Saturday, December 9, 2023
HomeSoftware EngineeringThe way to add Account Situation to AWS Lambda Permissions in Terraform

The way to add Account Situation to AWS Lambda Permissions in Terraform


If you have to lock an AWS Lambda operate all the way down to a supply account for safety causes (PCI.Lambda.1) then you are able to do so through the use of the source_account choice of the aws_lambda_permission Terraform useful resource sort.

useful resource "aws_lambda_permission" "do_something_with_bucket" {
  statement_id   = "AllowExecutionFromS3Bucket"
  motion         = "lambda:InvokeFunction"
  function_name  = module.do_something_with_bucket.arn
  principal      = "s3.amazonaws.com"
  source_arn     = var.source_bucket_arn
  source_account = var.account_id # <---------- right here
}

We have now saved the account_id in a variable in order that it may be up to date after we initialize our Terraform context:

<meta charset="utf-8">source_account = var.account_id

This can permit the Situation to be populated as under:

"Situation": {
  "StringEquals": {
    "AWS:SourceAccount": "xxxxxxxxxxxx"
  },
}
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments