`app/aws/lambda:container`

`lambda_name` - string

The name of the Lambda function.

`lambda_arn` - string

The ARN of the Lambda function.

Format: arn:aws:lambda:[region]:[account-id]:function:[lambda-name]

`image_repo_url` - string

The image repository URL where the service pulls its images.

Format: [account-id]:dkr.ecr.[region].amazonaws.com/[image-repo-name]

`image_pusher` - object

An AWS IAM user and access keys that have explicit access to push images to the image repository.

Format

value = {
    name       = aws_iam_user.image_pusher.name
    access_key = aws_iam_access_key.image_pusher.id
    secret_key = aws_iam_access_key.image_pusher.secret
}

value = {
    name       = aws_iam_user.image_pusher.name
    access_key = aws_iam_access_key.image_pusher.id
    secret_key = aws_iam_access_key.image_pusher.secret
}

Required IAM permissions

[ecr-repository-arn]
    ecr:GetDownloadUrlForLayer
    ecr:BatchGetImage
    ecr:BatchCheckLayerAvailability
    ecr:PutImage
    ecr:InitiateLayerUpload
    ecr:UploadLayerPart
    ecr:CompleteLayerUpload**
*
    ecr:GetAuthorizationToken

[ecr-repository-arn]
    ecr:GetDownloadUrlForLayer
    ecr:BatchGetImage
    ecr:BatchCheckLayerAvailability
    ecr:PutImage
    ecr:InitiateLayerUpload
    ecr:UploadLayerPart
    ecr:CompleteLayerUpload**
*
    ecr:GetAuthorizationToken

`deployer` - object

An AWS IAM user and access keys with explicit access to deploy new versions.

Format

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

Required IAM permissions

[artifacts-bucket-arn]
    s3:ListBucket
    s3:GetBucketLocation
[artifacts-bucket-arn]/*
    s3:PutObject
    s3:GetObject
    s3:DeleteObject
[lambda-arn]
    lambda:UpdateFunctionCode
    lambda:PublishVersion

[artifacts-bucket-arn]
    s3:ListBucket
    s3:GetBucketLocation
[artifacts-bucket-arn]/*
    s3:PutObject
    s3:GetObject
    s3:DeleteObject
[lambda-arn]
    lambda:UpdateFunctionCode
    lambda:PublishVersion

`log_provider` - string

The name of the log provider.

For AWS, this is typically cloudwatch.

`log_group_name` - string

The name of the Cloudwatch Log Group where logs are stored.

`log_reader` - object

An AWS IAM user and access keys with explicit access to read logs.

Prebuilt Module

GitHub: github.com/nullstone-modules/terraform-aws-logs
Terraform: source = nullstone-modules/logs/aws

Format

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

value = {
    name       = aws_iam_user.deployer.name
    access_key = aws_iam_access_key.deployer.id
    secret_key = aws_iam_access_key.deployer.secret
}

Required IAM permissions

[log-group-arn]
    logs:Get*
    logs:List*
    logs:StartQuery
    logs:StopQuery
    logs:TestMetricFilter
    logs:Filter*

[log-group-arn]
    logs:Get*
    logs:List*
    logs:StartQuery
    logs:StopQuery
    logs:TestMetricFilter
    logs:Filter*

app/aws/lambda:container ​

lambda_name - string ​

lambda_arn - string ​

image_repo_url - string ​

image_pusher - object ​

Format ​

Required IAM permissions ​

deployer - object ​

Format ​

Required IAM permissions ​

log_provider - string ​

log_group_name - string ​

log_reader - object ​

Prebuilt Module ​

Format ​

Required IAM permissions ​

`app/aws/lambda:container`

`lambda_name` - string

`lambda_arn` - string

`image_repo_url` - string

`image_pusher` - object

Format

Required IAM permissions

`deployer` - object

Format

Required IAM permissions

`log_provider` - string

`log_group_name` - string

`log_reader` - object

Prebuilt Module

Format

Required IAM permissions