feat: Add variable create_lambda_permission in notification module (#302)

Co-authored-by: Max Rabin <[email protected]>

Author: maxrabin

modules/notification/README.md

@@ -40,6 +40,7 @@ No modules.
 | <a name="input_bucket"></a> [bucket](#input\_bucket) | Name of S3 bucket to use | `string` | `""` | no |
 | <a name="input_bucket_arn"></a> [bucket\_arn](#input\_bucket\_arn) | ARN of S3 bucket to use in policies | `string` | `null` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no |
+| <a name="input_create_lambda_permission"></a> [create\_lambda\_permission](#input\_create\_lambda\_permission) | Whether to create Lambda permissions or not? | `bool` | `true` | no |
 | <a name="input_create_sns_policy"></a> [create\_sns\_policy](#input\_create\_sns\_policy) | Whether to create a policy for SNS permissions or not? | `bool` | `true` | no |
 | <a name="input_create_sqs_policy"></a> [create\_sqs\_policy](#input\_create\_sqs\_policy) | Whether to create a policy for SQS permissions or not? | `bool` | `true` | no |
 | <a name="input_eventbridge"></a> [eventbridge](#input\_eventbridge) | Whether to enable Amazon EventBridge notifications | `bool` | `null` | no |

modules/notification/main.tf

@@ -60,7 +60,7 @@ resource "aws_s3_bucket_notification" "this" {
 
 # Lambda
 resource "aws_lambda_permission" "allow" {
-  for_each = var.lambda_notifications
+  for_each = { for k, v in var.lambda_notifications : k => v if var.create_lambda_permission }
 
   statement_id_prefix = "AllowLambdaS3BucketNotification-"
   action              = "lambda:InvokeFunction"

modules/notification/variables.tf

@@ -16,6 +16,12 @@ variable "create_sqs_policy" {
   default     = true
 }
 
+variable "create_lambda_permission" {
+  description = "Whether to create Lambda permissions or not?"
+  type        = bool
+  default     = true
+}
+
 variable "bucket" {
   description = "Name of S3 bucket to use"
   type        = string

wrappers/notification/main.tf

@@ -3,13 +3,14 @@ module "wrapper" {
 
   for_each = var.items
 
-  bucket               = try(each.value.bucket, var.defaults.bucket, "")
-  bucket_arn           = try(each.value.bucket_arn, var.defaults.bucket_arn, null)
-  create               = try(each.value.create, var.defaults.create, true)
-  create_sns_policy    = try(each.value.create_sns_policy, var.defaults.create_sns_policy, true)
-  create_sqs_policy    = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true)
-  eventbridge          = try(each.value.eventbridge, var.defaults.eventbridge, null)
-  lambda_notifications = try(each.value.lambda_notifications, var.defaults.lambda_notifications, {})
-  sns_notifications    = try(each.value.sns_notifications, var.defaults.sns_notifications, {})
-  sqs_notifications    = try(each.value.sqs_notifications, var.defaults.sqs_notifications, {})
+  bucket                   = try(each.value.bucket, var.defaults.bucket, "")
+  bucket_arn               = try(each.value.bucket_arn, var.defaults.bucket_arn, null)
+  create                   = try(each.value.create, var.defaults.create, true)
+  create_lambda_permission = try(each.value.create_lambda_permission, var.defaults.create_lambda_permission, true)
+  create_sns_policy        = try(each.value.create_sns_policy, var.defaults.create_sns_policy, true)
+  create_sqs_policy        = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true)
+  eventbridge              = try(each.value.eventbridge, var.defaults.eventbridge, null)
+  lambda_notifications     = try(each.value.lambda_notifications, var.defaults.lambda_notifications, {})
+  sns_notifications        = try(each.value.sns_notifications, var.defaults.sns_notifications, {})
+  sqs_notifications        = try(each.value.sqs_notifications, var.defaults.sqs_notifications, {})
 }