byu-oit
diff --git a/‎.github/workflows/ci.yml
Lines changed: 28 additions & 10 deletions b/‎.github/workflows/ci.yml
Lines changed: 28 additions & 10 deletions
diff --git a/‎README.md
Lines changed: 50 additions & 37 deletions b/‎README.md
Lines changed: 50 additions & 37 deletions
diff --git a/‎changelog.md
Lines changed: 12 additions & 0 deletions b/‎changelog.md
Lines changed: 12 additions & 0 deletions
diff --git a/‎examples/ci-0_13/ci.tf
Lines changed: 48 additions & 0 deletions b/‎examples/ci-0_13/ci.tf
Lines changed: 48 additions & 0 deletions
diff --git a/‎examples/ci-12/lambda.zip renamed to ‎examples/ci-0_13/lambda.zip b/‎examples/ci-12/lambda.zip renamed to ‎examples/ci-0_13/lambda.zip
diff --git a/‎examples/ci-0_14/ci.tf
Lines changed: 48 additions & 0 deletions b/‎examples/ci-0_14/ci.tf
Lines changed: 48 additions & 0 deletions
diff --git a/‎examples/ci-13/lambda.zip renamed to ‎examples/ci-0_14/lambda.zip b/‎examples/ci-13/lambda.zip renamed to ‎examples/ci-0_14/lambda.zip
diff --git a/‎examples/ci-1/ci.tf
Lines changed: 53 additions & 0 deletions b/‎examples/ci-1/ci.tf
Lines changed: 53 additions & 0 deletions
diff --git a/‎examples/ci-1/lambda.zip b/‎examples/ci-1/lambda.zip
@@ -3,7 +3,6 @@ name: CI
 on:
   pull_request:
     branches: [master]
-    types: [opened, reopened, synchronize, edited]
 
 jobs:
   env:
@@ -17,13 +16,19 @@ jobs:
             "env":[
               {
                 "tf_version":"0.13.2",
-                "tf_working_dir":"./examples/ci-13",
+                "tf_working_dir":"./examples/ci-0_13",
                 "aws_key_name":"byu_oit_terraform_dev_key",
                 "aws_secret_name":"byu_oit_terraform_dev_secret"
               },
               {
-                "tf_version":"0.12.26",
-                "tf_working_dir":"./examples/ci-12",
+                "tf_version":"0.14.8",
+                "tf_working_dir":"./examples/ci-0_14",
+                "aws_key_name":"byu_oit_terraform_dev_key",
+                "aws_secret_name":"byu_oit_terraform_dev_secret"
+              },
+              {
+                "tf_version":"1.0.0",
+                "tf_working_dir":"./examples/ci-1",
                 "aws_key_name":"byu_oit_terraform_dev_key",
                 "aws_secret_name":"byu_oit_terraform_dev_secret"
               }
@@ -37,16 +42,13 @@ jobs:
   format:
     name: Terraform Format
     runs-on: ubuntu-latest
-    needs: env
-    strategy:
-      matrix: ${{ fromJson(needs.env.outputs.matrix) }}
     steps:
       - uses: actions/checkout@v2
 
       - name: Terraform Setup
         uses: hashicorp/setup-terraform@v1
         with:
-          terraform_version: ${{ matrix.env.tf_version }}
+          terraform_version: 1.0.0
 
       - name: Terraform Format
         working-directory: "./"
@@ -58,6 +60,7 @@ jobs:
     needs: env
     strategy:
       matrix: ${{ fromJson(needs.env.outputs.matrix) }}
+      fail-fast: false
     steps:
       - uses: actions/checkout@v2
 
@@ -79,5 +82,20 @@ jobs:
 
       - name: Terraform Plan
         working-directory: ${{ matrix.env.tf_working_dir }}
-        run: terraform plan -input=false
-    # TODO: Post plan back to PR
+        run: terraform plan -input=false -out=plan.tfplan
+
+      - name: Comment Terraform Plan
+        uses: byu-oit/github-action-tf-plan-comment@v1
+        with:
+          comment-title: Plan for Terraform v-${{ matrix.env.tf_version }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          working-directory: ${{ matrix.env.tf_working_dir }}
+          terraform-plan-file: plan.tfplan
+
+      - name: Analyze Terraform Plan
+        uses: byu-oit/github-action-tf-plan-analyzer@v2
+        with:
+          divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }}
+          divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }}
+          working-directory: ${{ matrix.env.tf_working_dir }}
+          terraform-plan-file: plan.tfplan
@@ -24,30 +24,43 @@ Note: If you do not specify `use_codedeploy = true`, the above process will not
 Also Note: CodePipeline and CodeDeploy cannot be used together to deploy a Lambda. If you are using CodePipeline, you cannot specify `use_codedeploy = true`. CodeDeploy works fine with other pipelining tools (e.g. GitHub Actions).
 
 ## Usage
+For a Zip file lambda
 ```hcl
 module "lambda_api" {
-  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v1.3.0"
-  app_name                      = "my-lambda"
-  env                           = "dev"
-  codedeploy_service_role_arn   = module.acs.power_builder_role.arn
-  lambda_zip_file               = "./src/lambda.zip"
-  handler                       = "index.handler"
-  runtime                       = "nodejs12.x"
+  source       = "github.com/byu-oit/terraform-aws-lambda-api?ref=v2.0.0"
+  app_name     = "my-lambda-codedeploy-dev"
+  env          = "dev"
+  zip_filename = "./src/lambda.zip"
+  zip_handler  = "index.handler"
+  zip_runtime  = "nodejs12.x"
+
   hosted_zone                   = module.acs.route53_zone
   https_certificate_arn         = module.acs.certificate.arn
   vpc_id                        = module.acs.vpc.id
   public_subnet_ids             = module.acs.public_subnet_ids
   role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  codedeploy_service_role_arn   = module.acs.power_builder_role.arn
   codedeploy_test_listener_port = 4443
-  use_codedeploy                = true
-  timeout                       = 3
-  memory_size                   = 128
-
-  lambda_vpc_config = {
-    subnet_ids         = module.acs.private_subnet_ids
-    security_group_ids = ["sg-3asdfadsfasdfas"]
+  codedeploy_lifecycle_hooks = {
+    BeforeAllowTraffic = aws_lambda_function.test_lambda.function_name
+    AfterAllowTraffic  = null
   }
+}
+```
 
+For a docker image lambda:
+```hcl
+module "lambda_api" {
+  source                        = "github.com/byu-oit/terraform-aws-lambda-api?ref=v2.0.0"
+  app_name                      = "my-docker-lambda"
+  image_uri                     = "my-image-from-my-ecr:latest"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  codedeploy_service_role_arn   = module.acs.power_builder_role.arn
+  codedeploy_test_listener_port = 4443
   codedeploy_lifecycle_hooks = {
     BeforeAllowTraffic = aws_lambda_function.test_lambda.function_name
     AfterAllowTraffic  = null
@@ -73,35 +86,35 @@ module "lambda_api" {
 * DNS A-Record
 
 ## Requirements
-* Terraform version 0.12.21 or greater
-* AWS provider version 2.56 or greater
+* Terraform version 0.13.2 or greater
+* AWS provider version 3.0 or greater
 
 ## Inputs
 | Name | Type  | Description | Default |
 | --- | --- | --- | --- |
-| app_name | string | application name |
-| env | string | application environment (e.g. dev, stg, prd) |
+| app_name | string | Application name to name your Lambda API and other resources (Must be <= 24 alphanumeric characters) | |
+| image_uri | string | ECR Image URI containing the function's deployment package (conflicts with `zip_file`)| null |
+| zip_filename | string | File that contains your compiled or zipped source code. |
+| zip_handler | string | Lambda event handler |
+| zip_runtime | string | Lambda runtime |
+| lambda_vpc_config | [object](#lambda_vpc_config) | Lambda VPC object. Used if lambda requires to run inside a VPC | null |
+| environment_variables | map(string) | A map that defines environment variables for the Lambda function. | |
+| domain_url | string | Custom domain URL for the API, defaults to <app_name>.<hosted_zone_domain> | null | |
+| hosted_zone | [object](#hosted_zone) | Hosted Zone object to redirect to ALB. (Can pass in the aws_hosted_zone object). A and AAAA records created in this hosted zone. | |
+| https_certificate_arn | string | ARN of the HTTPS certificate of the hosted zone/domain. | |
 | codedeploy_service_role_arn | string | ARN of the IAM Role for the CodeDeploy to use to initiate new deployments. (usually the PowerBuilder Role) |
-| lambda_zip_file | string | File that contains your compiled or zipped source code. |
-| handler | string | Lambda event handler |
-| runtime | string | Lambda runtime |
-| lambda_vpc_config | [object](#lambda_vpc_config) | Lambda VPC object. Used if lambda requires to run inside a VPC | null
-| environment_variables | map(string) | A map that defines environment variables for the Lambda function. |
-| hosted_zone | [object](#hosted_zone) | Hosted Zone object to redirect to ALB. (Can pass in the aws_hosted_zone object). A and AAAA records created in this hosted zone. |
-| https_certificate_arn | string | ARN of the HTTPS certificate of the hosted zone/domain. |
 | codedeploy_lifecycle_hooks | [object](#codedeploy_lifecycle_hooks) | Define Lambda Functions for CodeDeploy lifecycle event hooks. Or set this variable to null to not have any lifecycle hooks invoked. Defaults to null | null
-| appspec_filename | string | Filename (including path) to use when outputing appspec json. | `appspec.json` in the current working directory (i.e. where you ran `terraform apply`) |
+| codedeploy_appspec_filename | string | Filename (including path) to use when outputing appspec json. | `appspec.json` in the current working directory (i.e. where you ran `terraform apply`) |
 | codedeploy_test_listener_port | number | The port for a codedeploy test listener. If provided CodeDeploy will use this port for test traffic on the new replacement set during the blue-green deployment process before shifting production traffic to the replacement set. Defaults to null | null
-| vpc_id | string | VPC ID to deploy ALB and Lambda (If specified). |
-| public_subnet_ids | list(string) | List of subnet IDs for the ALB. |
-| tags | map(string) | A map of AWS Tags to attach to each resource created | {}
-| role_permissions_boundary_arn | string | IAM Role Permissions Boundary ARN |
-| log_retention_in_days | number | CloudWatch log group retention in days. Defaults to 7. | 7
-| lambda_policies | list(string) | List of IAM Policy ARNs to attach to the lambda role. | []'
-| use_codedeploy | bool | If true, CodeDeploy App and Deployment Group will be created and TF will not update alias to point to new versions of the Lambda (becuase CodeDeploy will do that). | false
-| timeout | number | How long the lambda will run (in seconds) before timing out | 3 (same as terraform default)
-| memory_size | number | Size of the memory of the lambda. CPU will scale along with it | 128 (same as terraform default)
-| xray_enabled | bool | Whether or not the X-Ray daemon should be created with the Lambda API. | false
+| vpc_id | string | VPC ID to deploy ALB and Lambda (If specified). | |
+| public_subnet_ids | list(string) | List of subnet IDs for the ALB. | |
+| tags | map(string) | A map of AWS Tags to attach to each resource created | {} |
+| role_permissions_boundary_arn | string | IAM Role Permissions Boundary ARN | |
+| log_retention_in_days | number | CloudWatch log group retention in days. Defaults to 7. | 7 |
+| lambda_policies | list(string) | List of IAM Policy ARNs to attach to the lambda role. | []' |
+| timeout | number | How long the lambda will run (in seconds) before timing out | 3 (same as terraform default) |
+| memory_size | number | Size of the memory of the lambda. CPU will scale along with it | 128 (same as terraform default) |
+| xray_enabled | bool | Whether or not the X-Ray daemon should be created with the Lambda API. | false |
 
 #### lambda_vpc_config
 
@@ -128,7 +141,7 @@ You can pass in either the object from the AWS terraform provider for an AWS Hos
 
 #### CloudWatch logs
 
-This module will create a CloudWatch log group named `/aws/lambda/<app_name>-<env>`.
+This module will create a CloudWatch log group named `/aws/lambda/<app_name>`.
 
 For instance with the [above example](#usage) the logs could be found in the CloudWatch log group: `aws/lambda/my-lambda-dev`.
 
 
@@ -0,0 +1,12 @@
+# Changelog
+
+## v2.0.0
+2/24/2022 - Major breaking changes from v1.x:
+- dropped support for terraform v0.12
+- renamed `lambda_zip_file` variable to `zip_filename`
+- renamed `handler` variable to `zip_handler`
+- renamed `runtime` variable to `zip_runtime`
+- renamed `appspec_filename` variable to `codedeploy_appspec_filename`
+- removed `use_codedeploy` variable - just include the codedeploy variables to enable codedeploy
+- removed `env` variable - just include the env inside the `app_name` variable 
+- added `domain_url` variable to enable a custom API URL
@@ -0,0 +1,48 @@
+terraform {
+  required_version = "0.13.2"
+}
+
+provider "aws" {
+  version = "~> 3.0"
+  region  = "us-west-2"
+}
+
+module "acs" {
+  source = "github.com/byu-oit/terraform-aws-acs-info?ref=v3.4.0"
+}
+
+module "lambda_api" {
+  source                        = "../../"
+  app_name                      = "my-lambda"
+  zip_filename                  = "./lambda.zip"
+  zip_handler                   = "index.handler"
+  zip_runtime                   = "nodejs12.x"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}
+
+module "lambda_docker_api" {
+  source                        = "../../"
+  app_name                      = "my-docker-lambda"
+  image_uri                     = "crccheck/hello-world:latest"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}
@@ -0,0 +1,48 @@
+terraform {
+  required_version = "0.14.8"
+}
+
+provider "aws" {
+  version = "~> 3.0"
+  region  = "us-west-2"
+}
+
+module "acs" {
+  source = "github.com/byu-oit/terraform-aws-acs-info?ref=v3.4.0"
+}
+
+module "lambda_api" {
+  source                        = "../../"
+  app_name                      = "my-lambda"
+  zip_filename                  = "./lambda.zip"
+  zip_handler                   = "index.handler"
+  zip_runtime                   = "nodejs12.x"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}
+
+module "lambda_docker_api" {
+  source                        = "../../"
+  app_name                      = "my-docker-lambda"
+  image_uri                     = "crccheck/hello-world:latest"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}
@@ -0,0 +1,53 @@
+terraform {
+  required_version = "1.0.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.73.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "us-west-2"
+}
+
+module "acs" {
+  source = "github.com/byu-oit/terraform-aws-acs-info?ref=v3.4.0"
+}
+
+module "lambda_api" {
+  source                        = "../../"
+  app_name                      = "my-lambda"
+  zip_filename                  = "./lambda.zip"
+  zip_handler                   = "index.handler"
+  zip_runtime                   = "nodejs12.x"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}
+
+module "lambda_docker_api" {
+  source                        = "../../"
+  app_name                      = "my-docker-lambda"
+  image_uri                     = "crccheck/hello-world:latest"
+  hosted_zone                   = module.acs.route53_zone
+  https_certificate_arn         = module.acs.certificate.arn
+  vpc_id                        = module.acs.vpc.id
+  public_subnet_ids             = module.acs.public_subnet_ids
+  role_permissions_boundary_arn = module.acs.role_permissions_boundary.arn
+  xray_enabled                  = true
+
+  lambda_vpc_config = {
+    subnet_ids         = module.acs.private_subnet_ids
+    security_group_ids = []
+  }
+}