aws-lambda-service/lambda.tf at master · nullstone-modules/aws-lambda-service · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
resource "aws_lambda_function" "this" {
  #bridgecrew:skip=CKV_AWS_272: "Ensure AWS Lambda function is configured to validate code-signing". Nullstone users are responsible for code-signing.
  function_name                  = local.resource_name
  handler                        = var.handler
  role                           = module.scaffold.executor.arn
  runtime                        = var.runtime
  memory_size                    = var.memory
  timeout                        = var.timeout
  tags                           = local.tags
  s3_bucket                      = aws_s3_bucket.artifacts.bucket
  s3_key                         = local.has_artifact ? local.artifact_key : aws_s3_object.placeholder.key
  reserved_concurrent_executions = 100
  kms_key_arn                    = module.scaffold.kms_key.arn

  vpc_config {
    security_group_ids = [aws_security_group.this.id]
    subnet_ids         = local.private_subnet_ids
  }

  environment {
    variables = local.all_env_vars
  }

  tracing_config {
    mode = "Active"
  }

  dynamic "dead_letter_config" {
    for_each = local.dead_letter_queues

    content {
      target_arn = dead_letter_config.value.queue_arn
    }
  }
}