Skip to main content
Service Catalog Version 0.78.1

Lambda

View SourceFiltered Release Notes

Overview

This service contains code to deploy a Lambda on AWS that can be used for either production or non-production workloads.

Lambda architectureLambda architecture

Features

  • The lambda function
  • Optionally, a schedule expression if you want to execute the lambda periodically
  • Optionally, an alarm that can be triggered when the lambda fails

Learn

note

This repo is a part of the Gruntwork Service Catalog, a collection of reusable, battle-tested, production ready infrastructure code. If you’ve never used the Service Catalog before, make sure to read How to use the Gruntwork Service Catalog!

Under the hood, this is all implemented using Terraform modules from the Gruntwork terraform-aws-lambda repo. If you are a subscriber and don’t have access to this repo, email support@gruntwork.io.

Core concepts

To understand core concepts like what’s a Lambda, how to test it, and more, see the documentation in the terraform-aws-lambda repo.

Repo organization

  • modules: The main implementation code for this repo, broken down into multiple standalone, orthogonal submodules.
  • examples: This folder contains working examples of how to use the submodules.
  • test: Automated tests for the modules and examples.

Deploy

Non-production deployment (quick start for learning)

If you just want to try this repo out for experimenting and learning, check out the following resources:

  • examples/for-learning-and-testing folder: The examples/for-learning-and-testing folder contains standalone sample code optimized for learning, experimenting, and testing (but not direct production usage).

Production deployment

If you want to deploy this repo in production, check out the following resources:

Reference

  • assume_role_policy A custom assume role policy for the IAM role for this Lambda function. If not set, the default is a policy that allows the Lambda service to assume the IAM role, which is what most users will need. However, you can use this variable to override the policy for special cases, such as using a Lambda function to rotate AWS Secrets Manager secrets.
  • command The CMD for the docker image. Only used if you specify a Docker image via image_uri.
  • comparison_operator The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: GreaterThanOrEqualToThreshold, GreaterThanThreshold, LessThanThreshold, LessThanOrEqualToThreshold. Additionally, the values LessThanLowerOrGreaterThanUpperThreshold, LessThanLowerThreshold, and GreaterThanUpperThreshold are used only for alarms based on anomaly detection models.
  • create_resources Set to false to have this module skip creating resources. This weird parameter exists solely because Terraform does not support conditional modules. Therefore, this is a hack to allow you to conditionally decide if this module should create anything or not.
  • dead_letter_target_arn The ARN of an SNS topic or an SQS queue to notify when invocation of a Lambda function fails. If this option is used, you must grant this function's IAM role (the ID is outputted as iam_role_id) access to write to the target object, which means allowing either the sns:Publish or sqs:SendMessage action on this ARN, depending on which service is targeted.
  • description A description of what the Lambda function does.
  • enable_versioning Set to true to enable versioning for this Lambda function. This allows you to use aliases to refer to execute different versions of the function in different environments. Note that an alternative way to run Lambda functions in multiple environments is to version your Terraform code.
  • entry_point The ENTRYPOINT for the docker image. Only used if you specify a Docker image via image_uri.
  • environment_variables A map of environment variables to pass to the Lambda function. AWS will automatically encrypt these with KMS and decrypt them when running the function.
  • evaluation_periods The number of periods over which data is compared to the specified threshold.
  • handler The function entrypoint in your code. This is typically the name of a function or method in your code that AWS will execute when this Lambda function is triggered.
  • kms_key_arn A custom KMS key to use to encrypt and decrypt Lambda function environment variables. Leave it blank to use the default KMS key provided in your AWS account.
  • layers The list of Lambda Layer Version ARNs to attach to your Lambda Function. You can have a maximum of 5 Layers attached to each function.
  • memory_size The maximum amount of memory, in MB, your Lambda function will be able to use at runtime. Can be set in 64MB increments from 128MB up to 1536MB. Note that the amount of CPU power given to a Lambda function is proportional to the amount of memory you request, so a Lambda function with 256MB of memory has twice as much CPU power as one with 128MB.
  • metric_name The name for the alarm's associated metric.
  • mount_to_file_system Set to true to mount your Lambda function on an EFS. Note that the lambda must also be deployed inside a VPC [(run_in_vpc](#(run_in_vpc) must be set to true) for this config to have any effect.
  • name The name of the Lambda function. Used to namespace all resources created by this module.
  • namespace The namespace to use for all resources created by this module. If not set, lambda_function_name, with '-scheduled' as a suffix, is used.
  • period The period in seconds over which the specified statistic is applied.
  • run_in_vpc Set to true to give your Lambda function access to resources within a VPC.
  • s3_bucket An S3 bucket location containing the function's deployment package. Exactly one of source_path or the s3_xxx variables must be specified.
  • should_create_outbound_rule If true, create an egress rule allowing all outbound traffic from Lambda function to the entire Internet (e.g. 0.0.0.0/0).
  • skip_zip Set to true to skip zip archive creation and assume that source_path points to a pregenerated zip archive.
  • source_path The path to the directory that contains your Lambda function source code. This code will be zipped up and uploaded to Lambda as your deployment package. If skip_zip is set to true, then this is assumed to be the path to an already-zipped file, and it will be uploaded directly to Lambda as a deployment package. Exactly one of source_path or the s3_xxx variables must be specified.
  • statistic The statistic to apply to the alarm's associated metric.
  • subnet_ids A list of subnet IDs the Lambda function should be able to access within your VPC. Only used if run_in_vpc is true.
  • tags A map of tags to apply to the Lambda function.
  • threshold The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.
  • timeout The maximum amount of time, in seconds, your Lambda function will be allowed to run. Must be between 1 and 900 seconds.
  • vpc_id The ID of the VPC the Lambda function should be able to access. Only used if run_in_vpc is true.
  • zip_output_path The path to store the output zip file of your source code. If empty, defaults to module path. This should be the full path to the zip file, not a directory.