Merge pull request #80 from claranet/jnesbitt/add-enabled-option

Jnesbitt/add enabled option

Author: bwdjames

README.md

@@ -79,6 +79,7 @@ Inputs for this module are the same as the [aws_lambda_function](https://www.ter
 | lambda\_at\_edge | Set this to true if using Lambda@Edge, to enable publishing, limit the timeout, and allow edgelambda.amazonaws.com to invoke the function | `bool` | `false` | no |
 | policy | An additional policy to attach to the Lambda function role | `object({json=string})` | | no |
 | trusted\_entities | Additional trusted entities for the Lambda function. The lambda.amazonaws.com (and edgelambda.amazonaws.com if lambda\_at\_edge is true) is always set  | `list(string)` | | no |
+| enabled | Enabling and disaling of resources | `bool` | `true` | no |
 
 The following arguments from the [aws_lambda_function](https://www.terraform.io/docs/providers/aws/r/lambda_function.html) resource are not supported:
 

archive.tf

@@ -1,6 +1,8 @@
 # Generates a filename for the zip archive based on the contents of the files
 # in source_path. The filename will change when the source code changes.
 data "external" "archive" {
+  count = var.enabled ? 1 : 0
+
   program = ["python", "${path.module}/hash.py"]
 
   query = {
@@ -14,12 +16,14 @@ data "external" "archive" {
 
 # Build the zip archive whenever the filename changes.
 resource "null_resource" "archive" {
+  count = var.enabled ? 1 : 0
+
   triggers = {
-    filename = lookup(data.external.archive.result, "filename")
+    filename = lookup(data.external.archive[0].result, "filename")
   }
 
   provisioner "local-exec" {
-    command     = lookup(data.external.archive.result, "build_command")
+    command     = lookup(data.external.archive[0].result, "build_command")
     working_dir = path.module
   }
 }
@@ -30,12 +34,14 @@ resource "null_resource" "archive" {
 # deletes the Lambda function. If the file is rebuilt here, the build
 # output is unfortunately invisible.
 data "external" "built" {
+  count = var.enabled ? 1 : 0
+
   program = ["python", "${path.module}/built.py"]
 
   query = {
-    build_command  = lookup(data.external.archive.result, "build_command")
-    filename_old   = lookup(null_resource.archive.triggers, "filename")
-    filename_new   = lookup(data.external.archive.result, "filename")
+    build_command  = lookup(data.external.archive[0].result, "build_command")
+    filename_old   = lookup(null_resource.archive[0].triggers, "filename")
+    filename_new   = lookup(data.external.archive[0].result, "filename")
     module_relpath = path.module
   }
 }

iam.tf

@@ -1,6 +1,8 @@
 # Create the role.
 
 data "aws_iam_policy_document" "assume_role" {
+  count = var.enabled ? 1 : 0
+
   statement {
     effect  = "Allow"
     actions = ["sts:AssumeRole"]
@@ -13,8 +15,10 @@ data "aws_iam_policy_document" "assume_role" {
 }
 
 resource "aws_iam_role" "lambda" {
+  count = var.enabled ? 1 : 0
+
   name               = var.function_name
-  assume_role_policy = data.aws_iam_policy_document.assume_role.json
+  assume_role_policy = data.aws_iam_policy_document.assume_role[0].json
   tags               = var.tags
 }
 
@@ -27,7 +31,7 @@ locals {
 }
 
 data "aws_iam_policy_document" "logs" {
-  count = var.cloudwatch_logs ? 1 : 0
+  count = var.enabled && var.cloudwatch_logs ? 1 : 0
 
   statement {
     effect = "Allow"
@@ -54,24 +58,24 @@ data "aws_iam_policy_document" "logs" {
 }
 
 resource "aws_iam_policy" "logs" {
-  count = var.cloudwatch_logs ? 1 : 0
+  count = var.enabled && var.cloudwatch_logs ? 1 : 0
 
   name   = "${var.function_name}-logs"
   policy = data.aws_iam_policy_document.logs[0].json
 }
 
 resource "aws_iam_policy_attachment" "logs" {
-  count = var.cloudwatch_logs ? 1 : 0
+  count = var.enabled && var.cloudwatch_logs ? 1 : 0
 
   name       = "${var.function_name}-logs"
-  roles      = [aws_iam_role.lambda.name]
+  roles      = [aws_iam_role.lambda[0].name]
   policy_arn = aws_iam_policy.logs[0].arn
 }
 
 # Attach an additional policy required for the dead letter config.
 
 data "aws_iam_policy_document" "dead_letter" {
-  count = var.dead_letter_config == null ? 0 : 1
+  count = var.dead_letter_config == null ? 0 : var.enabled ? 1 : 0
 
   statement {
     effect = "Allow"
@@ -88,24 +92,24 @@ data "aws_iam_policy_document" "dead_letter" {
 }
 
 resource "aws_iam_policy" "dead_letter" {
-  count = var.dead_letter_config == null ? 0 : 1
+  count = var.dead_letter_config == null ? 0 : var.enabled ? 1 : 0
 
   name   = "${var.function_name}-dl"
   policy = data.aws_iam_policy_document.dead_letter[0].json
 }
 
 resource "aws_iam_policy_attachment" "dead_letter" {
-  count = var.dead_letter_config == null ? 0 : 1
+  count = var.dead_letter_config == null ? 0 : var.enabled ? 1 : 0
 
   name       = "${var.function_name}-dl"
-  roles      = [aws_iam_role.lambda.name]
+  roles      = [aws_iam_role.lambda[0].name]
   policy_arn = aws_iam_policy.dead_letter[0].arn
 }
 
 # Attach an additional policy required for the VPC config
 
 data "aws_iam_policy_document" "network" {
-  count = var.vpc_config == null ? 0 : 1
+  count = var.vpc_config == null ? 0 : var.enabled ? 1 : 0
 
   statement {
     effect = "Allow"
@@ -123,33 +127,33 @@ data "aws_iam_policy_document" "network" {
 }
 
 resource "aws_iam_policy" "network" {
-  count = var.vpc_config == null ? 0 : 1
+  count = var.vpc_config == null ? 0 : var.enabled ? 1 : 0
 
   name   = "${var.function_name}-network"
   policy = data.aws_iam_policy_document.network[0].json
 }
 
 resource "aws_iam_policy_attachment" "network" {
-  count = var.vpc_config == null ? 0 : 1
+  count = var.vpc_config == null ? 0 : var.enabled ? 1 : 0
 
   name       = "${var.function_name}-network"
-  roles      = [aws_iam_role.lambda.name]
+  roles      = [aws_iam_role.lambda[0].name]
   policy_arn = aws_iam_policy.network[0].arn
 }
 
 # Attach an additional policy if provided.
 
 resource "aws_iam_policy" "additional" {
-  count = var.policy == null ? 0 : 1
+  count = var.policy == null ? 0 : var.enabled ? 1 : 0
 
   name   = var.function_name
   policy = var.policy.json
 }
 
 resource "aws_iam_policy_attachment" "additional" {
-  count = var.policy == null ? 0 : 1
+  count = var.policy == null ? 0 : var.enabled ? 1 : 0
 
   name       = var.function_name
-  roles      = [aws_iam_role.lambda.name]
+  roles      = [aws_iam_role.lambda[0].name]
   policy_arn = aws_iam_policy.additional[0].arn
 }

lambda.tf

@@ -1,8 +1,8 @@
 resource "aws_lambda_function" "lambda" {
-
+  count                          = var.enabled ? 1 : 0
   function_name                  = var.function_name
   description                    = var.description
-  role                           = aws_iam_role.lambda.arn
+  role                           = aws_iam_role.lambda[0].arn
   handler                        = var.handler
   memory_size                    = var.memory_size
   reserved_concurrent_executions = var.reserved_concurrent_executions
@@ -14,7 +14,7 @@ resource "aws_lambda_function" "lambda" {
 
   # Use a generated filename to determine when the source code has changed.
 
-  filename   = data.external.built.result.filename
+  filename   = data.external.built[0].result.filename
   depends_on = [null_resource.archive]
 
   # Add dynamic blocks based on variables.

outputs.tf

@@ -1,29 +1,29 @@
 output "function_arn" {
   description = "The ARN of the Lambda function"
-  value       = aws_lambda_function.lambda.arn
+  value       = join("", aws_lambda_function.lambda.*.arn)
 }
 
 output "function_invoke_arn" {
   description = "The Invoke ARN of the Lambda function"
-  value       = aws_lambda_function.lambda.invoke_arn
+  value       = join("", aws_lambda_function.lambda.*.invoke_arn)
 }
 
 output "function_name" {
   description = "The name of the Lambda function"
-  value       = aws_lambda_function.lambda.function_name
+  value       = join("", aws_lambda_function.lambda.*.function_name)
 }
 
 output "function_qualified_arn" {
   description = "The qualified ARN of the Lambda function"
-  value       = aws_lambda_function.lambda.qualified_arn
+  value       = join("", aws_lambda_function.lambda.*.qualified_arn)
 }
 
 output "role_arn" {
   description = "The ARN of the IAM role created for the Lambda function"
-  value       = aws_iam_role.lambda.arn
+  value       = join("", aws_iam_role.lambda.*.arn)
 }
 
 output "role_name" {
   description = "The name of the IAM role created for the Lambda function"
-  value       = aws_iam_role.lambda.name
+  value       = join("", aws_iam_role.lambda.*.name)
 }

tests/dead-letter-queue/main.tf

@@ -31,4 +31,6 @@ module "lambda" {
   dead_letter_config = {
     target_arn = aws_sqs_queue.dlq.arn
   }
+
+  enabled = true
 }

tests/environment-variables/main.tf

@@ -30,4 +30,6 @@ module "lambda" {
       ARN = aws_iam_user.test.arn
     }
   }
+
+  enabled = true
 }

variables.tf

@@ -134,3 +134,9 @@ variable "vpc_config" {
   })
   default = null
 }
+
+variable "enabled" {
+  description = "Enable or disable the Lambda resources."
+  type        = bool
+  default     = true
+}