app/aws/lambda:container
lambda_name - string
The name of the Lambda function.
lambda_arn - string
The ARN of the Lambda function.
Format: arn:aws:lambda:[region]:[account-id]:function:[lambda-name]
image_repo_url - string
The image repository URL where the service pulls its images.
Format: [account-id]:dkr.ecr.[region].amazonaws.com/[image-repo-name]
image_pusher - object
An AWS IAM user and access keys that have explicit access to push images to the image repository.
Format
value = {
name = aws_iam_user.image_pusher.name
access_key = aws_iam_access_key.image_pusher.id
secret_key = aws_iam_access_key.image_pusher.secret
}Required IAM permissions
[ecr-repository-arn]
ecr:GetDownloadUrlForLayer
ecr:BatchGetImage
ecr:BatchCheckLayerAvailability
ecr:PutImage
ecr:InitiateLayerUpload
ecr:UploadLayerPart
ecr:CompleteLayerUpload**
*
ecr:GetAuthorizationTokendeployer - object
An AWS IAM user and access keys with explicit access to deploy new versions.
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[artifacts-bucket-arn]
s3:ListBucket
s3:GetBucketLocation
[artifacts-bucket-arn]/*
s3:PutObject
s3:GetObject
s3:DeleteObject
[lambda-arn]
lambda:UpdateFunctionCode
lambda:PublishVersionlog_provider - string
The name of the log provider.
For AWS, this is typically cloudwatch.
log_group_name - string
The name of the Cloudwatch Log Group where logs are stored.
log_reader - object
An AWS IAM user and access keys with explicit access to read logs.
Prebuilt Module
- GitHub: github.com/nullstone-modules/terraform-aws-logs
- Terraform:
source = nullstone-modules/logs/aws
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[log-group-arn]
logs:Get*
logs:List*
logs:StartQuery
logs:StopQuery
logs:TestMetricFilter
logs:Filter*