app/aws/lambda:zip
lambda_name - string
The name of the Lambda function.
lambda_arn - string
The ARN of the Lambda function.
Format: arn:aws:lambda:[region]:[account-id]:function:[lambda-name]
artifacts_bucket_name - string
The name of the S3 Bucket that holds the versioned code for the Lambda function.
Format: arn:aws:s3:[region]:[account-id]:[bucket-name]
artifacts_key_template - string
A template string used to name artifacts in the S3 bucket.
The Nullstone CLI replaces {{app-version}} with the version specified when pushing new artifacts.
Typical: service-{{app-version}}.zip
deployer - object
An AWS IAM user and access keys with explicit access to deploy new versions.
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[artifacts-bucket-arn]
s3:ListBucket
s3:GetBucketLocation
[artifacts-bucket-arn]/*
s3:PutObject
s3:GetObject
s3:DeleteObject
[lambda-arn]
lambda:UpdateFunctionCode
lambda:PublishVersionlog_provider - string
The name of the log provider.
For AWS, this is typically cloudwatch.
log_group_name - string
The name of the Cloudwatch Log Group where logs are stored.
log_reader - object
An AWS IAM user and access keys with explicit access to read logs.
Prebuilt Module
- GitHub: github.com/nullstone-modules/terraform-aws-logs
- Terraform:
source = nullstone-modules/logs/aws
Format
value = {
name = aws_iam_user.deployer.name
access_key = aws_iam_access_key.deployer.id
secret_key = aws_iam_access_key.deployer.secret
}Required IAM permissions
[log-group-arn]
logs:Get*
logs:List*
logs:StartQuery
logs:StopQuery
logs:TestMetricFilter
logs:Filter*