Skip to content

Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.

License

Notifications You must be signed in to change notification settings

SpectralOps/spectral-terraform-lambda-integration

Repository files navigation

drawing

spectral-lambda-integration

Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.

Requirements

Name Version
terraform >= 1.3.0
aws >= 5.26.0

Providers

Name Version
aws >= 5.26.0
random n/a

Modules

Name Source Version
api_gateway ./modules/api_gateway n/a
backend_lambda_function ./modules/lambda n/a
frontend_lambda_function ./modules/lambda n/a
lambda_function ./modules/lambda n/a
lambda_role ./modules/role n/a
secrets_manager ./modules/secrets_manager n/a

Inputs

Name Description Type Default Required
backend_lambda_source_code_path Path to the lambda source code zip file of the backend lambda string null no
env_vars Extendable object contains all required environment variables required for the integration. map(string)
{
"CHECK_POLICY": "Fail on errors only",
"SPECTRAL_DSN": ""
}
no
environment The target environment name for deployment. string "prod" no
frontend_lambda_source_code_path Path to the lambda source code zip file of the frontend lambda string null no
gateway_api_integration_timeout_milliseconds Timeout for the API Gateway to wait for lambda response number 29000 no
global_tags A list of tags to apply on all newly created resources. map(string)
{
"BusinessUnit": "Spectral"
}
no
integration_type Spectral integration type (A unique phrase describing the integration) - Available values: github, terraform, jira and gitlab string n/a yes
lambda_enable_logs Specifies if Lambda should have CloudWatch a dedicated logs group. bool false no
lambda_function_memory_size Amount of memory in MB your Lambda Function can use at runtime. Defaults to 1024. number 1024 no
lambda_function_timeout Amount of time your Lambda Function has to run in seconds. number 300 no
lambda_logs_retention_in_days Specifies the number of days you want to retain log events in the specified log group. number 30 no
lambda_publish Whether to publish creation/change as new Lambda Function Version. bool false no
lambda_source_code_path Path to the lambda source code zip file string null no
resource_name_common_part A common part for all resources created under the stack string null no
secrets_names Names of secrets to create list(string) null no
store_secret_in_secrets_manager Whether to store your secrets in secrets manager, default is false bool false no
tags A collection of tags grouped by key representing it's target resource. map(map(string))
{
"api_gateway": {},
"iam": {},
"lambda": {}
}
no
vpc_config Configuration block for VPC settings for the Lambda function, including subnet IDs and security group IDs.
object({
subnet_ids = list(string)
security_group_ids = list(string)
})
null no

env_vars

In some integrations, Spectral requires some environment variables besides the default ones. Those variables should be added to the env_vars.

Please refer to our docs / source pages to view the extra environment variables needed for the integration.

global_tags

This variable holds a list of tags be applied on all newly created resources:

{
  BusinessUnit = "Spectral"
  ...
}

tags

This variable holds a collection of tags grouped by key representing its target resource:

  1. IAM role resource - using the iam key
  2. Lambda resource - using the lambda key
  3. ApiGateway resource - using the api_gateway key
{
  iam = {
    ...
  }
  lambda = {
    ...
  }
  api_gateway = {
    ...
  }
}

Usage

module "spectral_lambda_integration" {
  source                        = "github.com/SpectralOps/spectral-terraform-lambda-integration"

  environment                   = "prod"
  integration_type              = "terraform"
  lambda_enable_logs            = true
  lambda_logs_retention_in_days = 30
  lambda_publish                = false
  lambda_function_timeout       = 300
  lambda_function_memory_size   = 1024

  # Environment variables used by the integration
  env_vars = {
    # Mandatory (unless you are using vault) - Your spectral DSN retrieved from SpectralOps
    SPECTRAL_DSN       = ""
    # Additional env-vars should go here
  }

  # Global tags - Tags to be applied on every newly created resource
  global_tags = {
    # Tags to apply to all newly created resources
    BusinessUnit = "Spectral"
  }

  # Tags to be applied on concrete resources
  tags = {
    # Tags to apply on iam related resources
    iam = {
      Resource = "role"
    }
    # Tags to apply on lambda related resources
    lambda = {
      Resource = "lambda"
    }
    # Tags to apply on api_gateway related resources
    api_gateway = {
      Resource = "api_gateway"
    }
  }
}

Resources

Name Type
aws_api_gateway_rest_api resource
aws_api_gateway_method resource
aws_api_gateway_method_response resource
aws_api_gateway_integration resource
aws_api_gateway_deployment resource
aws_api_gateway_stage resource
aws_lambda_permission resource
aws_lambda_function resource
aws_cloudwatch_log_group resource
aws_iam_role resource
aws_iam_role_policy_attachment resource
aws_iam_policy_document data

Outputs

This module has the following outputs

Name Description
lambda_function_arn Amazon Resource Name (ARN) identifying your Lambda Function
lambda_function_name The name of the lambda function
lambda_iam_role_arn Amazon Resource Name (ARN) specifying the role
lambda_iam_role_name Name of the role
rest_api_arn Amazon Resource Name (ARN) identifying your Rest API
rest_api_execution_arn The execution ARN part to be used in lambda_permission's source_arn, not concatenated to other allowed API resources
rest_api_id The ID of the REST API
rest_api_lambda_execution_arn The execution ARN part to be used in lambda_permission's source_arn, concatenated with allowed API resources (method & path)
rest_api_url The URL for accessing the lambda through the ApiGateway
secrets_arns Arns of created secrets in secrets manager

Support

For GitHub deployment - only bot version 2.x is supported. The default GitHub bot version that this module deploys is 2.0.4, if you wish to use other versions please set local paths to the relevant ZIP files.

About

Terraform configuration used to create the required AWS resources for integrating between Spectral and external service providers.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages