add image uri for lambda source

schubergphilis · Sep 13, 2024 · ae3f85c · ae3f85c
1 parent b0722f0
commit ae3f85c
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 7 deletions.
diff --git a/main.tf b/main.tf
@@ -13,7 +13,7 @@ locals {
 module "lambda_role" {
   count = length(compact([var.role_arn])) == 0 ? 1 : 0
 
-  source                = "github.com/schubergphilis/terraform-aws-mcaf-role?ref=v0.3.3"
+  source                = "github.com/schubergphilis/terraform-aws-mcaf-role?ref=v0.4.0"
   name                  = join("-", compact([var.role_prefix, "LambdaRole", var.name]))
   create_policy         = var.create_policy
   permissions_boundary  = var.permissions_boundary
@@ -133,6 +133,7 @@ resource "aws_lambda_function" "default" {
   code_signing_config_arn        = var.code_signing_config_arn
   description                    = var.description
   filename                       = var.s3_bucket == null ? local.filename : null
+  image_uri                      = var.image_uri != null ? var.image_uri : null
   function_name                  = var.name
   handler                        = var.handler
   kms_key_arn                    = var.environment != null ? var.kms_key_arn : null

diff --git a/variables.tf b/variables.tf
@@ -81,6 +81,17 @@ variable "handler" {
   description = "The function entrypoint in your code"
 }
 
+variable "image_uri" {
+  type        = string
+  default     = null
+  description = "ECR image URI containing the function's deployment package. (must be internal ECR URI to the organiusation)"
+
+  validation {
+    condition     = var.image_uri == null || can(regex("^[0-9]{12}.dkr.ecr.[a-zA-Z0-9-]+.amazonaws.com/.+$", var.image_uri))
+    error_message = "The image_uri must be a valid ECR URI, or it can be left null."
+  }
+}
+
 variable "kms_key_arn" {
   type        = string
   default     = null
@@ -176,12 +187,6 @@ variable "s3_object_version" {
   description = "The object version containing the function's deployment package"
 }
 
-variable "security_group_ids" {
-  type        = list(string)
-  default     = []
-  description = "The security group(s) for running the Lambda within the VPC. If not specified a minimal default SG will be created"
-}
-
 variable "security_group_egress_rules" {
   type = list(object({
     cidr_ipv4                    = optional(string)
@@ -202,6 +207,12 @@ variable "security_group_egress_rules" {
   }
 }
 
+variable "security_group_ids" {
+  type        = list(string)
+  default     = []
+  description = "The security group(s) for running the Lambda within the VPC. If not specified a minimal default SG will be created"
+}
+
 variable "security_group_name_prefix" {
   type        = string
   default     = null