FEATURES OPEN SOURCE ABOUT DOCS LOGIN REGISTER

aws_lambda_permission

Creates a Lambda permission to allow external sources invoking the Lambda function (e.g. CloudWatch Event Rule, SNS or S3).

Example Usage

resource "aws_lambda_permission" "allow_cloudwatch" {
    statement_id = "AllowExecutionFromCloudWatch"
    action = "lambda:InvokeFunction"
    function_name = "${aws_lambda_function.test_lambda.arn}"
    principal = "events.amazonaws.com"
    source_account = "111122223333"
    source_arn = "arn:aws:events:eu-west-1:111122223333:rule/RunDaily"
    qualifier = "${aws_lambda_alias.test_alias.name}"
}

resource "aws_lambda_alias" "test_alias" {
    name = "testalias"
    description = "a sample description"
    function_name = "${aws_lambda_function.test_lambda.arn}"
    function_version = "$LATEST"
}

resource "aws_lambda_function" "test_lambda" {
    filename = "lambdatest.zip"
    function_name = "lambda_function_name"
    role = "${aws_iam_role.iam_for_lambda.arn}"
    handler = "exports.handler"
}

resource "aws_iam_role" "iam_for_lambda" {
    name = "iam_for_lambda"
    assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

Usage with SNS

resource "aws_lambda_permission" "with_sns" {
    statement_id = "AllowExecutionFromSNS"
    action = "lambda:InvokeFunction"
    function_name = "${aws_lambda_function.my-func.arn}"
    principal = "sns.amazonaws.com"
    source_arn = "${aws_sns_topic.default.arn}"
}

resource "aws_sns_topic" "default" {
  name = "call-lambda-maybe"
}

resource "aws_sns_topic_subscription" "lambda" {
    topic_arn = "${aws_sns_topic.default.arn}"
    protocol  = "lambda"
    endpoint  = "${aws_lambda_function.func.arn}"
}

resource "aws_lambda_function" "func" {
    filename = "lambdatest.zip"
    function_name = "lambda_called_from_sns"
    role = "${aws_iam_role.default.arn}"
    handler = "exports.handler"
}

resource "aws_iam_role" "default" {
    name = "iam_for_lambda_with_sns"
    assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

Argument Reference


See the source of this document at Terraform.io