Added the VPC params when calling the slack_notify_lambda module (#26)

* Added the VPC params when calling the slack_lnotify_lambda module * Added some exceptions to .gitignore Updated the readme. * cloudposse/sns-lambda-notify-slack module version updated to 0.7.0 * Readme updated * Trivial change in main in an attempt to bypass /terratest
cloudposse · Jan 3, 2024 · ccdd6b2 · ccdd6b2
1 parent a05c34f
commit ccdd6b2
Show file tree

Hide file tree

Showing 8 changed files with 95 additions and 164 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -1,13 +1,14 @@
 {
   "extends": [
     "config:base",
-    ":preserveSemverRanges"
+    ":preserveSemverRanges",
+    ":rebaseStalePrs"
   ],
-  "baseBranches": ["main", "master", "/^release\\/v\\d{1,2}$/"],
+  "baseBranches": ["main"],
   "labels": ["auto-update"],
   "dependencyDashboardAutoclose": true,
   "enabledManagers": ["terraform"],
   "terraform": {
-    "ignorePaths": ["**/context.tf", "examples/**"]
+    "ignorePaths": ["**/context.tf"]
   }
 }
diff --git a/.github/workflows/release-branch.yml b/.github/workflows/release-branch.yml
@@ -10,6 +10,7 @@ on:
       - 'docs/**'
       - 'examples/**'
       - 'test/**'
+      - 'README.*'
 
 permissions:
   contents: write

diff --git a/.github/workflows/release-published.yml b/.github/workflows/release-published.yml
@@ -11,4 +11,4 @@ permissions:
 
 jobs:
   terraform-module:
-    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release.yml@main
+    uses: cloudposse/github-actions-workflows-terraform-module/.github/workflows/release-published.yml@main
diff --git a/.gitignore b/.gitignore
@@ -17,3 +17,10 @@
 # Crash log files
 crash.log
 test.log
+
+# MacOS files
+.DS_Store
+
+# Terraform lock files
+.terraform.lock.hcl
+
diff --git a/README.md b/README.md
diff --git a/docs/terraform.md b/docs/terraform.md
@@ -10,14 +10,14 @@
 
 | Name | Version |
 |------|---------|
-| <a name="provider_aws"></a> [aws](#provider\_aws) | >= 3.0 |
+| <a name="provider_aws"></a> [aws](#provider\_aws) | 5.31.0 |
 
 ## Modules
 
 | Name | Source | Version |
 |------|--------|---------|
 | <a name="module_kms_key"></a> [kms\_key](#module\_kms\_key) | cloudposse/kms-key/aws | 0.12.1 |
-| <a name="module_slack_notify_lambda"></a> [slack\_notify\_lambda](#module\_slack\_notify\_lambda) | cloudposse/sns-lambda-notify-slack/aws | 0.5.9 |
+| <a name="module_slack_notify_lambda"></a> [slack\_notify\_lambda](#module\_slack\_notify\_lambda) | cloudposse/sns-lambda-notify-slack/aws | 0.7.0 |
 | <a name="module_sns_topic"></a> [sns\_topic](#module\_sns\_topic) | cloudposse/sns-topic/aws | 0.20.2 |
 | <a name="module_this"></a> [this](#module\_this) | cloudposse/label/null | 0.25.0 |
 
@@ -61,6 +61,8 @@
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).<br>Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no |
 | <a name="input_tenant"></a> [tenant](#input\_tenant) | ID element \_(Rarely used, not included by default)\_. A customer identifier, indicating who this instance of a resource is for | `string` | `null` | no |
+| <a name="input_vpc_security_group_ids"></a> [vpc\_security\_group\_ids](#input\_vpc\_security\_group\_ids) | List of security group ids when the notifying Lambda Function should run in the VPC. | `list(string)` | `null` | no |
+| <a name="input_vpc_subnet_ids"></a> [vpc\_subnet\_ids](#input\_vpc\_subnet\_ids) | List of subnet ids when the notifying Lambda Function should run in the VPC. Usually private or intra subnets. | `list(string)` | `null` | no |
 
 ## Outputs
 

diff --git a/main.tf b/main.tf
@@ -89,12 +89,13 @@ module "sns_topic" {
 
 module "slack_notify_lambda" {
   source     = "cloudposse/sns-lambda-notify-slack/aws"
-  version    = "0.5.9"
+  version    = "0.7.0"
   enabled    = local.notifications_enabled
   attributes = ["budgets"]
 
   # use `module.sns_topic` instead of creating a new topic
   create_sns_topic = false
+
   # the underlying module uses this in a template string, and cannot be null, so instead when `null` pass an empty string
   # see https://github.com/terraform-aws-modules/terraform-aws-notify-slack/blob/master/main.tf#L8
   sns_topic_name = module.sns_topic.sns_topic_name != null ? module.sns_topic.sns_topic_name : ""
@@ -107,6 +108,10 @@ module "slack_notify_lambda" {
   # underlying module doesn't like when `kms_key_arn` is `null`
   kms_key_arn = local.create_kms_key ? module.kms_key.key_arn : (var.kms_master_key_id == null ? "" : var.kms_master_key_id)
 
+  # if the Lambda should be deployed in a VPC use these
+  vpc_subnet_ids         = var.vpc_subnet_ids
+  vpc_security_group_ids = var.vpc_security_group_ids
+
   context = module.this.context
 }
 

diff --git a/variables.tf b/variables.tf
@@ -61,3 +61,15 @@ variable "slack_emoji" {
   description = "A custom emoji that will appear on Slack messages"
   default     = ":amazon-aws:"
 }
+
+variable "vpc_subnet_ids" {
+  description = "List of subnet ids when the notifying Lambda Function should run in the VPC. Usually private or intra subnets."
+  type        = list(string)
+  default     = null
+}
+
+variable "vpc_security_group_ids" {
+  description = "List of security group ids when the notifying Lambda Function should run in the VPC."
+  type        = list(string)
+  default     = null
+}