diff --git a/README.md b/README.md
index 600ff1e..4fd16d6 100644
--- a/README.md
+++ b/README.md
@@ -180,9 +180,7 @@ Available targets:
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"].
Default is ["x86\_64"]. Removing this attribute, function's architecture stay the same. | `list(string)` | `null` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
-| [cloudwatch\_event\_rules](#input\_cloudwatch\_event\_rules) | Creates EventBridge (CloudWatch Events) rules for invoking the Lambda Function along with the required permissions. | `map(any)` | `{}` | no |
| [cloudwatch\_lambda\_insights\_enabled](#input\_cloudwatch\_lambda\_insights\_enabled) | Enable CloudWatch Lambda Insights for the Lambda Function. | `bool` | `false` | no |
-| [cloudwatch\_log\_subscription\_filters](#input\_cloudwatch\_log\_subscription\_filters) | CloudWatch Logs subscription filter resources. Currently supports only Lambda functions as destinations. | `map(any)` | `{}` | no |
| [cloudwatch\_logs\_kms\_key\_arn](#input\_cloudwatch\_logs\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |
| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are:
1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the
log group are always retained and never expire. | `number` | `null` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
@@ -193,13 +191,12 @@ Available targets:
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role
of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `any` | `{}` | no |
+| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | The size of the Lambda function Ephemeral storage (/tmp) represented in MB.
The minimum supported ephemeral\_storage value defaults to 512MB and the maximum supported value is 10240MB. | `number` | `null` | no |
| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. If defined, The s3\_-prefixed options and image\_uri cannot be used. | `string` | `null` | no |
| [function\_name](#input\_function\_name) | Unique name for the Lambda Function. | `string` | n/a | yes |
| [handler](#input\_handler) | The function entrypoint in your code. | `string` | `null` | no |
| [iam\_policy\_description](#input\_iam\_policy\_description) | Description of the IAM policy for the Lambda IAM role | `string` | `"Provides minimum SSM read permissions."` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| [ignore\_external\_function\_updates](#input\_ignore\_external\_function\_updates) | Ignore updates to the Lambda Function executed externally to the Terraform lifecycle. Set this to `true` if you're
using CodeDeploy, aws CLI or other external tools to update the Lambda Function code." | `bool` | `false` | no |
| [image\_config](#input\_image\_config) | The Lambda OCI [image configurations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#image_config)
block with three (optional) arguments:
- *entry\_point* - The ENTRYPOINT for the docker image (type `list(string)`).
- *command* - The CMD for the docker image (type `list(string)`).
- *working\_directory* - The working directory for the docker image (type `string`). | `any` | `{}` | no |
| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. Conflicts with filename, s3\_bucket, s3\_key, and s3\_object\_version. | `string` | `null` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables.
If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key.
If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this
configuration and Terraform will show a perpetual difference of adding the key. To fix the perpetual difference,
remove this configuration. | `string` | `""` | no |
@@ -222,7 +219,6 @@ Available targets:
| [s3\_bucket](#input\_s3\_bucket) | The S3 bucket location containing the function's deployment package. Conflicts with filename and image\_uri.
This bucket must reside in the same AWS region where you are creating the Lambda function. | `string` | `null` | no |
| [s3\_key](#input\_s3\_key) | The S3 key of an object containing the function's deployment package. Conflicts with filename and image\_uri. | `string` | `null` | no |
| [s3\_object\_version](#input\_s3\_object\_version) | The object version containing the function's deployment package. Conflicts with filename and image\_uri. | `string` | `null` | no |
-| [sns\_subscriptions](#input\_sns\_subscriptions) | Creates subscriptions to SNS topics which trigger the Lambda Function. Required Lambda invocation permissions will be generated. | `map(any)` | `{}` | no |
| [source\_code\_hash](#input\_source\_code\_hash) | Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename or s3\_key. The usual way to set this is filebase64sha256('file.zip') where 'file.zip' is the local filename
of the lambda function source archive. | `string` | `""` | no |
| [ssm\_parameter\_names](#input\_ssm\_parameter\_names) | List of AWS Systems Manager Parameter Store parameter names. The IAM role of this Lambda function will be enhanced
with read permissions for those parameters. Parameters must start with a forward slash and can be encrypted with the
default KMS key. | `list(string)` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/docs/terraform.md b/docs/terraform.md
index 9710bfb..8d423b4 100644
--- a/docs/terraform.md
+++ b/docs/terraform.md
@@ -45,9 +45,7 @@
| [additional\_tag\_map](#input\_additional\_tag\_map) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not added to `tags` or `id`.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration. | `map(string)` | `{}` | no |
| [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are ["x86\_64"] and ["arm64"].
Default is ["x86\_64"]. Removing this attribute, function's architecture stay the same. | `list(string)` | `null` | no |
| [attributes](#input\_attributes) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the `delimiter`
and treated as a single ID element. | `list(string)` | `[]` | no |
-| [cloudwatch\_event\_rules](#input\_cloudwatch\_event\_rules) | Creates EventBridge (CloudWatch Events) rules for invoking the Lambda Function along with the required permissions. | `map(any)` | `{}` | no |
| [cloudwatch\_lambda\_insights\_enabled](#input\_cloudwatch\_lambda\_insights\_enabled) | Enable CloudWatch Lambda Insights for the Lambda Function. | `bool` | `false` | no |
-| [cloudwatch\_log\_subscription\_filters](#input\_cloudwatch\_log\_subscription\_filters) | CloudWatch Logs subscription filter resources. Currently supports only Lambda functions as destinations. | `map(any)` | `{}` | no |
| [cloudwatch\_logs\_kms\_key\_arn](#input\_cloudwatch\_logs\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting log data. | `string` | `null` | no |
| [cloudwatch\_logs\_retention\_in\_days](#input\_cloudwatch\_logs\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. Possible values are:
1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0. If you select 0, the events in the
log group are always retained and never expire. | `number` | `null` | no |
| [context](#input\_context) | Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional\_tag\_map, which are merged. | `any` | {
"additional_tag_map": {},
"attributes": [],
"delimiter": null,
"descriptor_formats": {},
"enabled": true,
"environment": null,
"id_length_limit": null,
"label_key_case": null,
"label_order": [],
"label_value_case": null,
"labels_as_tags": [
"unset"
],
"name": null,
"namespace": null,
"regex_replace_chars": null,
"stage": null,
"tags": {},
"tenant": null
} | no |
@@ -58,13 +56,12 @@
| [descriptor\_formats](#input\_descriptor\_formats) | Describe additional descriptors to be output in the `descriptors` output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
`{
format = string
labels = list(string)
}`
(Type is `any` so the map values can later be enhanced to provide additional options.)
`format` is a Terraform format string to be passed to the `format()` function.
`labels` is a list of labels, in order, to pass to `format()` function.
Label values will be normalized before being passed to `format()` so they will be
identical to how they appear in `id`.
Default is `{}` (`descriptors` output will be empty). | `any` | `{}` | no |
| [enabled](#input\_enabled) | Set to false to prevent the module from creating any resources | `bool` | `null` | no |
| [environment](#input\_environment) | ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT' | `string` | `null` | no |
-| [event\_source\_mappings](#input\_event\_source\_mappings) | Creates event source mappings to allow the Lambda function to get events from Kinesis, DynamoDB and SQS. The IAM role
of this Lambda function will be enhanced with necessary minimum permissions to get those events. | `any` | `{}` | no |
+| [ephemeral\_storage\_size](#input\_ephemeral\_storage\_size) | The size of the Lambda function Ephemeral storage (/tmp) represented in MB.
The minimum supported ephemeral\_storage value defaults to 512MB and the maximum supported value is 10240MB. | `number` | `null` | no |
| [filename](#input\_filename) | The path to the function's deployment package within the local filesystem. If defined, The s3\_-prefixed options and image\_uri cannot be used. | `string` | `null` | no |
| [function\_name](#input\_function\_name) | Unique name for the Lambda Function. | `string` | n/a | yes |
| [handler](#input\_handler) | The function entrypoint in your code. | `string` | `null` | no |
| [iam\_policy\_description](#input\_iam\_policy\_description) | Description of the IAM policy for the Lambda IAM role | `string` | `"Provides minimum SSM read permissions."` | no |
| [id\_length\_limit](#input\_id\_length\_limit) | Limit `id` to this many characters (minimum 6).
Set to `0` for unlimited length.
Set to `null` for keep the existing setting, which defaults to `0`.
Does not affect `id_full`. | `number` | `null` | no |
-| [ignore\_external\_function\_updates](#input\_ignore\_external\_function\_updates) | Ignore updates to the Lambda Function executed externally to the Terraform lifecycle. Set this to `true` if you're
using CodeDeploy, aws CLI or other external tools to update the Lambda Function code." | `bool` | `false` | no |
| [image\_config](#input\_image\_config) | The Lambda OCI [image configurations](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#image_config)
block with three (optional) arguments:
- *entry\_point* - The ENTRYPOINT for the docker image (type `list(string)`).
- *command* - The CMD for the docker image (type `list(string)`).
- *working\_directory* - The working directory for the docker image (type `string`). | `any` | `{}` | no |
| [image\_uri](#input\_image\_uri) | The ECR image URI containing the function's deployment package. Conflicts with filename, s3\_bucket, s3\_key, and s3\_object\_version. | `string` | `null` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables.
If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key.
If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this
configuration and Terraform will show a perpetual difference of adding the key. To fix the perpetual difference,
remove this configuration. | `string` | `""` | no |
@@ -87,7 +84,6 @@
| [s3\_bucket](#input\_s3\_bucket) | The S3 bucket location containing the function's deployment package. Conflicts with filename and image\_uri.
This bucket must reside in the same AWS region where you are creating the Lambda function. | `string` | `null` | no |
| [s3\_key](#input\_s3\_key) | The S3 key of an object containing the function's deployment package. Conflicts with filename and image\_uri. | `string` | `null` | no |
| [s3\_object\_version](#input\_s3\_object\_version) | The object version containing the function's deployment package. Conflicts with filename and image\_uri. | `string` | `null` | no |
-| [sns\_subscriptions](#input\_sns\_subscriptions) | Creates subscriptions to SNS topics which trigger the Lambda Function. Required Lambda invocation permissions will be generated. | `map(any)` | `{}` | no |
| [source\_code\_hash](#input\_source\_code\_hash) | Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either
filename or s3\_key. The usual way to set this is filebase64sha256('file.zip') where 'file.zip' is the local filename
of the lambda function source archive. | `string` | `""` | no |
| [ssm\_parameter\_names](#input\_ssm\_parameter\_names) | List of AWS Systems Manager Parameter Store parameter names. The IAM role of this Lambda function will be enhanced
with read permissions for those parameters. Parameters must start with a forward slash and can be encrypted with the
default KMS key. | `list(string)` | `null` | no |
| [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/examples/complete/fixtures.us-east-2.tfvars b/examples/complete/fixtures.us-east-2.tfvars
index 29a6cf8..f0aad9c 100644
--- a/examples/complete/fixtures.us-east-2.tfvars
+++ b/examples/complete/fixtures.us-east-2.tfvars
@@ -3,6 +3,7 @@ namespace = "eg"
environment = "ue2"
stage = "test"
-function_name = "example-complete"
-handler = "handler.handler"
-runtime = "nodejs14.x"
+function_name = "example-complete"
+handler = "handler.handler"
+runtime = "nodejs14.x"
+ephemeral_storage_size = 1024
diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 9154e86..d74db94 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -82,6 +82,7 @@ module "lambda" {
handler = var.handler
runtime = var.runtime
iam_policy_description = var.iam_policy_description
+ ephemeral_storage_size = var.ephemeral_storage_size
custom_iam_policy_arns = [
"arn:aws:iam::aws:policy/job-function/ViewOnlyAccess",
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 68b5048..891e87e 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -25,3 +25,9 @@ variable "iam_policy_description" {
description = "Description of the IAM policy for the Lambda IAM role"
default = "Minimum SSM read permissions for Lambda"
}
+
+variable "ephemeral_storage_size" {
+ type = number
+ description = "The amount of storage available to the function at runtime. Defaults to 512."
+ default = 512
+}
diff --git a/main.tf b/main.tf
index 777fa66..fc94c64 100644
--- a/main.tf
+++ b/main.tf
@@ -79,6 +79,13 @@ resource "aws_lambda_function" "this" {
}
}
+ dynamic "ephemeral_storage" {
+ for_each = var.ephemeral_storage_size != null ? [var.ephemeral_storage_size] : []
+ content {
+ size = var.ephemeral_storage_size
+ }
+ }
+
depends_on = [module.cloudwatch_log_group]
lifecycle {
diff --git a/variables.tf b/variables.tf
index b6d2ccc..8303da5 100644
--- a/variables.tf
+++ b/variables.tf
@@ -7,12 +7,6 @@ variable "architectures" {
default = null
}
-variable "cloudwatch_event_rules" {
- type = map(any)
- description = "Creates EventBridge (CloudWatch Events) rules for invoking the Lambda Function along with the required permissions."
- default = {}
-}
-
variable "cloudwatch_lambda_insights_enabled" {
type = bool
description = "Enable CloudWatch Lambda Insights for the Lambda Function."
@@ -35,12 +29,6 @@ variable "cloudwatch_logs_kms_key_arn" {
default = null
}
-variable "cloudwatch_log_subscription_filters" {
- type = map(any)
- description = "CloudWatch Logs subscription filter resources. Currently supports only Lambda functions as destinations."
- default = {}
-}
-
variable "description" {
type = string
description = "Description of what the Lambda Function does."
@@ -55,13 +43,13 @@ variable "lambda_environment" {
default = null
}
-variable "event_source_mappings" {
- type = any
+variable "ephemeral_storage_size" {
+ type = number
description = <