diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
deleted file mode 100644
index bd5f2df7..00000000
--- a/.github/workflows/lock.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-name: 'Lock Threads'
-
-on:
- schedule:
- - cron: '50 1 * * *'
-
-jobs:
- lock:
- runs-on: ubuntu-latest
- steps:
- - uses: dessant/lock-threads@v5
- with:
- github-token: ${{ secrets.GITHUB_TOKEN }}
- issue-comment: >
- I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
- If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
- issue-inactive-days: '30'
- pr-comment: >
- I'm going to lock this pull request because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
- If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
- pr-inactive-days: '30'
diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml
deleted file mode 100644
index 3973df44..00000000
--- a/.github/workflows/pr-title.yml
+++ /dev/null
@@ -1,52 +0,0 @@
-name: 'Validate PR title'
-
-on:
- pull_request_target:
- types:
- - opened
- - edited
- - synchronize
-
-jobs:
- main:
- name: Validate PR title
- runs-on: ubuntu-latest
- steps:
- # Please look up the latest version from
- # https://github.com/amannn/action-semantic-pull-request/releases
- - uses: amannn/action-semantic-pull-request@v5.4.0
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- # Configure which types are allowed.
- # Default: https://github.com/commitizen/conventional-commit-types
- types: |
- fix
- feat
- docs
- ci
- chore
- # Configure that a scope must always be provided.
- requireScope: false
- # Configure additional validation for the subject based on a regex.
- # This example ensures the subject starts with an uppercase character.
- subjectPattern: ^[A-Z].+$
- # If `subjectPattern` is configured, you can use this property to override
- # the default error message that is shown when the pattern doesn't match.
- # The variables `subject` and `title` can be used within the message.
- subjectPatternError: |
- The subject "{subject}" found in the pull request title "{title}"
- didn't match the configured pattern. Please ensure that the subject
- starts with an uppercase character.
- # For work-in-progress PRs you can typically use draft pull requests
- # from Github. However, private repositories on the free plan don't have
- # this option and therefore this action allows you to opt-in to using the
- # special "[WIP]" prefix to indicate this state. This will avoid the
- # validation of the PR title and the pull request checks remain pending.
- # Note that a second check will be reported if this is enabled.
- wip: true
- # When using "Squash and merge" on a PR with only one commit, GitHub
- # will suggest using that commit message instead of the PR title for the
- # merge commit, and it's easy to commit this by mistake. Enable this option
- # to also validate the commit message for one commit PRs.
- validateSingleCommit: false
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
deleted file mode 100644
index c2632d1a..00000000
--- a/.github/workflows/pre-commit.yml
+++ /dev/null
@@ -1,99 +0,0 @@
-name: Pre-Commit
-
-on:
- pull_request:
- branches:
- - main
- - master
-
-env:
- TERRAFORM_DOCS_VERSION: v0.16.0
- TFLINT_VERSION: v0.50.3
-
-jobs:
- collectInputs:
- name: Collect workflow inputs
- runs-on: ubuntu-latest
- outputs:
- directories: ${{ steps.dirs.outputs.directories }}
- steps:
- - name: Checkout
- uses: actions/checkout@v4
-
- - name: Get root directories
- id: dirs
- uses: clowdhaus/terraform-composite-actions/directories@v1.9.0
-
- preCommitMinVersions:
- name: Min TF pre-commit
- needs: collectInputs
- runs-on: ubuntu-latest
- strategy:
- matrix:
- directory: ${{ fromJson(needs.collectInputs.outputs.directories) }}
- steps:
- # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- - name: Delete huge unnecessary tools folder
- run: |
- rm -rf /opt/hostedtoolcache/CodeQL
- rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
- rm -rf /opt/hostedtoolcache/Ruby
- rm -rf /opt/hostedtoolcache/go
-
- - name: Checkout
- uses: actions/checkout@v4
-
- - name: Terraform min/max versions
- id: minMax
- uses: clowdhaus/terraform-min-max@v1.3.0
- with:
- directory: ${{ matrix.directory }}
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory != '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
- with:
- terraform-version: ${{ steps.minMax.outputs.minVersion }}
- tflint-version: ${{ env.TFLINT_VERSION }}
- args: 'terraform_validate --color=always --show-diff-on-failure --files ${{ matrix.directory }}/*'
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.minVersion }}
- # Run only validate pre-commit check on min version supported
- if: ${{ matrix.directory == '.' }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
- with:
- terraform-version: ${{ steps.minMax.outputs.minVersion }}
- tflint-version: ${{ env.TFLINT_VERSION }}
- args: 'terraform_validate --color=always --show-diff-on-failure --files $(ls *.tf)'
-
- preCommitMaxVersion:
- name: Max TF pre-commit
- runs-on: ubuntu-latest
- needs: collectInputs
- steps:
- # https://github.com/orgs/community/discussions/25678#discussioncomment-5242449
- - name: Delete huge unnecessary tools folder
- run: |
- rm -rf /opt/hostedtoolcache/CodeQL
- rm -rf /opt/hostedtoolcache/Java_Temurin-Hotspot_jdk
- rm -rf /opt/hostedtoolcache/Ruby
- rm -rf /opt/hostedtoolcache/go
-
- - name: Checkout
- uses: actions/checkout@v4
- with:
- ref: ${{ github.event.pull_request.head.ref }}
- repository: ${{github.event.pull_request.head.repo.full_name}}
-
- - name: Terraform min/max versions
- id: minMax
- uses: clowdhaus/terraform-min-max@v1.3.0
-
- - name: Pre-commit Terraform ${{ steps.minMax.outputs.maxVersion }}
- uses: clowdhaus/terraform-composite-actions/pre-commit@v1.9.0
- with:
- terraform-version: ${{ steps.minMax.outputs.maxVersion }}
- tflint-version: ${{ env.TFLINT_VERSION }}
- terraform-docs-version: ${{ env.TERRAFORM_DOCS_VERSION }}
- install-hcledit: true
diff --git a/.github/workflows/pull-requests.yml b/.github/workflows/pull-requests.yml
new file mode 100644
index 00000000..1e2943b4
--- /dev/null
+++ b/.github/workflows/pull-requests.yml
@@ -0,0 +1,81 @@
+name: Lint
+
+on:
+ pull_request:
+ branches:
+ - main
+
+# cancel workflow runs in progress when a new commit comes through
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+env:
+ BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
+
+jobs:
+ lint:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ - name: Get Terraform and TFLint versions from .tool-versions
+ id: tool-versions
+ run: |
+ echo "terraform-version=$(cat .tool-versions | grep 'terraform' | awk '{print $2}')" >> "$GITHUB_OUTPUT"
+ echo "tflint-version=$(cat .tool-versions | grep 'tflint' | awk '{print $2}')" >> "$GITHUB_OUTPUT"
+
+ - uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: ${{ steps.tool-versions.outputs.terraform-version }}
+
+ - uses: terraform-linters/setup-tflint@v4
+ with:
+ tflint_version: ${{ format('v{0}', steps.tool-versions.outputs.tflint-version) }}
+ # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+ github_token: ${{ github.token }}
+
+ - run: terraform init
+ name: terraform init main module
+
+ - run: terraform validate
+ name: terraform validate main module
+
+ - run: tflint --init
+ name: tflint init main module
+
+ - run: tflint
+ name: tflint main module
+
+ - run: |
+ mkdir -p tmp && cd tmp
+ curl -Lo ./terraform-docs.tar.gz https://github.com/terraform-docs/terraform-docs/releases/download/v0.17.0/terraform-docs-v0.17.0-$(uname)-amd64.tar.gz
+ tar -xzf terraform-docs.tar.gz
+ chmod +x terraform-docs
+ mv terraform-docs /usr/local/bin/terraform-docs
+ cd .. && rm -rf tmp
+ name: install tfdocs
+
+ - run: terraform-docs markdown table --output-file README.md --output-mode inject .
+ name: tfdocs
+ working-directory: .
+
+ - run: terraform-docs markdown table --output-file README.md --output-mode inject .
+ name: tfdocs cloudwatch-logging
+ working-directory: ./modules/cloudwatch-logging
+
+ - name: commit changes
+ env:
+ GH_TOKEN: ${{ github.token }}
+ run: |
+ git switch ${{ env.BRANCH_NAME }}
+ git config --global user.email "devops@roadrunnerwm.com"
+ git config --global user.name "DevOps"
+ git add README.md
+ git add modules/cloudwatch-logging/README.md
+ export CHANGES=$(git diff --cached)
+ if [ -n "$CHANGES" ]; then
+ git commit -m "Update READMEs with Terraform Docs."
+ git push
+ fi
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4a942261..820d9d6b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,37 +1,43 @@
-name: Release
+name: Create Release Version
on:
- workflow_dispatch:
push:
branches:
- main
- - master
- paths:
- - '**/*.tpl'
- - '**/*.py'
- - '**/*.tf'
- - '.github/workflows/release.yml'
jobs:
release:
name: Release
runs-on: ubuntu-latest
- # Skip running release workflow on forks
- if: github.repository_owner == 'terraform-aws-modules'
steps:
- - name: Checkout
- uses: actions/checkout@v4
+ - uses: actions/checkout@v3
with:
- persist-credentials: false
fetch-depth: 0
-
- - name: Release
- uses: cycjimmy/semantic-release-action@v4
+ - uses: paulhatch/semantic-version@v5.0.2
+ id: semantic-version
with:
- semantic_version: 23.0.2
- extra_plugins: |
- @semantic-release/changelog@6.0.3
- @semantic-release/git@10.0.1
- conventional-changelog-conventionalcommits@7.0.2
+ # The prefix to use to identify tags
+ tag_prefix: "v"
+ # A string which, if present in a git commit, indicates that a change represents a
+ # major (breaking) change, supports regular expressions wrapped with '/'
+ major_pattern: "(MAJOR)"
+ # Same as above except indicating a minor change, supports regular expressions wrapped with '/'
+ minor_pattern: "(MINOR)"
+ # A string to determine the format of the version output
+ version_format: "${major}.${minor}.${patch}"
+ # If this is set to true, *every* commit will be treated as a new version.
+ # Otherwise, only commits with diffs will be treated as a new version.
+ bump_each_commit: false
+ # If true, the body of commits will also be searched for major/minor patterns to determine the version type.
+ search_commit_body: true
+ - name: Tag & Release
+ id: release-tag
env:
- GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_TOKEN }}
+ GH_TOKEN: ${{ github.token }}
+ run: |
+ # Create tag for release.
+ git tag ${{steps.semantic-version.outputs.version_tag }}
+ git push origin ${{steps.semantic-version.outputs.version_tag }}
+
+ # Create release from tag.
+ gh release create ${{steps.semantic-version.outputs.version_tag }} --generate-notes
diff --git a/.github/workflows/stale-actions.yaml b/.github/workflows/stale-actions.yaml
deleted file mode 100644
index 6ccd0ed8..00000000
--- a/.github/workflows/stale-actions.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: 'Mark or close stale issues and PRs'
-on:
- schedule:
- - cron: '0 0 * * *'
-
-jobs:
- stale:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/stale@v9
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- # Staling issues and PR's
- days-before-stale: 30
- stale-issue-label: stale
- stale-pr-label: stale
- stale-issue-message: |
- This issue has been automatically marked as stale because it has been open 30 days
- with no activity. Remove stale label or comment or this issue will be closed in 10 days
- stale-pr-message: |
- This PR has been automatically marked as stale because it has been open 30 days
- with no activity. Remove stale label or comment or this PR will be closed in 10 days
- # Not stale if have this labels or part of milestone
- exempt-issue-labels: bug,wip,on-hold
- exempt-pr-labels: bug,wip,on-hold
- exempt-all-milestones: true
- # Close issue operations
- # Label will be automatically removed if the issues are no longer closed nor locked.
- days-before-close: 10
- delete-branch: true
- close-issue-message: This issue was automatically closed because of stale in 10 days
- close-pr-message: This PR was automatically closed because of stale in 10 days
diff --git a/.tool-versions b/.tool-versions
new file mode 100644
index 00000000..774fe811
--- /dev/null
+++ b/.tool-versions
@@ -0,0 +1,2 @@
+tflint 0.50.3
+terraform 1.7.5
diff --git a/README.md b/README.md
index 7fdbe539..488a09d7 100644
--- a/README.md
+++ b/README.md
@@ -660,7 +660,7 @@ Q4: What does this error mean - `"We currently do not support adding policies fo
- [1Mill/serverless-tf-examples](https://github.com/1Mill/serverless-tf-examples/tree/main/src)
-
+
## Requirements
| Name | Version |
@@ -675,10 +675,10 @@ Q4: What does this error mean - `"We currently do not support adding policies fo
| Name | Version |
|------|---------|
-| [aws](#provider\_aws) | >= 5.32 |
-| [external](#provider\_external) | >= 1.0 |
-| [local](#provider\_local) | >= 1.0 |
-| [null](#provider\_null) | >= 2.0 |
+| [aws](#provider\_aws) | 5.63.0 |
+| [external](#provider\_external) | 2.3.3 |
+| [local](#provider\_local) | 2.5.1 |
+| [null](#provider\_null) | 3.2.2 |
## Modules
@@ -827,12 +827,13 @@ No modules.
| [policy](#input\_policy) | An additional policy document ARN to attach to the Lambda Function role | `string` | `null` | no |
| [policy\_json](#input\_policy\_json) | An additional policy document as JSON to attach to the Lambda Function role | `string` | `null` | no |
| [policy\_jsons](#input\_policy\_jsons) | List of additional policy documents as JSON to attach to Lambda Function role | `list(string)` | `[]` | no |
-| [policy\_name](#input\_policy\_name) | IAM policy name. It override the default value, which is the same as role\_name | `string` | `null` | no |
+| [policy\_name\_prefix](#input\_policy\_name\_prefix) | IAM policy name prefix. It override the default value, which is the same as role\_name | `string` | `null` | no |
| [policy\_path](#input\_policy\_path) | Path of policies to that should be added to IAM role for Lambda Function | `string` | `null` | no |
| [policy\_statements](#input\_policy\_statements) | Map of dynamic policy statements to attach to Lambda Function role | `any` | `{}` | no |
| [provisioned\_concurrent\_executions](#input\_provisioned\_concurrent\_executions) | Amount of capacity to allocate. Set to 1 or greater to enable, or set to 0 to disable provisioned concurrency. | `number` | `-1` | no |
| [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | `false` | no |
| [putin\_khuylo](#input\_putin\_khuylo) | Do you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo! | `bool` | `true` | no |
+| [quiet\_local\_exec](#input\_quiet\_local\_exec) | Whether to disable local execution output. | `bool` | `false` | no |
| [recreate\_missing\_package](#input\_recreate\_missing\_package) | Whether to recreate missing Lambda package if it is missing locally or not | `bool` | `true` | no |
| [replace\_security\_groups\_on\_destroy](#input\_replace\_security\_groups\_on\_destroy) | (Optional) When true, all security groups defined in vpc\_security\_group\_ids will be replaced with the default security group after the function is destroyed. Set the replacement\_security\_group\_ids variable to use a custom list of security groups for replacement instead. | `bool` | `null` | no |
| [replacement\_security\_group\_ids](#input\_replacement\_security\_group\_ids) | (Optional) List of security group IDs to assign to orphaned Lambda function network interfaces upon destruction. replace\_security\_groups\_on\_destroy must be set to true to use this attribute. | `list(string)` | `null` | no |
@@ -840,7 +841,7 @@ No modules.
| [role\_description](#input\_role\_description) | Description of IAM role to use for Lambda Function | `string` | `null` | no |
| [role\_force\_detach\_policies](#input\_role\_force\_detach\_policies) | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no |
| [role\_maximum\_session\_duration](#input\_role\_maximum\_session\_duration) | Maximum session duration, in seconds, for the IAM role | `number` | `3600` | no |
-| [role\_name](#input\_role\_name) | Name of IAM role to use for Lambda Function | `string` | `null` | no |
+| [role\_name\_prefix](#input\_role\_name\_prefix) | Name prefix of IAM role to use for Lambda Function | `string` | `null` | no |
| [role\_path](#input\_role\_path) | Path of IAM role to use for Lambda Function | `string` | `null` | no |
| [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Lambda Function | `string` | `null` | no |
| [role\_tags](#input\_role\_tags) | A map of tags to assign to IAM role | `map(string)` | `{}` | no |
@@ -903,7 +904,7 @@ No modules.
| [lambda\_role\_unique\_id](#output\_lambda\_role\_unique\_id) | The unique id of the IAM role created for the Lambda Function |
| [local\_filename](#output\_local\_filename) | The filename of zip archive deployed (if deployment was from local) |
| [s3\_object](#output\_s3\_object) | The map with S3 object data of zip archive deployed (if deployment was from S3) |
-
+
## Development
diff --git a/iam.tf b/iam.tf
index 436a4398..8047e7e2 100644
--- a/iam.tf
+++ b/iam.tf
@@ -11,8 +11,8 @@ locals {
# attempting to plan if the role_name and function_name are not set. This is a workaround
# for #83 that will allow one to import resources without receiving an error from coalesce.
# @see https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/83
- role_name = local.create_role ? coalesce(var.role_name, var.function_name, "*") : null
- policy_name = coalesce(var.policy_name, local.role_name, "*")
+ role_name_prefix = local.create_role ? coalesce(var.role_name_prefix, var.function_name, "*") : null
+ policy_name_prefix = coalesce(var.policy_name_prefix, local.role_name_prefix, "*")
# IAM Role trusted entities is a list of any (allow strings (services) and maps (type+identifiers))
trusted_entities_services = distinct(compact(concat(
@@ -94,7 +94,7 @@ data "aws_iam_policy_document" "assume_role" {
resource "aws_iam_role" "lambda" {
count = local.create_role ? 1 : 0
- name = local.role_name
+ name_prefix = local.role_name_prefix
description = var.role_description
path = var.role_path
force_detach_policies = var.role_force_detach_policies
@@ -134,10 +134,10 @@ data "aws_iam_policy_document" "logs" {
resource "aws_iam_policy" "logs" {
count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0
- name = "${local.policy_name}-logs"
- path = var.policy_path
- policy = data.aws_iam_policy_document.logs[0].json
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-logs"
+ path = var.policy_path
+ policy = data.aws_iam_policy_document.logs[0].json
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "logs" {
@@ -171,10 +171,10 @@ data "aws_iam_policy_document" "dead_letter" {
resource "aws_iam_policy" "dead_letter" {
count = local.create_role && var.attach_dead_letter_policy ? 1 : 0
- name = "${local.policy_name}-dl"
- path = var.policy_path
- policy = data.aws_iam_policy_document.dead_letter[0].json
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-dl"
+ path = var.policy_path
+ policy = data.aws_iam_policy_document.dead_letter[0].json
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "dead_letter" {
@@ -198,10 +198,10 @@ data "aws_iam_policy" "vpc" {
resource "aws_iam_policy" "vpc" {
count = local.create_role && var.attach_network_policy ? 1 : 0
- name = "${local.policy_name}-vpc"
- path = var.policy_path
- policy = data.aws_iam_policy.vpc[0].policy
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-vpc"
+ path = var.policy_path
+ policy = data.aws_iam_policy.vpc[0].policy
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "vpc" {
@@ -225,10 +225,10 @@ data "aws_iam_policy" "tracing" {
resource "aws_iam_policy" "tracing" {
count = local.create_role && var.attach_tracing_policy ? 1 : 0
- name = "${local.policy_name}-tracing"
- path = var.policy_path
- policy = data.aws_iam_policy.tracing[0].policy
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-tracing"
+ path = var.policy_path
+ policy = data.aws_iam_policy.tracing[0].policy
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "tracing" {
@@ -262,10 +262,10 @@ data "aws_iam_policy_document" "async" {
resource "aws_iam_policy" "async" {
count = local.create_role && var.attach_async_event_policy ? 1 : 0
- name = "${local.policy_name}-async"
- path = var.policy_path
- policy = data.aws_iam_policy_document.async[0].json
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-async"
+ path = var.policy_path
+ policy = data.aws_iam_policy_document.async[0].json
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "async" {
@@ -282,10 +282,10 @@ resource "aws_iam_role_policy_attachment" "async" {
resource "aws_iam_policy" "additional_json" {
count = local.create_role && var.attach_policy_json ? 1 : 0
- name = local.policy_name
- path = var.policy_path
- policy = var.policy_json
- tags = var.tags
+ name_prefix = local.policy_name_prefix
+ path = var.policy_path
+ policy = var.policy_json
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "additional_json" {
@@ -302,10 +302,10 @@ resource "aws_iam_role_policy_attachment" "additional_json" {
resource "aws_iam_policy" "additional_jsons" {
count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0
- name = "${local.policy_name}-${count.index}"
- path = var.policy_path
- policy = var.policy_jsons[count.index]
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-${count.index}"
+ path = var.policy_path
+ policy = var.policy_jsons[count.index]
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "additional_jsons" {
@@ -386,10 +386,10 @@ data "aws_iam_policy_document" "additional_inline" {
resource "aws_iam_policy" "additional_inline" {
count = local.create_role && var.attach_policy_statements ? 1 : 0
- name = "${local.policy_name}-inline"
- path = var.policy_path
- policy = data.aws_iam_policy_document.additional_inline[0].json
- tags = var.tags
+ name_prefix = "${local.policy_name_prefix}-inline"
+ path = var.policy_path
+ policy = data.aws_iam_policy_document.additional_inline[0].json
+ tags = var.tags
}
resource "aws_iam_role_policy_attachment" "additional_inline" {
diff --git a/package.tf b/package.tf
index 34322514..5ec4fcf4 100644
--- a/package.tf
+++ b/package.tf
@@ -70,6 +70,7 @@ resource "null_resource" "archive" {
"--timestamp", data.external.archive_prepare[0].result.timestamp
]
command = data.external.archive_prepare[0].result.build_plan_filename
+ quiet = var.quiet_local_exec
}
depends_on = [local_file.archive_plan]
diff --git a/variables.tf b/variables.tf
index 42a18fe5..01324dfd 100644
--- a/variables.tf
+++ b/variables.tf
@@ -454,8 +454,8 @@ variable "cloudwatch_logs_tags" {
# IAM
######
-variable "role_name" {
- description = "Name of IAM role to use for Lambda Function"
+variable "role_name_prefix" {
+ description = "Name prefix of IAM role to use for Lambda Function"
type = string
default = null
}
@@ -500,8 +500,8 @@ variable "role_maximum_session_duration" {
# Policies
###########
-variable "policy_name" {
- description = "IAM policy name. It override the default value, which is the same as role_name"
+variable "policy_name_prefix" {
+ description = "IAM policy name prefix. It override the default value, which is the same as role_name"
type = string
default = null
}
@@ -786,6 +786,12 @@ variable "trigger_on_package_timestamp" {
default = true
}
+variable "quiet_local_exec" {
+ description = "Whether to disable local execution output."
+ type = bool
+ default = false
+}
+
############################################
# Lambda Advanced Logging Settings
############################################