Merge pull request #13 from SPHTech-Platform/feature/create-role-handling

Create lambda role and create cloudwatch log group variable toggle support

Author: jmonte-sph

README.md

@@ -51,6 +51,8 @@
 | <a name="input_create_github_actions_oidc_provider"></a> [create\_github\_actions\_oidc\_provider](#input\_create\_github\_actions\_oidc\_provider) | Controls Whether to create openid connect provider. | `bool` | `false` | no |
 | <a name="input_create_github_actions_role"></a> [create\_github\_actions\_role](#input\_create\_github\_actions\_role) | Controls whether to create AWS OIDC integration GitHub Actions | `bool` | `true` | no |
 | <a name="input_create_lambda_function_url"></a> [create\_lambda\_function\_url](#input\_create\_lambda\_function\_url) | Controls whether the Lambda Function URL resource should be created | `bool` | `false` | no |
+| <a name="input_create_lambda_role"></a> [create\_lambda\_role](#input\_create\_lambda\_role) | Controls whether the Lambda Role | `bool` | `true` | no |
+| <a name="input_create_lambda_cloudwatch_log_group"></a> [create\_lambda\_cloudwatch\_log\_group](#input\_create\_lambda\_cloudwatch\_log\_group) | Controls whether the Lambda Role | `bool` | `true` | no |
 | <a name="input_create_unqualified_alias_lambda_function_url"></a> [create\_unqualified\_alias\_lambda\_function\_url](#input\_create\_unqualified\_alias\_lambda\_function\_url) | Whether to use unqualified alias pointing to $LATEST version in Lambda Function URL | `bool` | `true` | no |
 | <a name="input_dead_letter_target_arn"></a> [dead\_letter\_target\_arn](#input\_dead\_letter\_target\_arn) | The ARN of an SNS topic or SQS queue to notify when an invocation fails. | `string` | `null` | no |
 | <a name="input_default_conditions"></a> [default\_conditions](#input\_default\_conditions) | (Optional) Default condtions to apply, at least one of the following is madatory: 'allow\_main', 'allow\_environment', 'deny\_pull\_request' and 'allow\_all'. | `list(string)` | <pre>[<br>  "allow_main",<br>  "allow_environment"<br>]</pre> | no |

main.tf

@@ -50,6 +50,7 @@ module "lambda" {
   authorization_type                           = var.authorization_type
   cors                                         = var.cors
 
+  create_role              = var.create_lambda_role
   role_name                = var.role_name
   attach_policy_jsons      = var.attach_policy_jsons
   attach_policy_json       = var.attach_policy_json
@@ -68,5 +69,6 @@ module "lambda" {
   number_of_policy_jsons = var.number_of_policy_jsons
   number_of_policies     = var.number_of_managed_policies
 
+  use_existing_cloudwatch_log_group = !var.create_lambda_cloudwatch_log_group
   cloudwatch_logs_retention_in_days = var.cloudwatch_logs_retention_in_days
 }

variables.tf

@@ -16,6 +16,18 @@ variable "create_lambda_function_url" {
   default     = false
 }
 
+variable "create_lambda_role" {
+  description = "Controls whether the Lambda Role"
+  type        = bool
+  default     = true
+}
+
+variable "create_lambda_cloudwatch_log_group" {
+  description = "Controls whether the Lambda Role"
+  type        = bool
+  default     = true
+}
+
 ######################################
 # AWS OIDC integration GitHub Actions
 ######################################