add active tracing option

Author: anmolnagpal

main.tf

@@ -65,6 +65,26 @@ resource "aws_iam_role_policy_attachment" "default" {
   policy_arn = join("", aws_iam_policy.default.*.arn)
 }
 
+data "aws_iam_policy" "tracing" {
+  count = var.enabled && var.attach_tracing_policy ? 1 : 0
+  arn   = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+}
+
+resource "aws_iam_policy" "tracing" {
+  count = var.enabled && var.attach_tracing_policy ? 1 : 0
+
+  path   = "/"
+  policy = data.aws_iam_policy.tracing[0].policy
+  tags   = var.tags
+}
+
+resource "aws_iam_role_policy_attachment" "tracing" {
+  count = var.enabled && var.attach_tracing_policy ? 1 : 0
+
+  role       = join("", aws_iam_role.default.*.name)
+  policy_arn = aws_iam_policy.tracing[0].arn
+}
+
 # Module      : Lambda layers
 # Description : Terraform module to create Lambda layers resource on AWS.
 resource "aws_lambda_layer_version" "default" {

variables.tf

@@ -19,13 +19,13 @@ variable "environment" {
 }
 
 variable "label_order" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Label order, e.g. `name`,`application`."
 }
 
 variable "attributes" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Additional attributes (e.g. `1`)."
 }
@@ -37,7 +37,7 @@ variable "delimiter" {
 }
 
 variable "tags" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "Additional tags (e.g. map(`BusinessUnit`,`XYZ`)."
 }
@@ -128,115 +128,127 @@ variable "kms_key_arn" {
 }
 
 variable "layer_filenames" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The path to the function's deployment package within the local filesystem. If defined, The s3_-prefixed options cannot be used."
 }
 
 variable "s3_buckets" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The S3 bucket location containing the function's deployment package. Conflicts with filename. This bucket must reside in the same AWS region where you are creating the Lambda function."
 }
 
 variable "s3_keies" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The S3 key of an object containing the function's deployment package. Conflicts with filename."
 }
 
 variable "s3_object_versions" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The object version containing the function's deployment package. Conflicts with filename."
 }
 
 variable "names" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "A unique name for your Lambda Layer."
 }
 
 variable "compatible_runtimes" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "A list of Runtimes this layer is compatible with. Up to 5 runtimes can be specified."
 }
 
 variable "descriptions" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Description of what your Lambda Layer does."
 }
 
 variable "license_infos" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "License info for your Lambda Layer. See License Info."
 }
 
 variable "statement_ids" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "A unique statement identifier. By default generated by Terraform. "
 }
 
 variable "event_source_tokens" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The Event Source Token to validate. Used with Alexa Skills."
 }
 
 variable "iam_actions" {
-  type        = list
+  type        = list(any)
   default     = ["logs:CreateLogStream", "logs:CreateLogGroup", "logs:PutLogEvents"]
   description = "The actions for Iam Role Policy."
 }
 
 variable "actions" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The AWS Lambda action you want to allow in this statement. (e.g. lambda:InvokeFunction)."
 }
 
 variable "principals" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "The principal who is getting this permission. e.g. s3.amazonaws.com, an AWS account ID, or any valid AWS service principal such as events.amazonaws.com or sns.amazonaws.com."
 }
 
 variable "source_arns" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "When granting Amazon S3 or CloudWatch Events permission to invoke your function, you should specify this field with the Amazon Resource Name (ARN) for the S3 Bucket or CloudWatch Events Rule as its value. This ensures that only events generated from the specified bucket or rule can invoke the function."
 }
 
 variable "qualifiers" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. arn:aws:lambda:aws-region:acct-id:function:function-name:2"
 }
 
 variable "source_accounts" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner."
 }
 
 variable "subnet_ids" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Subnet ids for vpc config."
 }
 
 variable "security_group_ids" {
-  type        = list
+  type        = list(any)
   default     = []
   description = "Security group ids for vpc config."
 }
 
 variable "variables" {
-  type        = map
+  type        = map(any)
   default     = {}
   description = "A map that defines environment variables for the Lambda function."
+}
+
+variable "tracing_mode" {
+  type        = string
+  default     = null
+  description = "Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are PassThrough and Active."
+}
+
+variable "attach_tracing_policy" {
+  type        = bool
+  default     = false
+  description = "Controls whether X-Ray tracing policy should be added to IAM role for Lambda Function"
 }