.tf +++ b/variables.tf @@ -684,6 +684,12 @@ variable "s3_server_side_encryption" { default = null } +variable "s3_kms_key_id" { + description = "Specifies a custom KMS key to use for S3 object encryption." + type = string + default = null +} + variable "source_path" { description = "The absolute path to a local file or directory containing your Lambda source code" type = any # string | list(string | map(any)) diff --git a/wrappers/alias/main.tf b/wrappers/alias/main.tf index 81d3aad9..7729dd06 100644 --- a/wrappers/alias/main.tf +++ b/wrappers/alias/main.tf @@ -3,23 +3,23 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) create = try(each.value.create, var.defaults.create, true) - use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) - refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) + create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) create_qualified_alias_async_event_config = try(each.value.create_qualified_alias_async_event_config, var.defaults.create_qualified_alias_async_event_config, true) create_version_allowed_triggers = try(each.value.create_version_allowed_triggers, var.defaults.create_version_allowed_triggers, true) - create_qualified_alias_allowed_triggers = try(each.value.create_qualified_alias_allowed_triggers, var.defaults.create_qualified_alias_allowed_triggers, true) - name = try(each.value.name, var.defaults.name, "") + create_version_async_event_config = try(each.value.create_version_async_event_config, var.defaults.create_version_async_event_config, true) description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) function_name = try(each.value.function_name, var.defaults.function_name, "") function_version = try(each.value.function_version, var.defaults.function_version, "") - routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + name = try(each.value.name, var.defaults.name, "") + refresh_alias = try(each.value.refresh_alias, var.defaults.refresh_alias, true) + routing_additional_version_weights = try(each.value.routing_additional_version_weights, var.defaults.routing_additional_version_weights, {}) + use_existing_alias = try(each.value.use_existing_alias, var.defaults.use_existing_alias, false) } diff --git a/wrappers/deploy/main.tf b/wrappers/deploy/main.tf index e09fa0f1..47cc3d8b 100644 --- a/wrappers/deploy/main.tf +++ b/wrappers/deploy/main.tf @@ -3,39 +3,39 @@ module "wrapper" { for_each = var.items - create = try(each.value.create, var.defaults.create, true) - tags = try(each.value.tags, var.defaults.tags, {}) - alias_name = try(each.value.alias_name, var.defaults.alias_name, "") - function_name = try(each.value.function_name, var.defaults.function_name, "") - current_version = try(each.value.current_version, var.defaults.current_version, "") - target_version = try(each.value.target_version, var.defaults.target_version, "") - before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") after_allow_traffic_hook_arn = try(each.value.after_allow_traffic_hook_arn, var.defaults.after_allow_traffic_hook_arn, "") - interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) - description = try(each.value.description, var.defaults.description, "") - create_app = try(each.value.create_app, var.defaults.create_app, false) - use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) + alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) + alarms = try(each.value.alarms, var.defaults.alarms, []) + alias_name = try(each.value.alias_name, var.defaults.alias_name, "") app_name = try(each.value.app_name, var.defaults.app_name, "") - create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) - use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) - deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") - deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) + attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) auto_rollback_enabled = try(each.value.auto_rollback_enabled, var.defaults.auto_rollback_enabled, true) auto_rollback_events = try(each.value.auto_rollback_events, var.defaults.auto_rollback_events, ["DEPLOYMENT_STOP_ON_ALARM"]) - alarm_enabled = try(each.value.alarm_enabled, var.defaults.alarm_enabled, false) - alarms = try(each.value.alarms, var.defaults.alarms, []) - alarm_ignore_poll_alarm_failure = try(each.value.alarm_ignore_poll_alarm_failure, var.defaults.alarm_ignore_poll_alarm_failure, false) - triggers = try(each.value.triggers, var.defaults.triggers, {}) aws_cli_command = try(each.value.aws_cli_command, var.defaults.aws_cli_command, "aws") - save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + before_allow_traffic_hook_arn = try(each.value.before_allow_traffic_hook_arn, var.defaults.before_allow_traffic_hook_arn, "") + codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) + codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") + create = try(each.value.create, var.defaults.create, true) + create_app = try(each.value.create_app, var.defaults.create_app, false) + create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) create_deployment = try(each.value.create_deployment, var.defaults.create_deployment, false) - run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + create_deployment_group = try(each.value.create_deployment_group, var.defaults.create_deployment_group, false) + current_version = try(each.value.current_version, var.defaults.current_version, "") + deployment_config_name = try(each.value.deployment_config_name, var.defaults.deployment_config_name, "CodeDeployDefault.LambdaAllAtOnce") + deployment_group_name = try(each.value.deployment_group_name, var.defaults.deployment_group_name, "") + description = try(each.value.description, var.defaults.description, "") force_deploy = try(each.value.force_deploy, var.defaults.force_deploy, false) - wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) - create_codedeploy_role = try(each.value.create_codedeploy_role, var.defaults.create_codedeploy_role, true) - codedeploy_role_name = try(each.value.codedeploy_role_name, var.defaults.codedeploy_role_name, "") - codedeploy_principals = try(each.value.codedeploy_principals, var.defaults.codedeploy_principals, ["codedeploy.amazonaws.com"]) - attach_hooks_policy = try(each.value.attach_hooks_policy, var.defaults.attach_hooks_policy, true) - attach_triggers_policy = try(each.value.attach_triggers_policy, var.defaults.attach_triggers_policy, false) + function_name = try(each.value.function_name, var.defaults.function_name, "") get_deployment_sleep_timer = try(each.value.get_deployment_sleep_timer, var.defaults.get_deployment_sleep_timer, 5) + interpreter = try(each.value.interpreter, var.defaults.interpreter, ["/bin/bash", "-c"]) + run_deployment = try(each.value.run_deployment, var.defaults.run_deployment, false) + save_deploy_script = try(each.value.save_deploy_script, var.defaults.save_deploy_script, false) + tags = try(each.value.tags, var.defaults.tags, {}) + target_version = try(each.value.target_version, var.defaults.target_version, "") + triggers = try(each.value.triggers, var.defaults.triggers, {}) + use_existing_app = try(each.value.use_existing_app, var.defaults.use_existing_app, false) + use_existing_deployment_group = try(each.value.use_existing_deployment_group, var.defaults.use_existing_deployment_group, false) + wait_deployment_completion = try(each.value.wait_deployment_completion, var.defaults.wait_deployment_completion, false) } diff --git a/wrappers/docker-build/main.tf b/wrappers/docker-build/main.tf index c53be636..81afa562 100644 --- a/wrappers/docker-build/main.tf +++ b/wrappers/docker-build/main.tf @@ -3,19 +3,19 @@ module "wrapper" { for_each = var.items + build_args = try(each.value.build_args, var.defaults.build_args, {}) create_ecr_repo = try(each.value.create_ecr_repo, var.defaults.create_ecr_repo, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) + docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") ecr_address = try(each.value.ecr_address, var.defaults.ecr_address, null) + ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) ecr_repo = try(each.value.ecr_repo, var.defaults.ecr_repo, null) + ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) + ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) image_tag = try(each.value.image_tag, var.defaults.image_tag, null) - source_path = try(each.value.source_path, var.defaults.source_path, null) - docker_file_path = try(each.value.docker_file_path, var.defaults.docker_file_path, "Dockerfile") image_tag_mutability = try(each.value.image_tag_mutability, var.defaults.image_tag_mutability, "MUTABLE") - scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) - ecr_force_delete = try(each.value.ecr_force_delete, var.defaults.ecr_force_delete, true) - ecr_repo_tags = try(each.value.ecr_repo_tags, var.defaults.ecr_repo_tags, {}) - build_args = try(each.value.build_args, var.defaults.build_args, {}) - ecr_repo_lifecycle_policy = try(each.value.ecr_repo_lifecycle_policy, var.defaults.ecr_repo_lifecycle_policy, null) keep_remotely = try(each.value.keep_remotely, var.defaults.keep_remotely, false) platform = try(each.value.platform, var.defaults.platform, null) + scan_on_push = try(each.value.scan_on_push, var.defaults.scan_on_push, false) + source_path = try(each.value.source_path, var.defaults.source_path, null) } diff --git a/wrappers/main.tf b/wrappers/main.tf index 4a101cd2..d842223d 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -3,122 +3,123 @@ module "wrapper" { for_each = var.items + allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) + architectures = try(each.value.architectures, var.defaults.architectures, null) + artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") + assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) + attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) + attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) + attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) + attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) + attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) + attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) + attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) + attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) + attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) + attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) + authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") + build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) + cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) + cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) + cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) + code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) + compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) + compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) + cors = try(each.value.cors, var.defaults.cors, {}) create = try(each.value.create, var.defaults.create, true) - create_package = try(each.value.create_package, var.defaults.create_package, true) + create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) + create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) + create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) create_function = try(each.value.create_function, var.defaults.create_function, true) + create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_layer = try(each.value.create_layer, var.defaults.create_layer, false) + create_package = try(each.value.create_package, var.defaults.create_package, true) create_role = try(each.value.create_role, var.defaults.create_role, true) - create_lambda_function_url = try(each.value.create_lambda_function_url, var.defaults.create_lambda_function_url, false) create_sam_metadata = try(each.value.create_sam_metadata, var.defaults.create_sam_metadata, false) - putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) - lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) - lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) - function_name = try(each.value.function_name, var.defaults.function_name, "") - handler = try(each.value.handler, var.defaults.handler, "") - runtime = try(each.value.runtime, var.defaults.runtime, "") - lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") - description = try(each.value.description, var.defaults.description, "") - code_signing_config_arn = try(each.value.code_signing_config_arn, var.defaults.code_signing_config_arn, null) - layers = try(each.value.layers, var.defaults.layers, null) - architectures = try(each.value.architectures, var.defaults.architectures, null) - kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) - memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) - ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) - publish = try(each.value.publish, var.defaults.publish, false) - reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) - timeout = try(each.value.timeout, var.defaults.timeout, 3) + create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) + create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) dead_letter_target_arn = try(each.value.dead_letter_target_arn, var.defaults.dead_letter_target_arn, null) + description = try(each.value.description, var.defaults.description, "") + destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) + destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) + docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") + docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) + docker_file = try(each.value.docker_file, var.defaults.docker_file, "") + docker_image = try(each.value.docker_image, var.defaults.docker_image, "") + docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) + docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) environment_variables = try(each.value.environment_variables, var.defaults.environment_variables, {}) - tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) - vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) - vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) - tags = try(each.value.tags, var.defaults.tags, {}) + ephemeral_storage_size = try(each.value.ephemeral_storage_size, var.defaults.ephemeral_storage_size, 512) + event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) + file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) + file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) + function_name = try(each.value.function_name, var.defaults.function_name, "") function_tags = try(each.value.function_tags, var.defaults.function_tags, {}) - s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) - s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) - package_type = try(each.value.package_type, var.defaults.package_type, "Zip") - image_uri = try(each.value.image_uri, var.defaults.image_uri, null) - image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) + handler = try(each.value.handler, var.defaults.handler, "") + hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") + ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) image_config_command = try(each.value.image_config_command, var.defaults.image_config_command, []) + image_config_entry_point = try(each.value.image_config_entry_point, var.defaults.image_config_entry_point, []) image_config_working_directory = try(each.value.image_config_working_directory, var.defaults.image_config_working_directory, null) - snap_start = try(each.value.snap_start, var.defaults.snap_start, false) - replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) - replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) - timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) - create_unqualified_alias_lambda_function_url = try(each.value.create_unqualified_alias_lambda_function_url, var.defaults.create_unqualified_alias_lambda_function_url, true) - authorization_type = try(each.value.authorization_type, var.defaults.authorization_type, "NONE") - cors = try(each.value.cors, var.defaults.cors, {}) + image_uri = try(each.value.image_uri, var.defaults.image_uri, null) invoke_mode = try(each.value.invoke_mode, var.defaults.invoke_mode, null) + kms_key_arn = try(each.value.kms_key_arn, var.defaults.kms_key_arn, null) + lambda_at_edge = try(each.value.lambda_at_edge, var.defaults.lambda_at_edge, false) + lambda_at_edge_logs_all_regions = try(each.value.lambda_at_edge_logs_all_regions, var.defaults.lambda_at_edge_logs_all_regions, true) + lambda_role = try(each.value.lambda_role, var.defaults.lambda_role, "") layer_name = try(each.value.layer_name, var.defaults.layer_name, "") layer_skip_destroy = try(each.value.layer_skip_destroy, var.defaults.layer_skip_destroy, false) + layers = try(each.value.layers, var.defaults.layers, null) license_info = try(each.value.license_info, var.defaults.license_info, "") - compatible_runtimes = try(each.value.compatible_runtimes, var.defaults.compatible_runtimes, []) - compatible_architectures = try(each.value.compatible_architectures, var.defaults.compatible_architectures, null) - create_async_event_config = try(each.value.create_async_event_config, var.defaults.create_async_event_config, false) - create_current_version_async_event_config = try(each.value.create_current_version_async_event_config, var.defaults.create_current_version_async_event_config, true) - create_unqualified_alias_async_event_config = try(each.value.create_unqualified_alias_async_event_config, var.defaults.create_unqualified_alias_async_event_config, true) + local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) maximum_event_age_in_seconds = try(each.value.maximum_event_age_in_seconds, var.defaults.maximum_event_age_in_seconds, null) maximum_retry_attempts = try(each.value.maximum_retry_attempts, var.defaults.maximum_retry_attempts, null) - destination_on_failure = try(each.value.destination_on_failure, var.defaults.destination_on_failure, null) - destination_on_success = try(each.value.destination_on_success, var.defaults.destination_on_success, null) + memory_size = try(each.value.memory_size, var.defaults.memory_size, 128) + number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) + number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) + package_type = try(each.value.package_type, var.defaults.package_type, "Zip") + policies = try(each.value.policies, var.defaults.policies, []) + policy = try(each.value.policy, var.defaults.policy, null) + policy_json = try(each.value.policy_json, var.defaults.policy_json, null) + policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) + policy_name = try(each.value.policy_name, var.defaults.policy_name, null) + policy_path = try(each.value.policy_path, var.defaults.policy_path, null) + policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) provisioned_concurrent_executions = try(each.value.provisioned_concurrent_executions, var.defaults.provisioned_concurrent_executions, -1) - create_current_version_allowed_triggers = try(each.value.create_current_version_allowed_triggers, var.defaults.create_current_version_allowed_triggers, true) - create_unqualified_alias_allowed_triggers = try(each.value.create_unqualified_alias_allowed_triggers, var.defaults.create_unqualified_alias_allowed_triggers, true) - allowed_triggers = try(each.value.allowed_triggers, var.defaults.allowed_triggers, {}) - event_source_mapping = try(each.value.event_source_mapping, var.defaults.event_source_mapping, {}) - use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) - cloudwatch_logs_retention_in_days = try(each.value.cloudwatch_logs_retention_in_days, var.defaults.cloudwatch_logs_retention_in_days, null) - cloudwatch_logs_kms_key_id = try(each.value.cloudwatch_logs_kms_key_id, var.defaults.cloudwatch_logs_kms_key_id, null) - cloudwatch_logs_tags = try(each.value.cloudwatch_logs_tags, var.defaults.cloudwatch_logs_tags, {}) - role_name = try(each.value.role_name, var.defaults.role_name, null) + publish = try(each.value.publish, var.defaults.publish, false) + putin_khuylo = try(each.value.putin_khuylo, var.defaults.putin_khuylo, true) + recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + replace_security_groups_on_destroy = try(each.value.replace_security_groups_on_destroy, var.defaults.replace_security_groups_on_destroy, null) + replacement_security_group_ids = try(each.value.replacement_security_group_ids, var.defaults.replacement_security_group_ids, null) + reserved_concurrent_executions = try(each.value.reserved_concurrent_executions, var.defaults.reserved_concurrent_executions, -1) role_description = try(each.value.role_description, var.defaults.role_description, null) - role_path = try(each.value.role_path, var.defaults.role_path, null) role_force_detach_policies = try(each.value.role_force_detach_policies, var.defaults.role_force_detach_policies, true) + role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) + role_name = try(each.value.role_name, var.defaults.role_name, null) + role_path = try(each.value.role_path, var.defaults.role_path, null) role_permissions_boundary = try(each.value.role_permissions_boundary, var.defaults.role_permissions_boundary, null) role_tags = try(each.value.role_tags, var.defaults.role_tags, {}) - role_maximum_session_duration = try(each.value.role_maximum_session_duration, var.defaults.role_maximum_session_duration, 3600) - policy_name = try(each.value.policy_name, var.defaults.policy_name, null) - attach_cloudwatch_logs_policy = try(each.value.attach_cloudwatch_logs_policy, var.defaults.attach_cloudwatch_logs_policy, true) - attach_dead_letter_policy = try(each.value.attach_dead_letter_policy, var.defaults.attach_dead_letter_policy, false) - attach_network_policy = try(each.value.attach_network_policy, var.defaults.attach_network_policy, false) - attach_tracing_policy = try(each.value.attach_tracing_policy, var.defaults.attach_tracing_policy, false) - attach_async_event_policy = try(each.value.attach_async_event_policy, var.defaults.attach_async_event_policy, false) - attach_policy_json = try(each.value.attach_policy_json, var.defaults.attach_policy_json, false) - attach_policy_jsons = try(each.value.attach_policy_jsons, var.defaults.attach_policy_jsons, false) - attach_policy = try(each.value.attach_policy, var.defaults.attach_policy, false) - attach_policies = try(each.value.attach_policies, var.defaults.attach_policies, false) - policy_path = try(each.value.policy_path, var.defaults.policy_path, null) - number_of_policy_jsons = try(each.value.number_of_policy_jsons, var.defaults.number_of_policy_jsons, 0) - number_of_policies = try(each.value.number_of_policies, var.defaults.number_of_policies, 0) - attach_policy_statements = try(each.value.attach_policy_statements, var.defaults.attach_policy_statements, false) - trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) - assume_role_policy_statements = try(each.value.assume_role_policy_statements, var.defaults.assume_role_policy_statements, {}) - policy_json = try(each.value.policy_json, var.defaults.policy_json, null) - policy_jsons = try(each.value.policy_jsons, var.defaults.policy_jsons, []) - policy = try(each.value.policy, var.defaults.policy, null) - policies = try(each.value.policies, var.defaults.policies, []) - policy_statements = try(each.value.policy_statements, var.defaults.policy_statements, {}) - file_system_arn = try(each.value.file_system_arn, var.defaults.file_system_arn, null) - file_system_local_mount_path = try(each.value.file_system_local_mount_path, var.defaults.file_system_local_mount_path, null) - artifacts_dir = try(each.value.artifacts_dir, var.defaults.artifacts_dir, "builds") - s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) - ignore_source_code_hash = try(each.value.ignore_source_code_hash, var.defaults.ignore_source_code_hash, false) - local_existing_package = try(each.value.local_existing_package, var.defaults.local_existing_package, null) + runtime = try(each.value.runtime, var.defaults.runtime, "") + s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) s3_existing_package = try(each.value.s3_existing_package, var.defaults.s3_existing_package, null) - store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + s3_kms_key_id = try(each.value.s3_kms_key_id, var.defaults.s3_kms_key_id, null) s3_object_storage_class = try(each.value.s3_object_storage_class, var.defaults.s3_object_storage_class, "ONEZONE_IA") - s3_bucket = try(each.value.s3_bucket, var.defaults.s3_bucket, null) - s3_acl = try(each.value.s3_acl, var.defaults.s3_acl, "private") + s3_object_tags = try(each.value.s3_object_tags, var.defaults.s3_object_tags, {}) + s3_object_tags_only = try(each.value.s3_object_tags_only, var.defaults.s3_object_tags_only, false) + s3_prefix = try(each.value.s3_prefix, var.defaults.s3_prefix, null) s3_server_side_encryption = try(each.value.s3_server_side_encryption, var.defaults.s3_server_side_encryption, null) + snap_start = try(each.value.snap_start, var.defaults.snap_start, false) source_path = try(each.value.source_path, var.defaults.source_path, null) - hash_extra = try(each.value.hash_extra, var.defaults.hash_extra, "") - build_in_docker = try(each.value.build_in_docker, var.defaults.build_in_docker, false) - docker_file = try(each.value.docker_file, var.defaults.docker_file, "") - docker_build_root = try(each.value.docker_build_root, var.defaults.docker_build_root, "") - docker_image = try(each.value.docker_image, var.defaults.docker_image, "") - docker_with_ssh_agent = try(each.value.docker_with_ssh_agent, var.defaults.docker_with_ssh_agent, false) - docker_pip_cache = try(each.value.docker_pip_cache, var.defaults.docker_pip_cache, null) - docker_additional_options = try(each.value.docker_additional_options, var.defaults.docker_additional_options, []) - docker_entrypoint = try(each.value.docker_entrypoint, var.defaults.docker_entrypoint, null) - recreate_missing_package = try(each.value.recreate_missing_package, var.defaults.recreate_missing_package, true) + store_on_s3 = try(each.value.store_on_s3, var.defaults.store_on_s3, false) + tags = try(each.value.tags, var.defaults.tags, {}) + timeout = try(each.value.timeout, var.defaults.timeout, 3) + timeouts = try(each.value.timeouts, var.defaults.timeouts, {}) + tracing_mode = try(each.value.tracing_mode, var.defaults.tracing_mode, null) + trusted_entities = try(each.value.trusted_entities, var.defaults.trusted_entities, []) + use_existing_cloudwatch_log_group = try(each.value.use_existing_cloudwatch_log_group, var.defaults.use_existing_cloudwatch_log_group, false) + vpc_security_group_ids = try(each.value.vpc_security_group_ids, var.defaults.vpc_security_group_ids, null) + vpc_subnet_ids = try(each.value.vpc_subnet_ids, var.defaults.vpc_subnet_ids, null) }