feat: Support deployment package via S3

baolsen · baolsen · commit f37528c4838d · 2022-12-12T08:38:30.000+02:00
diff --git a/README.md b/README.md
@@ -70,26 +70,29 @@ Check [examples](./examples) for non-python examples.
 |------|-------------|------|:--------:|
 | <a name="input_function_name"></a> [function\_name](#input\_function\_name) | A unique name for your Lambda Function. | `string` | yes |
 | <a name="input_handler"></a> [handler](#input\_handler) | The function entrypoint in your code. | `string` | yes |
-| <a name="input_output_path"></a> [output\_path](#input\_output\_path) | A path to the archive file which will be uploaded to AWS. If `source_dir` is not `null`, then a file is created at `output_path` containing the archived contents of `source_dir`. | `string` | yes |
 | <a name="input_runtime"></a> [runtime](#input\_runtime) | The identifier of the function's runtime. | `string` | yes |
-| <a name="input_source_dir"></a> [source\_dir](#input\_source\_dir) | A path to the directory which contains source files to be archived. If set to `null`, then no archive file is created. | `string` | yes |
 | <a name="input_allowed_services"></a> [allowed\_services](#input\_allowed\_services) | A list of AWS Services that are allowed to access this lambda. | `list(string)` | no |
 | <a name="input_build_command"></a> [build\_command](#input\_build\_command) | This is the build command to execute. It can be provided as a relative path to the current working directory or as an absolute path. It is evaluated in a shell, and can use environment variables or Terraform variables. | `string` | no |
 | <a name="input_build_triggers"></a> [build\_triggers](#input\_build\_triggers) | A map of values which should cause the build command to re-run. Values are meant to be interpolated references to variables or attributes of other resources. | `map(string)` | no |
 | <a name="input_dead_letter_config"></a> [dead\_letter\_config](#input\_dead\_letter\_config) | Nested block to configure the function's dead letter queue. | <pre>object({<br>    target_arn = string<br>  })</pre> | no |
 | <a name="input_description"></a> [description](#input\_description) | Description of what your Lambda Function does. | `string` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | A map that defines environment variables for the Lambda function. | <pre>object({<br>    variables = map(string)<br>  })</pre> | no |
-| <a name="input_exclude_files"></a> [exclude\_files](#input\_exclude\_files) | A list of directories or folders to ignore, e.g.<br>exclude\_files = ["test", "src/**/*.ts"] | `list(string)` | no |
+| <a name="input_exclude_files"></a> [exclude\_files](#input\_exclude\_files) | A list of source directories or folders to ignore when creating the archive, e.g.<br>exclude\_files = ["test", "src/**/*.ts"] | `list(string)` | no |
 | <a name="input_iam_role_name_prefix"></a> [iam\_role\_name\_prefix](#input\_iam\_role\_name\_prefix) | The prefix string for the name of IAM role for the lambda function. | `string` | no |
 | <a name="input_kms_key_id"></a> [kms\_key\_id](#input\_kms\_key\_id) | The ARN of the KMS Key to use when encrypting log data. | `string` | no |
 | <a name="input_lambda_kms_key_arn"></a> [lambda\_kms\_key\_arn](#input\_lambda\_kms\_key\_arn) | The ARN of the KMS Key to use when encrypting environment variables. Ignored unless `environment` is specified. | `string` | no |
 | <a name="input_layers"></a> [layers](#input\_layers) | List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. | `list(string)` | no |
 | <a name="input_memory_size"></a> [memory\_size](#input\_memory\_size) | Amount of memory in MB your Lambda Function can use at runtime. | `number` | no |
+| <a name="input_output_path"></a> [output\_path](#input\_output\_path) | A path to the deployment archive which will be uploaded to AWS. If `source_dir` is not `null`, then a file is created at `output_path` containing the archived contents of `source_dir`. | `string` | no |
 | <a name="input_permissions_boundary"></a> [permissions\_boundary](#input\_permissions\_boundary) | ARN of the policy that is used to set the permissions boundary for the role. | `string` | no |
 | <a name="input_policy_arns"></a> [policy\_arns](#input\_policy\_arns) | A list of IAM policy ARNs attached to the lambda function. | `list(string)` | no |
 | <a name="input_publish"></a> [publish](#input\_publish) | Whether to publish creation/change as new Lambda Function Version. | `bool` | no |
 | <a name="input_reserved_concurrent_executions"></a> [reserved\_concurrent\_executions](#input\_reserved\_concurrent\_executions) | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations. | `number` | no |
 | <a name="input_retention_in_days"></a> [retention\_in\_days](#input\_retention\_in\_days) | Specifies the number of days you want to retain log events in the specified log group. | `number` | no |
+| <a name="input_s3_bucket"></a> [s3\_bucket](#input\_s3\_bucket) | An existing S3 bucket, containing the function's deployment package. If `output_path` is also specified, the archive will be uploaded here. | `string` | no |
+| <a name="input_s3_key"></a> [s3\_key](#input\_s3\_key) | S3 key of an object containing the function's deployment package. If `output_path` is also specified, the archive will be uploaded here. | `string` | no |
+| <a name="input_s3_object_version"></a> [s3\_object\_version](#input\_s3\_object\_version) | S3 object version containing the function's deployment package. | `string` | no |
+| <a name="input_source_dir"></a> [source\_dir](#input\_source\_dir) | A path to the directory which contains source files to be archived into a deployment package. If set to `null`, then no archive file is created. | `string` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to resources. | `map(string)` | no |
 | <a name="input_timeout"></a> [timeout](#input\_timeout) | The maximum number of seconds the lambda function to run until timeout. | `number` | no |
 | <a name="input_tracing_config"></a> [tracing\_config](#input\_tracing\_config) | Can be either PassThrough or Active. If PassThrough, Lambda will only trace the request from an upstream service if it contains a tracing header with "sampled=1". If Active, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision. | <pre>object({<br>    mode = string<br>  })</pre> | no |
diff --git a/main.tf b/main.tf
@@ -137,6 +137,10 @@ resource "aws_lambda_function" "this" {
   # configuration and Terraform will show a perpetual difference of adding the key.
   kms_key_arn = var.environment == null ? null : var.lambda_kms_key_arn
 
+  s3_bucket         = var.s3_bucket
+  s3_key            = var.s3_key
+  s3_object_version = var.s3_object_version
+
   tags = var.tags
 
   lifecycle {
diff --git a/s3.tf b/s3.tf
@@ -0,0 +1,15 @@
+locals {
+  create_s3_object = (
+    !(var.s3_bucket == null || var.s3_key == null || var.output_path == null)
+  )
+}
+
+resource "aws_s3_object" "this" {
+  count = local.create_s3_object ? 1 : 0
+
+  bucket = var.s3_bucket
+  key    = var.s3_key
+  source = var.output_path
+
+  etag = filemd5(var.output_path)
+}
diff --git a/variables.tf b/variables.tf
@@ -27,18 +27,38 @@ variable "build_triggers" {
 }
 
 variable "source_dir" {
-  description = "A path to the directory which contains source files to be archived. If set to `null`, then no archive file is created."
+  description = "A path to the directory which contains source files to be archived into a deployment package. If set to `null`, then no archive file is created."
   type        = string
+  default     = null
 }
 
 variable "output_path" {
-  description = "A path to the archive file which will be uploaded to AWS. If `source_dir` is not `null`, then a file is created at `output_path` containing the archived contents of `source_dir`."
+  description = "A path to the deployment archive which will be uploaded to AWS. If `source_dir` is not `null`, then a file is created at `output_path` containing the archived contents of `source_dir`."
+  type        = string
+  default     = null
+}
+
+variable "s3_bucket" {
+  description = "An existing S3 bucket, containing the function's deployment package. If `output_path` is also specified, the archive will be uploaded here."
+  type        = string
+  default     = null
+}
+
+variable "s3_key" {
+  description = "S3 key of an object containing the function's deployment package. If `output_path` is also specified, the archive will be uploaded here."
   type        = string
+  default     = null
+}
+
+variable "s3_object_version" {
+  description = "S3 object version containing the function's deployment package."
+  type        = string
+  default     = null
 }
 
 variable "exclude_files" {
   description = <<DESC
-A list of directories or folders to ignore, e.g.
+A list of source directories or folders to ignore when creating the archive, e.g.
 exclude_files = ["test", "src/**/*.ts"]
 DESC
   type        = list(string)
