eligibility-signposting-api/infrastructure/modules/lambda/lambda.tf at 48a406535da34bab6ff6492c771d46028dd1422c · NHSDigital/eligibility-signposting-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
resource "aws_lambda_function" "eligibility_signposting_lambda" {
  #checkov:skip=CKV_AWS_116: No deadletter queue is configured for this Lambda function, yet
  #checkov:skip=CKV_AWS_115: Concurrent execution limit will be set at APIM level, not at Lambda level
  #checkov:skip=CKV_AWS_272: Skipping code signing but flagged to create ticket to investigate on ELI-238
  # If the file is not in the current working directory you will need to include a
  # path.module in the filename.
  filename      = var.file_name
  function_name = var.lambda_func_name
  role          = var.eligibility_lambda_role_arn
  handler       = var.handler

  source_code_hash = filebase64sha256(var.file_name)

  runtime     = "python3.13"
  timeout     = 30
  memory_size = 2048

  environment {
    variables = {
      PERSON_TABLE_NAME          = var.eligibility_status_table_name,
      RULES_BUCKET_NAME          = var.eligibility_rules_bucket_name,
      KINESIS_AUDIT_STREAM_TO_S3 = var.kinesis_audit_stream_to_s3_name
      ENV                        = var.environment
      LOG_LEVEL                  = var.log_level
      ENABLE_XRAY_PATCHING       = var.enable_xray_patching
    }
  }

  kms_key_arn = aws_kms_key.lambda_cmk.arn

  vpc_config {
    subnet_ids         = var.vpc_intra_subnets
    security_group_ids = var.security_group_ids
  }

  tracing_config {
    mode = "Active"
  }
}