Merge pull request #4 from mergermarket/default-to-default-sg

default sg to default

README.md

@@ -18,22 +18,26 @@ This module will deploy a Lambda function and a cron rule to run the Lambda func
 - `lambda_role_policy` (string) - The Lambda IAM Role Policy.
 - `lambda_env` - (string) - _optional_ - Environment parameters passed to the Lambda function.
 - `tags` (map) - A mapping of tags to assign to this lambda function.
-- `architectures (list) - _optional_ - The architectures supported by the Lambda function. Defaults to ["x86_64"].
+- `architectures` (list) - _optional_ - The architectures supported by the Lambda function. Defaults to ["x86_64"].
+- `use_default_security_group` (bool) - _optional_ - Whether to use the default security group for the Lambda function. Defaults to false.
+- `vpce_id` (string) - _optional_ - The ID of the VPC endpoint to associate with the Lambda function.
 
 ## Usage
 
 ```hcl
 module "lambda-function" {
-  source                    = "mergermarket/aws-lambda-cron/acuris"
-  version                   = "0.0.4"
-  s3_bucket                 = "s3_bucket_name"
-  s3_key                    = "s3_key_for_lambda"
-  function_name             = "do_foo"
-  handler                   = "do_foo_handler"
-  runtime                   = "nodejs"
-  lambda_cron_schedule      = "rate(5 minutes)"
-  lambda_env                = "${var.lambda_env}"
-  architecture              = ["arm64"]
+  source                     = "mergermarket/aws-lambda-cron/acuris"
+  version                    = "0.0.4"
+  s3_bucket                  = "s3_bucket_name"
+  s3_key                     = "s3_key_for_lambda"
+  function_name              = "do_foo"
+  handler                    = "do_foo_handler"
+  runtime                    = "nodejs"
+  lambda_cron_schedule       = "rate(5 minutes)"
+  lambda_env                 = "${var.lambda_env}"
+  architecture               = ["arm64"]
+  vpc_id                     = module.platform_config.config["vpc"]
+  use_default_security_group = true
 }
 ```
 Lambda environment variables file:

main.tf

@@ -1,3 +1,12 @@
+locals {
+  security_group_ids = var.use_default_security_group == true ? [data.aws_security_group.default[0].id] : var.security_group_ids
+}
+
+data "aws_security_group" "default" {
+  count = var.use_default_security_group == true ? 1 : 0
+  name = "${terraform.workspace}-default-lambda-sg"
+  vpc_id = var.vpc_id
+}
 resource "aws_lambda_function" "lambda_function" {
   s3_bucket     = var.s3_bucket
   s3_key        = var.s3_key
@@ -11,11 +20,13 @@ resource "aws_lambda_function" "lambda_function" {
   tags          = var.tags
   architectures = var.architectures
 
-  vpc_config {
-    subnet_ids         = var.subnet_ids
-    security_group_ids = var.security_group_ids
+  dynamic vpc_config {
+    for_each = local.security_group_ids != [] ? [1] : []
+      content {
+        subnet_ids         = var.subnet_ids
+        security_group_ids = local.security_group_ids
+    }
   }
-
   environment {
     variables = var.lambda_env
   }

test/Dockerfile

@@ -1,9 +1,9 @@
 FROM python:3-alpine
 COPY requirements.txt .
 
-ENV TERRAFORM_VERSION=0.11.11
+ENV TERRAFORM_VERSION=0.13.7
 ENV TERRAFORM_ZIP=terraform_${TERRAFORM_VERSION}_linux_amd64.zip
-ENV TERRAFORM_SUM=94504f4a67bad612b5c8e3a4b7ce6ca2772b3c1559630dfd71e9c519e3d6149c
+ENV TERRAFORM_SUM=4a52886e019b4fdad2439da5ff43388bbcc6cce9784fde32c53dcd0e28ca9957
 
 RUN apk add -U ca-certificates curl && \
     cd /tmp && \

test/infra/main.tf

@@ -1,7 +1,6 @@
 provider "aws" {
   skip_credentials_validation = true
   skip_metadata_api_check     = true
-  skip_get_ec2_platforms      = true
   skip_region_validation      = true
   skip_requesting_account_id  = true
   max_retries                 = 1
@@ -17,12 +16,12 @@ module "lambda" {
   function_name        = "check_lambda_function"
   handler              = "some_handler"
   runtime              = "python2.7"
-  lambda_env           = "${var.lambda_env}"
+  lambda_env           = var.lambda_env
   lambda_cron_schedule = "rate(5 minutes)"
 
-  subnet_ids         = "${var.subnet_ids}"
-  security_group_ids = "${var.security_group_ids}"
-  tags               = "${var.tags}"
+  subnet_ids         = var.subnet_ids
+  security_group_ids = var.security_group_ids
+  tags               = var.tags
 }
 
 module "lambda_long_name" {
@@ -32,11 +31,11 @@ module "lambda_long_name" {
   function_name        = "check_lambda_function_with_a_really_long_name_should_be_truncated"
   handler              = "some_handler"
   runtime              = "python2.7"
-  lambda_env           = "${var.lambda_env}"
+  lambda_env           = var.lambda_env
   lambda_cron_schedule = "rate(5 minutes)"
 
-  subnet_ids         = "${var.subnet_ids}"
-  security_group_ids = "${var.security_group_ids}"
+  subnet_ids         = var.subnet_ids
+  security_group_ids = var.security_group_ids
 }
 
 variable "subnet_ids" {
@@ -64,5 +63,5 @@ variable "tags" {
 }
 
 output "lambda_function_arn" {
-  value = "${module.lambda.lambda_arn}"
+  value = module.lambda.lambda_arn
 }

test/requirements.txt

@@ -1 +1 @@
-pytest==3.0.7
+pytest

test/run

@@ -6,4 +6,3 @@ repo_dir=$(git rev-parse --show-toplevel)
 name=$(basename $repo_dir)-test
 
 docker build -t $name $repo_dir/test
-

variables.tf

@@ -104,3 +104,14 @@ variable "architectures" {
   description = "The architectures supported by the Lambda function."
   default = ["x86_64"]  
 }
+
+variable "vpc_id" {
+  description = "The VPC ID in which the Lambda runs"
+  default     = ""
+}
+
+variable "use_default_security_group" {
+  type = bool
+  description = "Whether to use the default security group for the Lambda function."
+  default = false
+}