@@ -166,6 +166,155 @@ resource "aws_lambda_function" "this" {
166166 ]
167167}
168168
169+ resource "aws_lambda_function" "image_function" {
170+ count = . create && var. create_function && ! var. create_layer && var. ignore_image_uri ? 1 : 0
171+
172+ function_name = . function_name
173+ description = . description
174+ role = . create_role ? aws_iam_role. lambda [0 ]. arn : var. lambda_role
175+ handler = . package_type != " Zip" ? null : var. handler
176+ memory_size = . memory_size
177+ reserved_concurrent_executions = . reserved_concurrent_executions
178+ runtime = . package_type != " Zip" ? null : var. runtime
179+ layers = . layers
180+ timeout = . lambda_at_edge ? min (var. timeout , 30 ) : var. timeout
181+ publish = . lambda_at_edge || var. snap_start ) ? true : var. publish
182+ kms_key_arn = . kms_key_arn
183+ image_uri = . image_uri
184+ package_type = . package_type
185+ architectures = . architectures
186+ code_signing_config_arn = . code_signing_config_arn
187+ replace_security_groups_on_destroy = . replace_security_groups_on_destroy
188+ replacement_security_group_ids = . replacement_security_group_ids
189+ skip_destroy = . skip_destroy
190+
191+ /* ephemeral_storage is not supported in gov-cloud region, so it should be set to `null` */
192+ dynamic "ephemeral_storage" {
193+ for_each = . ephemeral_storage_size == null ? [] : [true ]
194+
195+ content {
196+ size = . ephemeral_storage_size
197+ }
198+ }
199+
200+ filename = . filename
201+ source_code_hash = . ignore_source_code_hash ? null : (local. filename == null ? false : fileexists (local. filename )) && ! local. was_missing ? filebase64sha256 (local. filename ) : null
202+
203+ s3_bucket = . s3_bucket
204+ s3_key = . s3_key
205+ s3_object_version = . s3_object_version
206+
207+ dynamic "image_config" {
208+ for_each = length (var. image_config_entry_point ) > 0 || length (var. image_config_command ) > 0 || var. image_config_working_directory != null ? [true ] : []
209+ content {
210+ entry_point = . image_config_entry_point
211+ command = . image_config_command
212+ working_directory = . image_config_working_directory
213+ }
214+ }
215+
216+ dynamic "environment" {
217+ for_each = length (keys (var. environment_variables )) == 0 ? [] : [true ]
218+ content {
219+ variables = . environment_variables
220+ }
221+ }
222+
223+ dynamic "dead_letter_config" {
224+ for_each = . dead_letter_target_arn == null ? [] : [true ]
225+ content {
226+ target_arn = . dead_letter_target_arn
227+ }
228+ }
229+
230+ dynamic "tracing_config" {
231+ for_each = . tracing_mode == null ? [] : [true ]
232+ content {
233+ mode = . tracing_mode
234+ }
235+ }
236+
237+ dynamic "vpc_config" {
238+ for_each = . vpc_subnet_ids != null && var. vpc_security_group_ids != null ? [true ] : []
239+ content {
240+ security_group_ids = . vpc_security_group_ids
241+ subnet_ids = . vpc_subnet_ids
242+ }
243+ }
244+
245+ dynamic "file_system_config" {
246+ for_each = . file_system_arn != null && var. file_system_local_mount_path != null ? [true ] : []
247+ content {
248+ local_mount_path = . file_system_local_mount_path
249+ arn = . file_system_arn
250+ }
251+ }
252+
253+ dynamic "snap_start" {
254+ for_each = . snap_start ? [true ] : []
255+
256+ content {
257+ apply_on = " PublishedVersions"
258+ }
259+ }
260+
261+ dynamic "logging_config" {
262+ # Dont create logging config on gov cloud as it is not avaible.
263+ # See https://github.com/hashicorp/terraform-provider-aws/issues/34810
264+ for_each = . aws_partition . current . partition == " aws" ? [true ] : []
265+
266+ content {
267+ log_group = . logging_log_group
268+ log_format = . logging_log_format
269+ application_log_level = . logging_log_format == " Text" ? null : var. logging_application_log_level
270+ system_log_level = . logging_log_format == " Text" ? null : var. logging_system_log_level
271+ }
272+ }
273+
274+ dynamic "timeouts" {
275+ for_each = length (var. timeouts ) > 0 ? [true ] : []
276+
277+ content {
278+ create = try (var. timeouts . create , null )
279+ update = try (var. timeouts . update , null )
280+ delete = try (var. timeouts . delete , null )
281+ }
282+ }
283+
284+ tags = merge (
285+ { terraform-aws-modules = " lambda"
286+ var. tags ,
287+ var. function_tags
288+ )
289+
290+ depends_on =
291+ null_resource. archive ,
292+ aws_s3_object . lambda_package ,
293+
294+ # Depending on the log group is necessary to allow Terraform to create the log group before AWS can.
295+ # When a lambda function is invoked, AWS creates the log group automatically if it doesn't exist yet.
296+ # Without the dependency, this can result in a race condition if the lambda function is invoked before
297+ # Terraform can create the log group.
298+ aws_cloudwatch_log_group . lambda ,
299+
300+ # Before the lambda is created the execution role with all its policies should be ready
301+ aws_iam_role_policy_attachment . additional_inline ,
302+ aws_iam_role_policy_attachment . additional_json ,
303+ aws_iam_role_policy_attachment . additional_jsons ,
304+ aws_iam_role_policy_attachment . additional_many ,
305+ aws_iam_role_policy_attachment . additional_one ,
306+ aws_iam_role_policy_attachment . async ,
307+ aws_iam_role_policy_attachment . logs ,
308+ aws_iam_role_policy_attachment . dead_letter ,
309+ aws_iam_role_policy_attachment . vpc ,
310+ aws_iam_role_policy_attachment . tracing ,
311+ ]
312+ lifecycle {
313+ ignore_changes = image_uri ]
314+ }
315+
316+ }
317+
169318resource "aws_lambda_layer_version" "this" {
170319 count = . create && var. create_layer ? 1 : 0
171320
0 commit comments