feat: fixed hardcoded value by defined in variable file (#27)

* feat: fixed hardcoded value by defined in variable file

* feat: fixed all the lambda functions

* feat: verified tfchecks

---------

Co-authored-by: Anmol Nagpal <[email protected]>

Author: Kasarpooja

_example/basic-function/example.tf

@@ -14,7 +14,7 @@ module "lambda" {
   source      = "../../"
   name        = local.name
   environment = local.environment
-  filename    = "../../lambda_packages/existing_package.zip"
+  filename    = "../../lambda_packages/index.zip"
   handler     = "index.lambda_handler"
   runtime     = "python3.7"
   variables = {

_example/complete-function/example.tf

@@ -16,7 +16,7 @@ module "lambda" {
   environment                       = local.environment
   create_layers                     = true
   timeout                           = 60
-  filename                          = "../../lambda_packages/existing_package.zip"
+  filename                          = "../../lambda_packages/index.zip"
   handler                           = "index.lambda_handler"
   runtime                           = "python3.8"
   compatible_architectures          = ["arm64"]
@@ -31,7 +31,7 @@ module "lambda" {
   names = [
     "python_layer"
   ]
-  layer_filenames = ["../../lambda_packages/guardduty_enabler.zip"]
+  layer_filenames = ["../../lambda_packages/layer.zip"]
   compatible_runtimes = [
     ["python3.8"]
   ]

lambda_packages/layer.py

@@ -0,0 +1,14 @@
+import os
+import json
+
+def lambda_handler(event, context):
+    json_region = os.environ['AWS_REGION']
+    return {
+        "statusCode": 200,
+        "headers": {
+            "Content-Type": "application/json"
+        },
+        "body": json.dumps({
+            "Region ": json_region
+        })
+    }

main.tf

@@ -149,33 +149,18 @@ resource "aws_lambda_permission" "default" {
 ## Terraform module to create Iam role resource on AWS for lambda.
 ##-----------------------------------------------------------------------------
 resource "aws_iam_role" "default" {
-  count = var.enable && var.create_iam_role ? 1 : 0
-  name  = format("%s-role", module.labels.id)
-
-  assume_role_policy = <<EOF
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Action": "sts:AssumeRole",
-      "Principal": {
-        "Service": "lambda.amazonaws.com"
-      },
-      "Effect": "Allow",
-      "Sid": ""
-    }
-  ]
-}
-EOF
+  count              = var.enable && var.create_iam_role ? 1 : 0
+  name               = format("%s-testrole", module.labels.id)
+  assume_role_policy = var.assume_role_policy
 }
 
 ##-----------------------------------------------------------------------------
 ## Terraform module to create Iam policy resource on AWS for lambda.
 ##-----------------------------------------------------------------------------
 resource "aws_iam_policy" "default" {
   count       = var.enable && var.create_iam_role ? 1 : 0
-  name        = format("%s-logging", module.labels.id)
-  path        = "/"
+  name        = format("%s-testlogging", module.labels.id)
+  path        = var.aws_iam_policy_path
   description = "IAM policy for logging from a lambda"
   policy      = data.aws_iam_policy_document.default[0].json
 }
@@ -213,13 +198,13 @@ resource "aws_kms_key" "kms" {
 
 resource "aws_kms_alias" "kms-alias" {
   count         = var.enable && var.enable_kms ? 1 : 0
-  name          = format("alias/%s-lambda-keys", module.labels.id)
+  name          = format("alias/%s-testlambda-keys", module.labels.id)
   target_key_id = aws_kms_key.kms[0].key_id
 }
 
 resource "aws_kms_alias" "kms-alias-cloudwatch" {
   count         = var.enable && var.enable_kms && !var.existing_cloudwatch_log_group ? 1 : 0
-  name          = format("alias/%s-lambda-cloudwatch-keys", module.labels.id)
+  name          = format("alias/%s-testlambda-cloudwatch-keys", module.labels.id)
   target_key_id = aws_kms_key.kms[1].key_id
 }
 
@@ -301,7 +286,7 @@ data "aws_cloudwatch_log_group" "lambda" {
 
 resource "aws_cloudwatch_log_group" "lambda" {
   count             = var.enable && !var.existing_cloudwatch_log_group ? 1 : 0
-  name              = "/aws/lambda/${module.labels.id}"
+  name              = "/aws/testlambda/${module.labels.id}"
   retention_in_days = var.cloudwatch_logs_retention_in_days
   kms_key_id        = var.enable_kms ? aws_kms_key.kms[1].arn : var.cloudwatch_logs_kms_key_arn
   tags              = module.labels.tags
@@ -322,7 +307,7 @@ data "aws_iam_policy_document" "logs" {
 
 resource "aws_iam_policy" "logs" {
   count  = var.enable && var.create_iam_role && var.attach_cloudwatch_logs_policy ? 1 : 0
-  name   = "aws_lambda-logs"
+  name   = var.aws_iam_policy_logs_name
   path   = var.policy_path
   policy = data.aws_iam_policy_document.logs[0].json
   tags   = module.labels.tags

outputs.tf

@@ -1,5 +1,10 @@
 # Module      : Lambda
 # Description : Terraform Lambda function module outputs.
+output "name" {
+  value       = module.labels.name
+  description = "The name can identifying your Lambda Function."
+}
+
 output "arn" {
   value       = join("", aws_lambda_function.default[*].arn)
   description = "The Amazon Resource Name (ARN) identifying your Lambda Function."

variables.tf

@@ -412,4 +412,34 @@ variable "policy_path" {
   type        = string
   default     = null
   description = "Path of policies to that should be added to IAM role for Lambda Function"
-}
+}
+
+variable "assume_role_policy" {
+  type        = string
+  description = "assume role policy document in JSON format"
+  default     = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "lambda.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+variable "aws_iam_policy_logs_name" {
+  type        = string
+  default     = "aws_testlambda-logs"
+  description = "IAM policy name mentioned here"
+}
+variable "aws_iam_policy_path" {
+  type        = string
+  default     = "/"
+  description = "IAM policy path default value"
+}