Wednesday, February 21, 2024
HomeSoftware EngineeringHow one can add Account Situation to AWS Lambda Permissions in Terraform

How one can add Account Situation to AWS Lambda Permissions in Terraform


If you’ll want to lock an AWS Lambda operate all the way down to a supply account for safety causes (PCI.Lambda.1) then you are able to do so by utilizing the source_account choice of the aws_lambda_permission Terraform useful resource sort.

useful resource "aws_lambda_permission" "do_something_with_bucket" {
  statement_id   = "AllowExecutionFromS3Bucket"
  motion         = "lambda:InvokeFunction"
  function_name  = module.do_something_with_bucket.arn
  principal      = "s3.amazonaws.com"
  source_arn     = var.source_bucket_arn
  source_account = var.account_id # <---------- right here
}

We have now saved the account_id in a variable in order that it may be up to date once we initialize our Terraform context:

<meta charset="utf-8">source_account = var.account_id

It will permit the Situation to be populated as under:

"Situation": {
  "StringEquals": {
    "AWS:SourceAccount": "xxxxxxxxxxxx"
  },
}
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments