From ad910e9c3d1891eaf9c66144a56377d988da7d2f Mon Sep 17 00:00:00 2001 From: Dominic Scheirlinck Date: Fri, 11 Dec 2020 16:10:57 +1300 Subject: [PATCH 1/2] docs: update description of hook vars, note naming expectations of default policy --- modules/deploy/README.md | 8 ++++---- modules/deploy/variables.tf | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/deploy/README.md b/modules/deploy/README.md index 41dc4b67..a58333d8 100644 --- a/modules/deploy/README.md +++ b/modules/deploy/README.md @@ -100,7 +100,7 @@ module "lambda" { | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | local | >= 1 | | null | >= 2 | @@ -108,7 +108,7 @@ module "lambda" { | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | local | >= 1 | | null | >= 2 | @@ -116,7 +116,7 @@ module "lambda" { | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| after\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute after allow traffic during deployment | `string` | `""` | no | +| after\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | | alarm\_enabled | Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later. | `bool` | `false` | no | | alarm\_ignore\_poll\_alarm\_failure | Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. | `bool` | `false` | no | | alarms | A list of alarms configured for the deployment group. A maximum of 10 alarms can be added to a deployment group. | `list(string)` | `[]` | no | @@ -126,7 +126,7 @@ module "lambda" { | auto\_rollback\_enabled | Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. | `bool` | `true` | no | | auto\_rollback\_events | List of event types that trigger a rollback. Supported types are DEPLOYMENT\_FAILURE and DEPLOYMENT\_STOP\_ON\_ALARM. | `list(string)` |
[
"DEPLOYMENT_STOP_ON_ALARM"
]
| no | | aws\_cli\_command | Command to run as AWS CLI. May include extra arguments like region and profile. | `string` | `"aws"` | no | -| before\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute before allow traffic during deployment | `string` | `""` | no | +| before\_allow\_traffic\_hook\_arn | ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook\_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role | `string` | `""` | no | | codedeploy\_principals | List of CodeDeploy service principals to allow. The list can include global or regional endpoints. | `list(string)` |
[
"codedeploy.amazonaws.com"
]
| no | | codedeploy\_role\_name | IAM role name to create or use by CodeDeploy | `string` | `""` | no | | create | Controls whether resources should be created | `bool` | `true` | no | diff --git a/modules/deploy/variables.tf b/modules/deploy/variables.tf index 22f16b3b..66b06519 100644 --- a/modules/deploy/variables.tf +++ b/modules/deploy/variables.tf @@ -29,13 +29,13 @@ variable "target_version" { } variable "before_allow_traffic_hook_arn" { - description = "ARN of Lambda function to execute before allow traffic during deployment" + description = "ARN of Lambda function to execute before allow traffic during deployment. This function should be named CodeDeployHook_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role" type = string default = "" } variable "after_allow_traffic_hook_arn" { - description = "ARN of Lambda function to execute after allow traffic during deployment" + description = "ARN of Lambda function to execute after allow traffic during deployment. This function should be named CodeDeployHook_, to match the managed AWSCodeDeployForLambda policy, unless you're using a custom role" type = string default = "" } From dfc0a0a84f33dca2694b463b4c05bc1940544309 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 14 Jan 2021 17:06:21 +0100 Subject: [PATCH 2/2] Updated formatting and docs --- README.md | 12 ++++++------ examples/alias/README.md | 2 +- examples/async/README.md | 4 ++-- examples/build-package/README.md | 2 +- examples/container-image/README.md | 8 ++++---- examples/deploy/README.md | 4 ++-- examples/multiple-regions/README.md | 6 +++--- examples/simple/README.md | 2 +- examples/with-efs/README.md | 4 ++-- examples/with-vpc/README.md | 2 +- iam.tf | 2 +- main.tf | 20 ++++++++++---------- modules/alias/README.md | 4 ++-- modules/alias/main.tf | 4 ++-- modules/deploy/main.tf | 6 +++--- 15 files changed, 41 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 505c68de..2a5650f9 100644 --- a/README.md +++ b/README.md @@ -573,7 +573,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | external | >= 1 | | local | >= 1 | | null | >= 2 | @@ -583,7 +583,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | external | >= 1 | | local | >= 1 | | null | >= 2 | @@ -634,11 +634,10 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | function\_name | A unique name for your Lambda Function | `string` | `""` | no | | handler | Lambda Function entrypoint in your code | `string` | `""` | no | | hash\_extra | The string to add into hashing function. Useful when building same source path for different functions. | `string` | `""` | no | +| image\_config\_command | The CMD for the docker image | `list(string)` | `[]` | no | +| image\_config\_entry\_point | The ENTRYPOINT for the docker image | `list(string)` | `[]` | no | +| image\_config\_working\_directory | The working directory for the docker image | `string` | `null` | no | | image\_uri | The ECR image URI containing the function's deployment package. | `string` | `null` | no | -| image\_config\_entry_point | The ENTRYPOINT for the docker image. | `string` | `null` | no | -| image\_config\_command | The CMD for the docker image. | `string` | `null` | no | -| image\_config\_working_directory | The working directory for the docker image. | `string` | `null` | no | -| package\_type | The Lambda deployment package type. | `string` | `Zip` | no | | kms\_key\_arn | The ARN of KMS key to use by your Lambda Function | `string` | `null` | no | | lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no | | lambda\_role | IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. | `string` | `""` | no | @@ -651,6 +650,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo | memory\_size | Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 3008 MB, in 64 MB increments. | `number` | `128` | no | | number\_of\_policies | Number of policies to attach to IAM role for Lambda Function | `number` | `0` | no | | number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role for Lambda Function | `number` | `0` | no | +| package\_type | The Lambda deployment package type. Valid options: Zip or Image | `string` | `"Zip"` | no | | policies | List of policy statements ARN to attach to Lambda Function role | `list(string)` | `[]` | no | | policy | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no | | policy\_json | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no | diff --git a/examples/alias/README.md b/examples/alias/README.md index 9c130d66..0bccd041 100644 --- a/examples/alias/README.md +++ b/examples/alias/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/async/README.md b/examples/async/README.md index 4b37f146..1c63af47 100644 --- a/examples/async/README.md +++ b/examples/async/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/build-package/README.md b/examples/build-package/README.md index 0d91b1cd..4a76b6cb 100644 --- a/examples/build-package/README.md +++ b/examples/build-package/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/container-image/README.md b/examples/container-image/README.md index b4d7f3f8..f1884622 100644 --- a/examples/container-image/README.md +++ b/examples/container-image/README.md @@ -20,14 +20,16 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | +| docker | >= 2.8.0 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | +| docker | >= 2.8.0 | | random | >= 2 | ## Inputs @@ -41,8 +43,6 @@ No input. | lambda\_cloudwatch\_log\_group\_arn | The ARN of the Cloudwatch Log Group | | lambda\_role\_arn | The ARN of the IAM role created for the Lambda Function | | lambda\_role\_name | The name of the IAM role created for the Lambda Function | -| local\_filename | The filename of zip archive deployed (if deployment was from local) | -| s3\_object | The map with S3 object data of zip archive deployed (if deployment was from S3) | | this\_lambda\_function\_arn | The ARN of the Lambda Function | | this\_lambda\_function\_invoke\_arn | The Invoke ARN of the Lambda Function | | this\_lambda\_function\_kms\_key\_arn | The ARN for the KMS encryption key of Lambda Function | diff --git a/examples/deploy/README.md b/examples/deploy/README.md index c1f7dd24..6d820c84 100644 --- a/examples/deploy/README.md +++ b/examples/deploy/README.md @@ -20,14 +20,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/multiple-regions/README.md b/examples/multiple-regions/README.md index 4ddec7f1..d7641ee9 100644 --- a/examples/multiple-regions/README.md +++ b/examples/multiple-regions/README.md @@ -21,15 +21,15 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | -| aws.us-east-1 | >= 2.67 | +| aws | >= 3.19 | +| aws.us-east-1 | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/simple/README.md b/examples/simple/README.md index 9ed16bc4..2c9ee0ac 100644 --- a/examples/simple/README.md +++ b/examples/simple/README.md @@ -20,7 +20,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/examples/with-efs/README.md b/examples/with-efs/README.md index e280726e..5a05beba 100644 --- a/examples/with-efs/README.md +++ b/examples/with-efs/README.md @@ -21,14 +21,14 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 3.19.0 | +| aws | >= 3.19 | | random | >= 2 | ## Providers | Name | Version | |------|---------| -| aws | >= 3.19.0 | +| aws | >= 3.19 | | random | >= 2 | ## Inputs diff --git a/examples/with-vpc/README.md b/examples/with-vpc/README.md index 1eac4777..88f72c86 100644 --- a/examples/with-vpc/README.md +++ b/examples/with-vpc/README.md @@ -22,7 +22,7 @@ Note that this example may create resources which cost money. Run `terraform des | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | | random | >= 2 | ## Providers diff --git a/iam.tf b/iam.tf index d97dcdb3..dd245fd7 100644 --- a/iam.tf +++ b/iam.tf @@ -1,5 +1,5 @@ locals { - create_role = var.create && var.create_function && ! var.create_layer && var.create_role + create_role = var.create && var.create_function && !var.create_layer && var.create_role # Lambda@Edge uses the Cloudwatch region closest to the location where the function is executed # The region part of the LogGroup ARN is then replaced with a wildcard (*) so Lambda@Edge is able to log in every region diff --git a/main.tf b/main.tf index acbe22db..d928cd0d 100644 --- a/main.tf +++ b/main.tf @@ -2,7 +2,7 @@ locals { # Use a generated filename to determine when the source code has changed. # filename - to get package from local filename = var.local_existing_package != null ? var.local_existing_package : (var.store_on_s3 ? null : element(concat(data.external.archive_prepare.*.result.filename, [null]), 0)) - was_missing = var.local_existing_package != null ? ! fileexists(var.local_existing_package) : element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) + was_missing = var.local_existing_package != null ? !fileexists(var.local_existing_package) : element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0) # s3_* - to get package from S3 s3_bucket = var.s3_existing_package != null ? lookup(var.s3_existing_package, "bucket", null) : (var.store_on_s3 ? var.s3_bucket : null) @@ -12,7 +12,7 @@ locals { } resource "aws_lambda_function" "this" { - count = var.create && var.create_function && ! var.create_layer ? 1 : 0 + count = var.create && var.create_function && !var.create_layer ? 1 : 0 function_name = var.function_name description = var.description @@ -29,7 +29,7 @@ resource "aws_lambda_function" "this" { package_type = var.package_type filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && ! local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key @@ -96,7 +96,7 @@ resource "aws_lambda_layer_version" "this" { compatible_runtimes = length(var.compatible_runtimes) > 0 ? var.compatible_runtimes : [var.runtime] filename = local.filename - source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && ! local.was_missing ? filebase64sha256(local.filename) : null + source_code_hash = (local.filename == null ? false : fileexists(local.filename)) && !local.was_missing ? filebase64sha256(local.filename) : null s3_bucket = local.s3_bucket s3_key = local.s3_key @@ -120,13 +120,13 @@ resource "aws_s3_bucket_object" "lambda_package" { } data "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && ! var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" } resource "aws_cloudwatch_log_group" "lambda" { - count = var.create && var.create_function && ! var.create_layer && ! var.use_existing_cloudwatch_log_group ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && !var.use_existing_cloudwatch_log_group ? 1 : 0 name = "/aws/lambda/${var.lambda_at_edge ? "us-east-1." : ""}${var.function_name}" retention_in_days = var.cloudwatch_logs_retention_in_days @@ -136,7 +136,7 @@ resource "aws_cloudwatch_log_group" "lambda" { } resource "aws_lambda_provisioned_concurrency_config" "current_version" { - count = var.create && var.create_function && ! var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 + count = var.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0 function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -149,7 +149,7 @@ locals { } resource "aws_lambda_function_event_invoke_config" "this" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_async_event_config ? local.qualifiers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_async_event_config ? local.qualifiers : {} function_name = aws_lambda_function.this[0].function_name qualifier = each.key == "current_version" ? aws_lambda_function.this[0].version : null @@ -178,7 +178,7 @@ resource "aws_lambda_function_event_invoke_config" "this" { } resource "aws_lambda_permission" "current_version_triggers" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_current_version_allowed_triggers ? var.allowed_triggers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_current_version_allowed_triggers ? var.allowed_triggers : {} function_name = aws_lambda_function.this[0].function_name qualifier = aws_lambda_function.this[0].version @@ -193,7 +193,7 @@ resource "aws_lambda_permission" "current_version_triggers" { # Error: Error adding new Lambda Permission for destined-tetra-lambda: InvalidParameterValueException: We currently do not support adding policies for $LATEST. resource "aws_lambda_permission" "unqualified_alias_triggers" { - for_each = var.create && var.create_function && ! var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} + for_each = var.create && var.create_function && !var.create_layer && var.create_unqualified_alias_allowed_triggers ? var.allowed_triggers : {} function_name = aws_lambda_function.this[0].function_name diff --git a/modules/alias/README.md b/modules/alias/README.md index b27c7e77..ece77947 100644 --- a/modules/alias/README.md +++ b/modules/alias/README.md @@ -116,13 +116,13 @@ module "lambda" { | Name | Version | |------|---------| | terraform | >= 0.12.6 | -| aws | >= 2.67 | +| aws | >= 3.19 | ## Providers | Name | Version | |------|---------| -| aws | >= 2.67 | +| aws | >= 3.19 | ## Inputs diff --git a/modules/alias/main.tf b/modules/alias/main.tf index 61ff4e20..67ac548f 100644 --- a/modules/alias/main.tf +++ b/modules/alias/main.tf @@ -11,7 +11,7 @@ data "aws_lambda_alias" "existing" { } resource "aws_lambda_alias" "no_refresh" { - count = var.create && ! var.use_existing_alias && ! var.refresh_alias ? 1 : 0 + count = var.create && !var.use_existing_alias && !var.refresh_alias ? 1 : 0 name = var.name description = var.description @@ -29,7 +29,7 @@ resource "aws_lambda_alias" "no_refresh" { } resource "aws_lambda_alias" "with_refresh" { - count = var.create && ! var.use_existing_alias && var.refresh_alias ? 1 : 0 + count = var.create && !var.use_existing_alias && var.refresh_alias ? 1 : 0 name = var.name description = var.description diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf index 1675e9cb..78fcc9fc 100644 --- a/modules/deploy/main.tf +++ b/modules/deploy/main.tf @@ -112,14 +112,14 @@ resource "null_resource" "deploy" { } resource "aws_codedeploy_app" "this" { - count = var.create && var.create_app && ! var.use_existing_app ? 1 : 0 + count = var.create && var.create_app && !var.use_existing_app ? 1 : 0 name = var.app_name compute_platform = "Lambda" } resource "aws_codedeploy_deployment_group" "this" { - count = var.create && var.create_deployment_group && ! var.use_existing_deployment_group ? 1 : 0 + count = var.create && var.create_deployment_group && !var.use_existing_deployment_group ? 1 : 0 app_name = local.app_name deployment_group_name = var.deployment_group_name @@ -158,7 +158,7 @@ resource "aws_codedeploy_deployment_group" "this" { } data "aws_iam_role" "codedeploy" { - count = var.create && ! var.create_codedeploy_role ? 1 : 0 + count = var.create && !var.create_codedeploy_role ? 1 : 0 name = var.codedeploy_role_name }