github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/lambda/AVD-AWS-0066/Terraform.md (about)

     1  
     2  Enable tracing
     3  
     4  ```hcl
     5   resource "aws_iam_role" "iam_for_lambda" {
     6     name = "iam_for_lambda"
     7   
     8     assume_role_policy = <<EOF
     9   {
    10     "Version": "2012-10-17",
    11     "Statement": [
    12       {
    13         "Action": "sts:AssumeRole",
    14         "Principal": {
    15           "Service": "lambda.amazonaws.com"
    16         },
    17         "Effect": "Allow",
    18         "Sid": ""
    19       }
    20     ]
    21   }
    22   EOF
    23   }
    24   
    25   resource "aws_lambda_function" "good_example" {
    26     filename      = "lambda_function_payload.zip"
    27     function_name = "lambda_function_name"
    28     role          = aws_iam_role.iam_for_lambda.arn
    29     handler       = "exports.test"
    30   
    31     # The filebase64sha256() function is available in Terraform 0.11.12 and later
    32     # For Terraform 0.11.11 and earlier, use the base64sha256() function and the file() function:
    33     # source_code_hash = "${base64sha256(file("lambda_function_payload.zip"))}"
    34     source_code_hash = filebase64sha256("lambda_function_payload.zip")
    35   
    36     runtime = "nodejs12.x"
    37   
    38     environment {
    39       variables = {
    40         foo = "bar"
    41       }
    42     }
    43     tracing_config {
    44       mode = "Active"
    45     }
    46   }
    47   
    48  ```
    49  
    50  #### Remediation Links
    51   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function#mode
    52