forked from cloudposse/terraform-aws-cloudfront-s3-cdn
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
69 lines (55 loc) · 3.04 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
variable "functions" {
description = <<-EOT
Lambda@Edge functions to create.
The key of this map is the name label of the Lambda@Edge function.
One of `source`, `source_dir` or `source_zip` should be specified. These variables are mutually exclusive.
`source.filename` and `source.content` dictate the name and content of the files that will make up the Lambda function
source, respectively.
`source_dir` contains path to whole directory that has to be archived.
`source_zip` contains path to zip file with lambda source.
`runtime`, `handler`, `memory_size` and `timeout` correspond to the attributes of the same name in the [lambda_function](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function)
resource. See [here](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-at-edge-function-restrictions.html) for Lambda@Edge function restrictions.
`additional_policy` contains additional IAM policies for Lambda@Edge function. It's possible to override default policy statement by providing your own statement with `LambdaWriteCloudWatchLogs` sid.
`event_type` and `include_body` correspond to the attributes of the same name in the [Lambda Function association block
of the cloudfront_distribution](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#lambda-function-association)
resource.
EOT
type = map(object({
source = optional(list(object({
filename = string
content = string
})))
source_dir = optional(string)
source_zip = optional(string)
runtime = string
handler = string
memory_size = optional(number, 128)
timeout = optional(number, 3)
additional_policy = optional(string, "{}")
event_type = string
include_body = bool
}))
validation {
condition = alltrue([
for function in values(var.functions) : length(compact([
function.source != null ? 1 : null,
function.source_dir != null ? 1 : null,
function.source_zip != null ? 1 : null
])) == 1])
error_message = "Each function must have exactly one of 'source', 'source_dir', or 'source_zip' defined."
}
}
variable "destruction_delay" {
type = string
description = <<-EOT
The delay, in [Golang ParseDuration](https://pkg.go.dev/time#ParseDuration) format, to wait before destroying the Lambda@Edge
functions.
This delay is meant to circumvent Lambda@Edge functions not being immediately deletable following their dissociation from
a CloudFront distribution, since they are replicated to CloudFront Edge servers around the world.
If set to `null`, no delay will be introduced.
By default, the delay is 20 minutes. This is because it takes about 3 minutes to destroy a CloudFront distribution, and
around 15 minutes until the Lambda@Edge function is available for deletion, in most cases.
For more information, see: https://github.com/hashicorp/terraform-provider-aws/issues/1721.
EOT
default = "20m"
}