feat: added lambda layer

LocalStack/Compute/LabLambda/main.tf

@@ -0,0 +1,68 @@
+/**
+* # LabLambda
+*
+* Download python packages and create lambda layer
+* Create lambda function and allow invocation from scheduler
+*
+* ## Notes
+* Packages need to be placed under a python/ subdirectory.
+* e.g. python/pandas in the zip file
+* See https://docs.aws.amazon.com/lambda/latest/dg/packaging-layers.html
+ */
+
+# build python package zip file
+module "lambda_layer_archive" {
+  source = "../../../modules/compute/LambdaZipBuilder"
+
+  pip_packages         = "pandas numpy pytz openpyxl"
+  upload_archive_to_s3 = false
+  pip_path             = "/my/work/xpk-git/venv314/bin/pip3"
+}
+
+# create lambda layer
+resource "aws_lambda_layer_version" "py_packages" {
+  description         = "Python packages pandas numpy pytz openpyxl"
+  filename            = module.lambda_layer_archive.archive_path
+  source_code_hash    = module.lambda_layer_archive.archive_checksum
+  layer_name          = "py_packages"
+  compatible_runtimes = ["python3.14"]
+}
+
+resource "archive_file" "lambda_function_archive" {
+  source_file = "${path.module}/helloworld.py"
+  output_path = "/tmp/helloworld.zip"
+  type        = "zip"
+}
+
+resource "aws_lambda_function" "func1" {
+  function_name    = "HelloWorldFunction"
+  runtime          = "python3.14"
+  timeout          = 5
+  role             = module.lambda_role.role-arn
+  filename         = archive_file.lambda_function_archive.output_path
+  source_code_hash = archive_file.lambda_function_archive.output_sha256
+  handler          = "helloworld.lambda_handler"
+  layers           = [aws_lambda_layer_version.py_packages.arn]
+  environment {
+    variables = {
+      foo = "bar"
+    }
+  }
+}
+
+# Allow invocation by eventbridge scheduler
+resource "aws_lambda_permission" "func1" {
+  statement_id  = "AllowExecutionFromScheduler"
+  function_name = aws_lambda_function.func1.function_name
+  action        = "lambda:InvokeFunction"
+  principal     = "scheduler.amazonaws.com"
+}
+
+module "lambda_role" {
+  source                  = "../../../modules/security_identity_compliance/iam-role-v2"
+  role-name               = "LambdaFunctionRole"
+  description             = "LambdaFunctionRole"
+  create-instance-profile = false
+  path                    = "/Lambda/"
+  trusted-entity          = "lambda.amazonaws.com"
+}