Skip to content

Commit

Permalink
add active tracing option
Browse files Browse the repository at this point in the history
  • Loading branch information
@anmolnagpal
anmolnagpal committed Nov 9, 2021
1 parent 515f11f commit a11023c
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 22 deletions.
20 changes: 20 additions & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,26 @@ resource "aws_iam_role_policy_attachment" "default" {
policy_arn = join("", aws_iam_policy.default.*.arn)
}

data "aws_iam_policy" "tracing" {
count = var.enabled && var.attach_tracing_policy ? 1 : 0
arn = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
}

resource "aws_iam_policy" "tracing" {
count = var.enabled && var.attach_tracing_policy ? 1 : 0

path = "/"
policy = data.aws_iam_policy.tracing[0].policy
tags = var.tags
}

resource "aws_iam_role_policy_attachment" "tracing" {
count = var.enabled && var.attach_tracing_policy ? 1 : 0

role = join("", aws_iam_role.default.*.name)
policy_arn = aws_iam_policy.tracing[0].arn
}

# Module : Lambda layers
# Description : Terraform module to create Lambda layers resource on AWS.
resource "aws_lambda_layer_version" "default" {
Expand Down
56 changes: 34 additions & 22 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,13 @@ variable "environment" {
}

variable "label_order" {
type = list
type = list(any)
default = []
description = "Label order, e.g. `name`,`application`."
}

variable "attributes" {
type = list
type = list(any)
default = []
description = "Additional attributes (e.g. `1`)."
}
Expand All @@ -37,7 +37,7 @@ variable "delimiter" {
}

variable "tags" {
type = map
type = map(any)
default = {}
description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
}
Expand Down Expand Up @@ -128,115 +128,127 @@ variable "kms_key_arn" {
}

variable "layer_filenames" {
type = list
type = list(any)
default = []
description = "The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used."
}

variable "s3_buckets" {
type = list
type = list(any)
default = []
description = "The S3 bucket location containing the function's deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function."
}

variable "s3_keies" {
type = list
type = list(any)
default = []
description = "The S3 key of an object containing the function's deployment package. Conflicts with filename."
}

variable "s3_object_versions" {
type = list
type = list(any)
default = []
description = "The object version containing the function's deployment package. Conflicts with filename."
}

variable "names" {
type = list
type = list(any)
default = []
description = "A unique name for your Lambda Layer."
}

variable "compatible_runtimes" {
type = list
type = list(any)
default = []
description = "A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified."
}

variable "descriptions" {
type = list
type = list(any)
default = []
description = "Description of what your Lambda Layer does."
}

variable "license_infos" {
type = list
type = list(any)
default = []
description = "License info for your Lambda Layer. See License Info."
}

variable "statement_ids" {
type = list
type = list(any)
default = []
description = "A unique statement identifier. By default generated by Terraform. "
}

variable "event_source_tokens" {
type = list
type = list(any)
default = []
description = "The Event Source Token to validate. Used with Alexa Skills."
}

variable "iam_actions" {
type = list
type = list(any)
default = ["logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents"]
description = "The actions for Iam Role Policy."
}

variable "actions" {
type = list
type = list(any)
default = []
description = "The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction)."
}

variable "principals" {
type = list
type = list(any)
default = []
description = "The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com."
}

variable "source_arns" {
type = list
type = list(any)
default = []
description = "When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function."
}

variable "qualifiers" {
type = list
type = list(any)
default = []
description = "Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2"
}

variable "source_accounts" {
type = list
type = list(any)
default = []
description = "This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner."
}

variable "subnet_ids" {
type = list
type = list(any)
default = []
description = "Subnet ids for vpc config."
}

variable "security_group_ids" {
type = list
type = list(any)
default = []
description = "Security group ids for vpc config."
}

variable "variables" {
type = map
type = map(any)
default = {}
description = "A map that defines environment variables for the Lambda function."
}

variable "tracing_mode" {
type = string
default = null
description = "Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active."
}

variable "attach_tracing_policy" {
type = bool
default = false
description = "Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function"
}

0 comments on commit a11023c

Please sign in to comment.