Revert "Refactor lambda source code (#7)" (#10)

This reverts commit 14f2f4f.

Author: xshot9011

.gitignore

@@ -24,7 +24,6 @@ crash.*.log
 # to change depending on the environment.
 #
 *.tfvars
-!terraform.*example*.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ repos:
         args:
           - "--args=--only=terraform_deprecated_interpolation"
           - "--args=--only=terraform_deprecated_index"
-          - "--args=--only=terraform_unused_declarations"
+          # - "--args=--only=terraform_unused_declarations"
           - "--args=--only=terraform_comment_syntax"
           - "--args=--only=terraform_documented_outputs"
           - "--args=--only=terraform_documented_variables"

CHANGELOG.md

@@ -4,12 +4,10 @@
 locals {
   name = format("%s-%s-%s", var.prefix, var.environment, var.name)
 
-  lambda_role_arn = var.is_create_lambda_role ? aws_iam_role.this[0].arn : var.lambda_role_arn
-
-  file_name         = var.is_edge ? null : data.archive_file.this.output_path
-  bucket_name       = var.is_edge ? var.is_create_lambda_bucket ? module.s3[0].bucket_name : var.bucket_name : null
-  object_key        = var.is_edge ? aws_s3_object.this[0].id : null
-  object_version_id = var.is_edge ? aws_s3_object.this[0].version_id : null
+  lambda_role_arn   = var.is_create_lambda_role ? aws_iam_role.this[0].arn : var.lambda_role_arn
+  bucket_name       = var.is_upload_form_s3 ? var.bucket_name : var.is_create_lambda_bucket ? element(module.s3[*].bucket_name, 0) : var.bucket_name
+  object_key        = var.is_upload_form_s3 ? data.aws_s3_object.this[0].key : aws_s3_object.this[0].id
+  object_version_id = var.is_upload_form_s3 ? data.aws_s3_object.this[0].version_id : aws_s3_object.this[0].version_id
 
   tags = merge(
     {
@@ -23,15 +21,20 @@ locals {
 locals {
   raise_is_lambda_role_arn_empty = var.is_create_lambda_role == false && var.lambda_role_arn == "" ? file("Variable `lambda_role_arn` is required when `is_create_lambda_role` is false") : "pass"
 
-  raise_bucket_name_empty    = var.is_edge && var.is_create_lambda_bucket == false && length(var.bucket_name) == 0 ? file("Variable `bucket_name` is required when `is_create_lambda_bucket` is false") : "pass"
-  raise_local_file_dir_empty = length(var.compressed_local_file_dir) == 0 ? file("Variable `compressed_local_file_dir` is required") : "pass"
-  raise_file_globs_empty     = length(var.file_globs) == 0 ? file("Variable `file_globs` is required") : "pass"
+  raise_bucket_name_empty = var.is_upload_form_s3 && length(var.bucket_name) == 0 ? file("Variable `bucket_name` is required when `is_upload_form_s3` is true") : "pass"
+  raise_file_name_empty   = var.is_upload_form_s3 && length(var.file_name) == 0 ? file("Variable `file_name` is required when `is_upload_form_s3` is true") : "pass"
+
+  raise_compressed_local_file_dir_empty = var.is_upload_form_s3 == false && length(var.compressed_local_file_dir) == 0 ? file("Variable `compressed_local_file_dir` is required when `is_upload_form_s3` is false") : "pass"
+  raise_file_globs_empty                = var.is_upload_form_s3 == false && length(var.file_globs) == 0 ? file("Variable `file_globs` is required when `is_upload_form_s3` is false") : "pass"
 }
 
 /* -------------------------------------------------------------------------- */
-/*                                  Zip File                                  */
+/*                                     S3                                     */
 /* -------------------------------------------------------------------------- */
-data "archive_file" "this" {
+/* -------------------------------- ZIP File -------------------------------- */
+data "archive_file" "zip_file" {
+  count = var.is_upload_form_s3 == false ? 1 : 0
+
   type        = "zip"
   output_path = format("%s/%s.zip", var.compressed_local_file_dir, local.name)
 
@@ -60,13 +63,10 @@ data "archive_file" "this" {
   }
 }
 
-/* -------------------------------------------------------------------------- */
-/*                                     S3                                     */
-/* -------------------------------------------------------------------------- */
 module "s3" {
-  count = var.is_edge && var.is_create_lambda_bucket ? 1 : 0
+  count = var.is_create_lambda_bucket && var.is_upload_form_s3 == false ? 1 : 0
 
-  source = "git@github.com:oozou/terraform-aws-s3.git?ref=v1.0.4"
+  source = "git@github.com:oozou/terraform-aws-s3.git?ref=v1.0.2"
 
   prefix      = var.prefix
   environment = var.environment
@@ -80,13 +80,20 @@ module "s3" {
   tags = var.tags
 }
 
+data "aws_s3_object" "this" {
+  count = var.is_upload_form_s3 ? 1 : 0
+
+  bucket = local.bucket_name
+  key    = var.file_name
+}
+
 resource "aws_s3_object" "this" {
-  count = var.is_edge && var.is_create_lambda_bucket ? 1 : 0
+  count = var.is_upload_form_s3 == false ? 1 : 0
 
-  bucket = element(module.s3[*].bucket_name, 0)
+  bucket = var.is_create_lambda_bucket ? element(module.s3[*].bucket_name, 0) : var.bucket_name
   key    = format("%s.zip", local.name)
-  source = data.archive_file.this.output_path
-  etag   = data.archive_file.this.output_md5
+  source = data.archive_file.zip_file[0].output_path
+  etag   = data.archive_file.zip_file[0].output_md5
 
   tags = merge(local.tags, { "Name" = format("%s.zip", local.name) })
 }
@@ -95,7 +102,7 @@ resource "aws_s3_object" "this" {
 /*                            Resource Based Policy                           */
 /* -------------------------------------------------------------------------- */
 resource "aws_lambda_permission" "allow_serivce" {
-  for_each = var.lambda_permission_configurations
+  for_each = var.lambda_permission_configuration
 
   statement_id   = format("AllowExecutionFrom-%s", each.key)
   action         = "lambda:InvokeFunction"
@@ -192,7 +199,7 @@ resource "aws_iam_role_policy" "logs_role_policy" {
 }
 
 resource "aws_iam_role_policy_attachment" "this" {
-  for_each = var.is_create_lambda_role ? var.additional_lambda_role_policy_arns : {}
+  for_each = var.is_create_lambda_role ? toset(var.additional_lambda_role_policy_arns) : toset([])
 
   role       = aws_iam_role.this[0].name
   policy_arn = each.value
@@ -212,7 +219,7 @@ resource "aws_ssm_parameter" "params" {
   type = "SecureString"
   tier = length(each.value) > 4096 ? "Advanced" : "Standard"
 
-  tags = local.tags
+  tags = var.tags
 }
 
 data "aws_iam_policy_document" "secret_access_policy_doc" {
@@ -254,27 +261,16 @@ resource "aws_lambda_function" "this" {
   function_name = format("%s-function", local.name)
   description   = format("Lambda function: %s", local.name)
 
-  # Read source code from s3
+  # Read the file from s3
   s3_bucket         = local.bucket_name
   s3_key            = local.object_key
   s3_object_version = local.object_version_id
 
-  # Read source code from local
-  filename         = local.file_name
-  source_code_hash = filebase64sha256(data.archive_file.this.output_path)
-
   # Specification
   timeout                        = var.timeout
   memory_size                    = var.memory_size
   reserved_concurrent_executions = var.reserved_concurrent_executions
 
-  # Code Env
-  publish = true # Force public new version
-  runtime = var.runtime
-  handler = var.handler
-
-  role = local.lambda_role_arn
-
   vpc_config {
     security_group_ids = var.vpc_config.security_group_ids
     subnet_ids         = var.vpc_config.subnet_ids_to_associate
@@ -288,11 +284,17 @@ resource "aws_lambda_function" "this" {
     }
   }
 
-  dynamic "tracing_config" {
-    for_each = var.tracing_mode == null ? [] : [true]
-    content {
-      mode = var.tracing_mode
-    }
+  # Code Env
+  publish = true # Force public new version
+  runtime = var.runtime
+  handler = var.handler
+
+  role = local.lambda_role_arn
+
+  lifecycle {
+    ignore_changes = [
+      last_modified,
+    ]
   }
 
   tags = merge(local.tags, { "Name" = format("%s-function", local.name) })