xpk/terraform.examples
SHA256
1
0
Fork 0
Code Pull Requests Activity

feat: LambdaAccessKey module

Browse Source
This commit is contained in:
xpk
2026-06-14 16:05:47 +08:00
parent 2ef2ad1571
commit 5611195a0d
8 changed files with 419 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security_identity_compliance/LambdaAccessKey/README.md
+80
View File
@@ -0,0 +1,80 @@
<!-- This readme file is generated with terraform-docs -->
## Example
```hcl
module "TrustedAccess" {
source = "../"
role_name = "TrustedAccess"
}
```
# LambdaAccessKey
Module to create a lambda function, which assumes to a certain role and
get temporary access credentials. The lambda function url is protected
by cloudfront and origin access control. Credentials are encrypted. Once
resources are deployed, run client.py to send http request and decrypt
the response
Cloudfront fixed-rate pricing cannot be controlled by terraform or awscli
at time of writing. Change to the free plan on aws console.
To destroy the cloudfront distribution, you need to cancel the fixed rate plan
## Requirements
No requirements.
## Providers
| Name | Version |
| ---- | ------- |
| archive | n/a |
| aws | n/a |
| local | n/a |
| random | n/a |
## Modules
| Name | Source | Version |
| ---- | ------ | ------- |
| LambdaExecRole | ../iam-role-v2 | n/a |
| TargetIam | ../iam-role-v2 | n/a |
## Resources
| Name | Type |
| ---- | ---- |
| [aws_cloudfront_distribution.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution) | resource |
| [aws_cloudfront_origin_access_control.CloudfrontOac](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_origin_access_control) | resource |
| [aws_iam_policy.LamdaExecRole](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
| [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
| [aws_lambda_function_url.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url) | resource |
| [aws_lambda_permission.AllowCloudFrontServicePrincipal](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.AllowCloudFrontServicePrincipalInvokeFunction](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [local_file.FunctionCode](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [local_file.client](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
| [random_password.this](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource |
| [random_uuid.ExternalId](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) | resource |
| [archive_file.LambdaZip](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_cloudfront_cache_policy.NoCache](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_cache_policy) | data source |
| [aws_cloudfront_origin_request_policy.AllButHost](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/cloudfront_origin_request_policy) | data source |
## Inputs
| Name | Description | Type | Default | Required |
| ---- | ----------- | ---- | ------- | :------: |
| role\_name | Name of target role | `string` | n/a | yes |
## Outputs
| Name | Description |
| ---- | ----------- |
| CloudFrontDist | n/a |
| LambdaFunctionArn | n/a |
| TargetRole | n/a |
---
## Authorship
This module was developed by UPDATE_THIS.