feat: Added new resources and arguments

Author: tarun-cd

examples/complete-function/example.tf

@@ -23,6 +23,25 @@ module "lambda" {
   timeout                           = 60
   reserved_concurrent_executions    = 90
   cloudwatch_logs_retention_in_days = 7
+  provisioned_concurrent_executions = 2
+  recursive_loop                    = "Allow"
+  publish = true
+
+  ######################
+  # Lambda Function URL
+  ######################
+  create_lambda_function_url = true
+  authorization_type         = "AWS_IAM"
+  cors = {
+    allow_credentials = true
+    allow_origins     = ["*"]
+    allow_methods     = ["*"]
+    allow_headers     = ["date", "keep-alive"]
+    expose_headers    = ["keep-alive", "date"]
+    max_age           = 86400
+  }
+  invoke_mode = "RESPONSE_STREAM"
+
 
   # -- ARNs of Triggers
   source_arns = [""]

examples/complete-function/outputs.tf

@@ -21,3 +21,22 @@ output "tags" {
   value       = module.lambda.tags
   description = "A mapping of tags to assign to the resource."
 }
+
+
+output "lambda_function_url" {
+  value = module.lambda.lambda_function_url
+}
+
+output "lambda_function_url_id" {
+  value = module.lambda.lambda_function_url_id
+}
+
+output "lambda_provisioned_concurrency_config_id" {
+  value = module.lambda.lambda_provisioned_concurrency_config_id
+}
+
+output "lambda_recursion_config_function_name" {
+  value = module.lambda.lambda_recursion_config_function_name
+}
+
+

main.tf

@@ -229,7 +229,7 @@ resource "aws_kms_key_policy" "lambda" {
       },
       {
         "Effect" : "Allow",
-        "Principal" : { "Service" : "lambda.${data.aws_region.current.name}.amazonaws.com" },
+        "Principal" : { "Service" : "lambda.${data.aws_region.current.region}.amazonaws.com" },
         "Action" : [
           "kms:Encrypt*",
           "kms:Decrypt*",
@@ -260,7 +260,7 @@ resource "aws_kms_key_policy" "cloudwatch" {
       },
       {
         "Effect" : "Allow",
-        "Principal" : { "Service" : "logs.${data.aws_region.current.name}.amazonaws.com" },
+        "Principal" : { "Service" : "logs.${data.aws_region.current.region}.amazonaws.com" },
         "Action" : [
           "kms:Encrypt*",
           "kms:Decrypt*",
@@ -317,4 +317,60 @@ resource "aws_iam_role_policy_attachment" "logs" {
   count      = var.enable && var.create_iam_role && var.attach_cloudwatch_logs_policy ? 1 : 0
   role       = aws_iam_role.default[0].name
   policy_arn = aws_iam_policy.logs[0].arn
-}
+}
+
+
+locals {
+  create = var.create && var.putin_khuylo
+
+}
+
+
+
+
+resource "aws_lambda_provisioned_concurrency_config" "current_version" {
+  count = local.create && var.create_function && !var.create_layer && var.provisioned_concurrent_executions > -1 ? 1 : 0
+
+  region = var.region
+
+  function_name = aws_lambda_function.default[0].function_name
+  qualifier     = aws_lambda_function.default[0].version
+
+
+  provisioned_concurrent_executions = var.provisioned_concurrent_executions
+}
+
+
+resource "aws_lambda_function_recursion_config" "this" {
+  count = local.create && var.create_function && !var.create_layer && var.recursive_loop == "Allow" ? 1 : 0
+
+  region = var.region
+
+  function_name  = aws_lambda_function.default[0].function_name
+  recursive_loop = var.recursive_loop
+}
+
+resource "aws_lambda_function_url" "this" {
+  count = local.create && var.create_function && !var.create_layer && var.create_lambda_function_url ? 1 : 0
+
+  region        = var.region
+  function_name = aws_lambda_function.default[0].function_name
+
+  qualifier = var.create_unqualified_alias_lambda_function_url ? null : aws_lambda_function.default[0].version
+
+  authorization_type = var.authorization_type # e.g., "NONE" or "AWS_IAM"
+  invoke_mode        = var.invoke_mode        # e.g., "BUFFERED" or "RESPONSE_STREAM"
+
+  dynamic "cors" {
+    for_each = length(keys(var.cors)) == 0 ? [] : [var.cors]
+
+    content {
+      allow_credentials = try(cors.value.allow_credentials, null)
+      allow_headers     = try(cors.value.allow_headers, null)
+      allow_methods     = try(cors.value.allow_methods, null)
+      allow_origins     = try(cors.value.allow_origins, null)
+      expose_headers    = try(cors.value.expose_headers, null)
+      max_age           = try(cors.value.max_age, null)
+    }
+  }
+}

variables.tf

@@ -440,3 +440,102 @@ variable "aws_iam_policy_path" {
   default     = "/"
   description = "IAM policy path default value"
 }
+
+##--------------------------------------------------------------------------------
+
+variable "region" {
+  description = "Region where the resource(s) will be managed. Defaults to the region set in the provider configuration"
+  type        = string
+  default     = null
+}
+
+variable "create_function" {
+  description = "Controls whether Lambda Function resource should be created"
+  type        = bool
+  default     = true
+}
+
+variable "create_layer" {
+  description = "Controls whether Lambda Layer resource should be created"
+  type        = bool
+  default     = false
+}
+
+variable "create_current_version_async_event_config" {
+  description = "Whether to allow async event configuration on current version of Lambda Function (this will revoke permissions from previous version because Terraform manages only current resources)"
+  type        = bool
+  default     = true
+}
+
+variable "create_unqualified_alias_async_event_config" {
+  description = "Whether to allow async event configuration on unqualified alias pointing to $LATEST version"
+  type        = bool
+  default     = true
+}
+
+variable "create" {
+  description = "Controls whether resources should be created"
+  type        = bool
+  default     = true
+}
+
+variable "putin_khuylo" {
+  description = "Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!"
+  type        = bool
+  default     = true
+}
+
+##########################
+# Provisioned Concurrency
+##########################
+
+variable "provisioned_concurrent_executions" {
+  description = "Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency."
+  type        = number
+  default     = -1
+}
+
+############################################
+# Lambda Recursive Loop Settings
+############################################
+
+variable "recursive_loop" {
+  description = "Lambda function recursion configuration. Valid values are Allow or Terminate."
+  type        = string
+  default     = null
+}
+
+variable "create_lambda_function_url" {
+  description = "Controls whether the Lambda Function URL resource should be created"
+  type        = bool
+  default     = false
+}
+
+###############
+# Function URL
+###############
+
+variable "create_unqualified_alias_lambda_function_url" {
+  description = "Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL"
+  type        = bool
+  default     = true
+}
+
+variable "authorization_type" {
+  description = "The type of authentication that the Lambda Function URL uses. Set to 'AWS_IAM' to restrict access to authenticated IAM users only. Set to 'NONE' to bypass IAM authentication and create a public endpoint."
+  type        = string
+  default     = "NONE"
+}
+
+variable "cors" {
+  description = "CORS settings to be used by the Lambda Function URL"
+  type        = any
+  default     = {}
+}
+
+variable "invoke_mode" {
+  description = "Invoke mode of the Lambda Function URL. Valid values are BUFFERED (default) and RESPONSE_STREAM."
+  type        = string
+  default     = null
+}
+