ResiLien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

provider/aws: Add docs for aws_lambda_permission

This commit is contained in:
Radek Simko 2016-01-25 14:20:07 +00:00
parent 64539d30bc
commit f53ea0b4a4
2 changed files with 126 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
website/source/docs/providers/aws/r/lambda_permission.html.markdown Normal file
View File

@ -0,0 +1,123 @@
---
layout: "aws"
page_title: "AWS: aws_lambda_permission"
sidebar_current: "docs-aws-resource-aws-lambda-permission"
description: |-
Creates a Lambda function permission.
---
# aws\_lambda\_permission
Creates a Lambda permission to allow external sources invoking the Lambda function
(e.g. CloudWatch Event Rule, SNS or S3).
## Example Usage
```
resource "aws_lambda_permission" "allow_cloudwatch" {
statement_id = "AllowExecutionFromCloudWatch"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.test_lambda.arn}"
principal = "events.amazonaws.com"
source_account = "111122223333"
source_arn = "arn:aws:events:eu-west-1:111122223333:rule/RunDaily"
qualifier = "${aws_lambda_alias.test_alias.name}"
}
resource "aws_lambda_alias" "test_alias" {
name = "testalias"
description = "a sample description"
function_name = "${aws_lambda_function.test_lambda.arn}"
function_version = "$LATEST"
}
resource "aws_lambda_function" "test_lambda" {
filename = "lambdatest.zip"
function_name = "lambda_function_name"
role = "${aws_iam_role.iam_for_lambda.arn}"
handler = "exports.handler"
}
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
```
## Usage with SNS
```
resource "aws_lambda_permission" "with_sns" {
statement_id = "AllowExecutionFromSNS"
action = "lambda:InvokeFunction"
function_name = "${aws_lambda_function.my-func.arn}"
principal = "sns.amazonaws.com"
source_arn = "${aws_sns_topic.default.arn}"
}
resource "aws_sns_topic" "default" {
name = "call-lambda-maybe"
}
resource "aws_sns_topic_subscription" "lambda" {
topic_arn = "${aws_sns_topic.default.arn}"
protocol = "lambda"
endpoint = "${aws_lambda_function.func.arn}"
}
resource "aws_lambda_function" "func" {
filename = "lambdatest.zip"
function_name = "lambda_called_from_sns"
role = "${aws_iam_role.default.arn}"
handler = "exports.handler"
}
resource "aws_iam_role" "default" {
name = "iam_for_lambda_with_sns"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
```
## Argument Reference
* `action` - (Required) The AWS Lambda action you want to allow in this statement. (e.g. `lambda:InvokeFunction`)
* `function_name` - (Required) Name of the Lambda function whose resource policy you are updating
* `principal` - (Required) The principal who is getting this permission.
e.g. `s3.amazonaws.com`, an AWS account ID, or any valid AWS service principal
such as `events.amazonaws.com` or `sns.amazonaws.com`.
* `statement_id` - (Required) A unique statement identifier.
* `qualifier` - (Optional) Query parameter to specify function version or alias name.
The permission will then apply to the specific qualified ARN.
e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2`
* `source_account` - (Optional) The AWS account ID (without a hyphen) of the source owner.
* `source_arn` - (Optional) When granting Amazon S3 permission to invoke your function,
you should specify this field with the bucket Amazon Resource Name (ARN) as its value.
This ensures that only events generated from the specified bucket can invoke the function.

3
website/source/layouts/aws.erb
View File

@ -367,6 +367,9 @@
<li<%= sidebar_current("docs-aws-resource-aws-lambda-event-source-mapping") %>>
<a href="/docs/providers/aws/r/lambda_event_source_mapping.html">aws_lambda_event_source_mapping</a>
</li>
<li<%= sidebar_current("docs-aws-resource-lambda-permission") %>>
<a href="/docs/providers/aws/r/lambda_permission.html">aws_lambda_permission</a>
</li>
</ul>
</li>