terraform-aws-modules
diff --git a/‎README.md
Lines changed: 6 additions & 3 deletions b/‎README.md
Lines changed: 6 additions & 3 deletions
diff --git a/‎examples/complete/main.tf
Lines changed: 3 additions & 0 deletions b/‎examples/complete/main.tf
Lines changed: 3 additions & 0 deletions
diff --git a/‎main.tf
Lines changed: 3 additions & 0 deletions b/‎main.tf
Lines changed: 3 additions & 0 deletions
diff --git a/‎modules/log_forwarder/README.md
Lines changed: 3 additions & 2 deletions b/‎modules/log_forwarder/README.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎modules/log_forwarder/main.tf
Lines changed: 9 additions & 8 deletions b/‎modules/log_forwarder/main.tf
Lines changed: 9 additions & 8 deletions
diff --git a/‎modules/log_forwarder/variables.tf
Lines changed: 7 additions & 1 deletion b/‎modules/log_forwarder/variables.tf
Lines changed: 7 additions & 1 deletion
@@ -129,6 +129,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_dd_app_key"></a> [dd\_app\_key](#input\_dd\_app\_key) | The Datadog application key associated with the user account that created it, which can be found from the APIs page | `string` | `""` | no |
 | <a name="input_dd_site"></a> [dd\_site](#input\_dd\_site) | Define your Datadog Site to send data to. For the Datadog EU site, set to datadoghq.eu | `string` | `"datadoghq.com"` | no |
 | <a name="input_kms_alias"></a> [kms\_alias](#input\_kms\_alias) | Alias of KMS key used to encrypt the Datadog API keys - must start with `alias/` | `string` | n/a | yes |
+| <a name="input_log_forwarder_architectures"></a> [log\_forwarder\_architectures](#input\_log\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | <pre>[<br>  "x86_64"<br>]</pre> | no |
 | <a name="input_log_forwarder_bucket_prefix"></a> [log\_forwarder\_bucket\_prefix](#input\_log\_forwarder\_bucket\_prefix) | S3 object key prefix to prepend to zip archive name | `string` | `""` | no |
 | <a name="input_log_forwarder_environment_variables"></a> [log\_forwarder\_environment\_variables](#input\_log\_forwarder\_environment\_variables) | A map of environment variables for the log forwarder lambda function | `map(string)` | `{}` | no |
 | <a name="input_log_forwarder_kms_key_arn"></a> [log\_forwarder\_kms\_key\_arn](#input\_log\_forwarder\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
@@ -148,7 +149,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_log_forwarder_role_path"></a> [log\_forwarder\_role\_path](#input\_log\_forwarder\_role\_path) | Log forwarder role path | `string` | `null` | no |
 | <a name="input_log_forwarder_role_permissions_boundary"></a> [log\_forwarder\_role\_permissions\_boundary](#input\_log\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the log forwarder role | `string` | `null` | no |
 | <a name="input_log_forwarder_role_tags"></a> [log\_forwarder\_role\_tags](#input\_log\_forwarder\_role\_tags) | A map of tags to apply to the log forwarder role | `map(string)` | `{}` | no |
-| <a name="input_log_forwarder_runtime"></a> [log\_forwarder\_runtime](#input\_log\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.7"` | no |
+| <a name="input_log_forwarder_runtime"></a> [log\_forwarder\_runtime](#input\_log\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.9"` | no |
 | <a name="input_log_forwarder_s3_log_bucket_arns"></a> [log\_forwarder\_s3\_log\_bucket\_arns](#input\_log\_forwarder\_s3\_log\_bucket\_arns) | S3 log buckets for forwarder to read and forward logs to Datadog | `list(string)` | `[]` | no |
 | <a name="input_log_forwarder_s3_zip_kms_key_id"></a> [log\_forwarder\_s3\_zip\_kms\_key\_id](#input\_log\_forwarder\_s3\_zip\_kms\_key\_id) | The AWS KMS Key ARN to use for object encryption | `string` | `null` | no |
 | <a name="input_log_forwarder_s3_zip_metadata"></a> [log\_forwarder\_s3\_zip\_metadata](#input\_log\_forwarder\_s3\_zip\_metadata) | A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-` | `map(string)` | `{}` | no |
@@ -174,6 +175,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_processes_vpce_security_group_ids"></a> [processes\_vpce\_security\_group\_ids](#input\_processes\_vpce\_security\_group\_ids) | IDs of security groups to attach to processes endpoint | `list(string)` | `[]` | no |
 | <a name="input_processes_vpce_subnet_ids"></a> [processes\_vpce\_subnet\_ids](#input\_processes\_vpce\_subnet\_ids) | IDs of subnets to associate with processes endpoint | `list(string)` | `[]` | no |
 | <a name="input_processes_vpce_tags"></a> [processes\_vpce\_tags](#input\_processes\_vpce\_tags) | A map of tags to apply to the processes endpoint | `map(string)` | `{}` | no |
+| <a name="input_rds_em_forwarder_architectures"></a> [rds\_em\_forwarder\_architectures](#input\_rds\_em\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | <pre>[<br>  "x86_64"<br>]</pre> | no |
 | <a name="input_rds_em_forwarder_environment_variables"></a> [rds\_em\_forwarder\_environment\_variables](#input\_rds\_em\_forwarder\_environment\_variables) | A map of environment variables for the RDS enhanced monitoring forwarder lambda function | `map(string)` | `{}` | no |
 | <a name="input_rds_em_forwarder_kms_key_arn"></a> [rds\_em\_forwarder\_kms\_key\_arn](#input\_rds\_em\_forwarder\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
 | <a name="input_rds_em_forwarder_lambda_tags"></a> [rds\_em\_forwarder\_lambda\_tags](#input\_rds\_em\_forwarder\_lambda\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder lambda function | `map(string)` | `{}` | no |
@@ -192,7 +194,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_rds_em_forwarder_role_path"></a> [rds\_em\_forwarder\_role\_path](#input\_rds\_em\_forwarder\_role\_path) | RDS enhanced monitoring forwarder role path | `string` | `null` | no |
 | <a name="input_rds_em_forwarder_role_permissions_boundary"></a> [rds\_em\_forwarder\_role\_permissions\_boundary](#input\_rds\_em\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the RDS enhanced monitoring forwarder role | `string` | `null` | no |
 | <a name="input_rds_em_forwarder_role_tags"></a> [rds\_em\_forwarder\_role\_tags](#input\_rds\_em\_forwarder\_role\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder role | `map(string)` | `{}` | no |
-| <a name="input_rds_em_forwarder_runtime"></a> [rds\_em\_forwarder\_runtime](#input\_rds\_em\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.7"` | no |
+| <a name="input_rds_em_forwarder_runtime"></a> [rds\_em\_forwarder\_runtime](#input\_rds\_em\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.9"` | no |
 | <a name="input_rds_em_forwarder_security_group_ids"></a> [rds\_em\_forwarder\_security\_group\_ids](#input\_rds\_em\_forwarder\_security\_group\_ids) | List of security group ids when forwarder lambda function should run in the VPC | `list(string)` | `null` | no |
 | <a name="input_rds_em_forwarder_subnet_ids"></a> [rds\_em\_forwarder\_subnet\_ids](#input\_rds\_em\_forwarder\_subnet\_ids) | List of subnet ids when forwarder lambda function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
 | <a name="input_rds_em_forwarder_tags"></a> [rds\_em\_forwarder\_tags](#input\_rds\_em\_forwarder\_tags) | A map of tags to apply to the RDS enhanced monitoring forwarder resources | `map(string)` | `{}` | no |
@@ -205,6 +207,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_traces_vpce_security_group_ids"></a> [traces\_vpce\_security\_group\_ids](#input\_traces\_vpce\_security\_group\_ids) | IDs of security groups to attach to traces endpoint | `list(string)` | `[]` | no |
 | <a name="input_traces_vpce_subnet_ids"></a> [traces\_vpce\_subnet\_ids](#input\_traces\_vpce\_subnet\_ids) | IDs of subnets to associate with traces endpoint | `list(string)` | `[]` | no |
 | <a name="input_traces_vpce_tags"></a> [traces\_vpce\_tags](#input\_traces\_vpce\_tags) | A map of tags to apply to the traces endpoint | `map(string)` | `{}` | no |
+| <a name="input_vpc_fl_forwarder_architectures"></a> [vpc\_fl\_forwarder\_architectures](#input\_vpc\_fl\_forwarder\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | <pre>[<br>  "x86_64"<br>]</pre> | no |
 | <a name="input_vpc_fl_forwarder_environment_variables"></a> [vpc\_fl\_forwarder\_environment\_variables](#input\_vpc\_fl\_forwarder\_environment\_variables) | A map of environment variables for the VPC flow log forwarder lambda function | `map(string)` | `{}` | no |
 | <a name="input_vpc_fl_forwarder_kms_key_arn"></a> [vpc\_fl\_forwarder\_kms\_key\_arn](#input\_vpc\_fl\_forwarder\_kms\_key\_arn) | KMS key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key | `string` | `null` | no |
 | <a name="input_vpc_fl_forwarder_lambda_tags"></a> [vpc\_fl\_forwarder\_lambda\_tags](#input\_vpc\_fl\_forwarder\_lambda\_tags) | A map of tags to apply to the VPC flow log forwarder lambda function | `map(string)` | `{}` | no |
@@ -224,7 +227,7 @@ Examples codified under the [`examples`](./examples) are intended to give users
 | <a name="input_vpc_fl_forwarder_role_path"></a> [vpc\_fl\_forwarder\_role\_path](#input\_vpc\_fl\_forwarder\_role\_path) | VPC flow log forwarder role path | `string` | `null` | no |
 | <a name="input_vpc_fl_forwarder_role_permissions_boundary"></a> [vpc\_fl\_forwarder\_role\_permissions\_boundary](#input\_vpc\_fl\_forwarder\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the VPC flow log forwarder role | `string` | `null` | no |
 | <a name="input_vpc_fl_forwarder_role_tags"></a> [vpc\_fl\_forwarder\_role\_tags](#input\_vpc\_fl\_forwarder\_role\_tags) | A map of tags to apply to the VPC flow log forwarder role | `map(string)` | `{}` | no |
-| <a name="input_vpc_fl_forwarder_runtime"></a> [vpc\_fl\_forwarder\_runtime](#input\_vpc\_fl\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.7"` | no |
+| <a name="input_vpc_fl_forwarder_runtime"></a> [vpc\_fl\_forwarder\_runtime](#input\_vpc\_fl\_forwarder\_runtime) | Lambda function runtime | `string` | `"python3.9"` | no |
 | <a name="input_vpc_fl_forwarder_s3_log_bucket_arns"></a> [vpc\_fl\_forwarder\_s3\_log\_bucket\_arns](#input\_vpc\_fl\_forwarder\_s3\_log\_bucket\_arns) | S3 log buckets for VPC flow log forwarder to read and forward to Datadog | `list(string)` | `[]` | no |
 | <a name="input_vpc_fl_forwarder_security_group_ids"></a> [vpc\_fl\_forwarder\_security\_group\_ids](#input\_vpc\_fl\_forwarder\_security\_group\_ids) | List of security group ids when forwarder lambda function should run in the VPC | `list(string)` | `null` | no |
 | <a name="input_vpc_fl_forwarder_subnet_ids"></a> [vpc\_fl\_forwarder\_subnet\_ids](#input\_vpc\_fl\_forwarder\_subnet\_ids) | List of subnet ids when forwarder lambda function should run in the VPC. Usually private or intra subnets | `list(string)` | `null` | no |
 
@@ -268,6 +268,7 @@ module "default" {
   log_forwarder_memory_size                    = 512
   log_forwarder_timeout                        = 60
   log_forwarder_publish                        = true
+  log_forwarder_architectures                  = ["arm64"]
   log_forwarder_reserved_concurrent_executions = 10
   log_forwarder_kms_key_arn                    = aws_kms_alias.datadog.target_key_arn
   log_forwarder_subnet_ids                     = module.vpc.private_subnets
@@ -298,6 +299,7 @@ module "default" {
   rds_em_forwarder_memory_size                    = 512
   rds_em_forwarder_timeout                        = 60
   rds_em_forwarder_publish                        = true
+  rds_em_forwarder_architectures                  = ["arm64"]
   rds_em_forwarder_reserved_concurrent_executions = 10
   rds_em_forwarder_kms_key_arn                    = aws_kms_alias.datadog.target_key_arn
   rds_em_forwarder_subnet_ids                     = module.vpc.private_subnets
@@ -317,6 +319,7 @@ module "default" {
   vpc_fl_forwarder_memory_size                    = 512
   vpc_fl_forwarder_timeout                        = 60
   vpc_fl_forwarder_publish                        = true
+  vpc_fl_forwarder_architectures                  = ["arm64"]
   vpc_fl_forwarder_reserved_concurrent_executions = 10
   vpc_fl_forwarder_kms_key_arn                    = aws_kms_alias.datadog.target_key_arn
   vpc_fl_forwarder_subnet_ids                     = module.vpc.private_subnets
 
@@ -18,6 +18,7 @@ module "log_forwarder" {
   memory_size                    = var.log_forwarder_memory_size
   timeout                        = var.log_forwarder_timeout
   publish                        = var.log_forwarder_publish
+  architectures                  = var.log_forwarder_architectures
   reserved_concurrent_executions = var.log_forwarder_reserved_concurrent_executions
   kms_key_arn                    = var.log_forwarder_kms_key_arn
   subnet_ids                     = var.log_forwarder_subnet_ids
@@ -76,6 +77,7 @@ module "rds_enhanced_monitoring_forwarder" {
   memory_size                    = var.rds_em_forwarder_memory_size
   timeout                        = var.rds_em_forwarder_timeout
   publish                        = var.rds_em_forwarder_publish
+  architectures                  = var.rds_em_forwarder_architectures
   reserved_concurrent_executions = var.rds_em_forwarder_reserved_concurrent_executions
   kms_key_arn                    = var.rds_em_forwarder_kms_key_arn
   subnet_ids                     = var.rds_em_forwarder_subnet_ids
@@ -122,6 +124,7 @@ module "vpc_flow_log_forwarder" {
   memory_size                    = var.vpc_fl_forwarder_memory_size
   timeout                        = var.vpc_fl_forwarder_timeout
   publish                        = var.vpc_fl_forwarder_publish
+  architectures                  = var.vpc_fl_forwarder_architectures
   reserved_concurrent_executions = var.vpc_fl_forwarder_reserved_concurrent_executions
   kms_key_arn                    = var.vpc_fl_forwarder_kms_key_arn
   subnet_ids                     = var.vpc_fl_forwarder_subnet_ids
 
@@ -56,7 +56,7 @@ module "datadog_log_forwarder" {
 
 | Name | Source | Version |
 |------|--------|---------|
-| <a name="module_this_s3_bucket"></a> [this\_s3\_bucket](#module\_this\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | v2.11.0 |
+| <a name="module_this_s3_bucket"></a> [this\_s3\_bucket](#module\_this\_s3\_bucket) | terraform-aws-modules/s3-bucket/aws | v2.14.1 |
 
 ## Resources
 
@@ -79,6 +79,7 @@ module "datadog_log_forwarder" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_architectures"></a> [architectures](#input\_architectures) | Instruction set architecture for your Lambda function. Valid values are `["x86_64"]` and `["arm64"]`. Default is `["x86_64"]` | `list(string)` | <pre>[<br>  "x86_64"<br>]</pre> | no |
 | <a name="input_bucket_attach_deny_insecure_transport_policy"></a> [bucket\_attach\_deny\_insecure\_transport\_policy](#input\_bucket\_attach\_deny\_insecure\_transport\_policy) | Controls if S3 bucket should have deny non-SSL transport policy attacheds | `bool` | `false` | no |
 | <a name="input_bucket_encryption_settings"></a> [bucket\_encryption\_settings](#input\_bucket\_encryption\_settings) | S3 bucket server side encryption settings | `map(string)` | <pre>{<br>  "sse_algorithm": "AES256"<br>}</pre> | no |
 | <a name="input_bucket_name"></a> [bucket\_name](#input\_bucket\_name) | Forwarder S3 bucket name | `string` | `""` | no |
@@ -109,7 +110,7 @@ module "datadog_log_forwarder" {
 | <a name="input_role_path"></a> [role\_path](#input\_role\_path) | Forwarder role path | `string` | `null` | no |
 | <a name="input_role_permissions_boundary"></a> [role\_permissions\_boundary](#input\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the forwarder role | `string` | `null` | no |
 | <a name="input_role_tags"></a> [role\_tags](#input\_role\_tags) | A map of tags to apply to the forwarder role | `map(string)` | `{}` | no |
-| <a name="input_runtime"></a> [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.7"` | no |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | Lambda function runtime | `string` | `"python3.9"` | no |
 | <a name="input_s3_log_bucket_arns"></a> [s3\_log\_bucket\_arns](#input\_s3\_log\_bucket\_arns) | S3 log buckets for forwarder to read and forward logs to Datadog | `list(string)` | `[]` | no |
 | <a name="input_s3_zip_kms_key_id"></a> [s3\_zip\_kms\_key\_id](#input\_s3\_zip\_kms\_key\_id) | The AWS KMS Key ARN to use for object encryption | `string` | `null` | no |
 | <a name="input_s3_zip_metadata"></a> [s3\_zip\_metadata](#input\_s3\_zip\_metadata) | A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-` | `map(string)` | `{}` | no |
 
@@ -24,7 +24,7 @@ data "aws_region" "current" {}
 
 module "this_s3_bucket" {
   source  = "terraform-aws-modules/s3-bucket/aws"
-  version = "v2.11.0"
+  version = "v2.14.1"
 
   create_bucket = var.create && var.create_bucket
   bucket        = local.bucket_name
@@ -158,13 +158,14 @@ resource "aws_lambda_function" "this" {
   function_name     = var.name
   handler           = "lambda_function.lambda_handler"
 
-  role        = var.create_role ? aws_iam_role.this[0].arn : var.role_arn
-  description = local.description
-  runtime     = var.runtime
-  layers      = var.layers
-  memory_size = var.memory_size
-  timeout     = var.timeout
-  publish     = var.publish
+  role          = var.create_role ? aws_iam_role.this[0].arn : var.role_arn
+  description   = local.description
+  runtime       = var.runtime
+  layers        = var.layers
+  memory_size   = var.memory_size
+  timeout       = var.timeout
+  publish       = var.publish
+  architectures = var.architectures
 
   reserved_concurrent_executions = var.reserved_concurrent_executions
   kms_key_arn                    = var.kms_key_arn
 
@@ -194,7 +194,7 @@ variable "name" {
 variable "runtime" {
   description = "Lambda function runtime"
   type        = string
-  default     = "python3.7"
+  default     = "python3.9"
 }
 
 variable "layers" {
@@ -221,6 +221,12 @@ variable "publish" {
   default     = false
 }
 
+variable "architectures" {
+  description = "Instruction set architecture for your Lambda function. Valid values are `[\"x86_64\"]` and `[\"arm64\"]`. Default is `[\"x86_64\"]`"
+  type        = list(string)
+  default     = ["x86_64"]
+}
+
 variable "reserved_concurrent_executions" {
   description = "The amount of reserved concurrent executions for the forwarder lambda function"
   type        = number