Introduction

This repository contains the necessary files and configurations to deploy an AWS Lambda function to using Terraform and GitHub Actions.

Table of Contents

• Use Case 1: Create AWS Lambda using Terraform
• Use Case 2: Securely connect an AWS Lambda to Amazon VPC
• Prerequisites
• Usage
• Contributing
• License

Use Case 1: Create an AWS Lambda function using Terraform

🔔 Attention: The code for this specific use case is located in the add-lambda branch. Please refer to this branch instead of the default main branch. 🔔 This use case covers the process of creating an AWS Lambda function using Terraform. For details, please check -create-aws-lambda-using-github-actions.

Use Case 2: Securely connect an AWS Lambda to Amazon VPC

🔔 Attention: The code for this specific use case is located in the add-vpc branch. Please refer to this branch instead of the default main branch. 🔔 AWS Lambda can be connected to a custom Amazon Virtual Private Cloud (VPC). Doing so, provides enhanced security by allowing cloud engineering teams to control access to resources through VPC security groups and network access control lists (ACLs). It also enables the Lambda functions to connect to private resources, such as databases and internal services, without exposing them to the public Internet. Additionally, deploying Lambda within a VPC can improve compliance with regulatory requirements by keeping data within a defined network boundary.
This use case covers the process of securely connecting an AWS Lambda function to an Amazon VPC. For details, please check -securely-connect-an-aws-lambda-to-an-amazon-vpc-using-terraform.

Additionally, this repository includes:
- a Checkov pipeline for scanning the Terraform code for security and compliance issues.

The entire setup and deployment process is automated via the GitHub Actions pipelines, eliminating the need for manual steps.

Prerequisites

For this code to function without errors, create an OpenID connect identity provider in Amazon Identity and Access Management that has a trust relationship with your GitHub repository. You can read about it here to get a detailed explanation with steps.
Store the ARN of the IAM Role as a GitHub secret which is referred in the terraform.yml file.
For the Infracost integration, create an INFRACOST_API_KEY and store that as a GitHub Actions secret. You can manage the cost estimate process using a GitHub Actions variable INFRACOST_SCAN_TYPE where the value is either hcl_code or tf_plan, depending on the type of scan desired.
You can read about that at - integrate-Infracost-with-GitHub-Actions.

Usage

Ensure that the policy attached to the IAM role whose credentials are being used in this configuration has permission to create and manage all the resources that are included in this repository.
Review the code including the terraform.yml to understand the steps in the GitHub Actions pipeline. Also review the terraform code to understand all the concepts associated with creating the AWS Cloud resources..

If you want to check the pipeline logs, click on the Build Badges above the image in this ReadMe.

Contributing

If you find any issues or have suggestions for improvement, feel free to open an issue or submit a pull request. Contributions are always welcome!

License

This code is released under the Unlicense License. See LICENSE.