From c714dc646225fd83bbe8b894792d9e38a854dc98 Mon Sep 17 00:00:00 2001
From: Justin Daines <33838396+dainesj@users.noreply.github.com>
Date: Wed, 29 May 2024 14:49:49 -0400
Subject: [PATCH 1/4] feat: Update for apigatewayv2
Adding apigatewayv2 as default.
---
.gitignore | 2 ++
README.md | 2 +-
modules/snapshot/README.md | 2 +-
modules/snapshot/variables.tf | 1 +
4 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 64ba6a7..4ac5c7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ terraform.tfstate
terraform.tfvars
.terraform.lock.hcl
+
+.idea
diff --git a/README.md b/README.md
index 36b181e..bb3ff33 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Additionally, this repository provides submodules to interact with the lambda fu
* [Upload S3 objects using S3 bucket notifications](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/s3_bucket_subscription)
* [Subscribe CloudWatch Logs to Observe Lambda](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/cloudwatch_logs_subscription)
-* [Collect API snapshots](https://github.com/observeinc/terraform-aws-lambda/tree/main/snapshot)
+* [Collect API snapshots](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/snapshot)
## Examples
diff --git a/modules/snapshot/README.md b/modules/snapshot/README.md
index 4f3306c..086298c 100644
--- a/modules/snapshot/README.md
+++ b/modules/snapshot/README.md
@@ -123,7 +123,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [action](#input\_action) | List of actions allowed by policy and periodically triggered. By default,
this list contains all policies which the lambda can act upon. You should
only override this list if you do not want to execute more actions as they
become available in future lambda upgrades. If you instead wish to extend
this list, or ignore a subset of actions, use \"include\" and \"exclude\". | `list(string)` | [
"apigateway:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudfront:List*",
"dynamodb:Describe*",
"dynamodb:List*",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"eks:Describe*",
"eks:List*",
"elasticbeanstalk:Describe*",
"elasticache:Describe*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"events:List*",
"firehose:Describe*",
"firehose:List*",
"iam:Get*",
"iam:List*",
"kinesis:Describe*",
"kinesis:List*",
"kms:Describe*",
"kms:List*",
"lambda:List*",
"logs:Describe*",
"organizations:Describe*",
"organizations:List*",
"rds:Describe*",
"redshift:Describe*",
"route53:List*",
"s3:GetBucket*",
"s3:List*",
"secretsmanager:List*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"synthetics:Describe*",
"synthetics:List*"
]
| no |
+| [action](#input\_action) | List of actions allowed by policy and periodically triggered. By default,
this list contains all policies which the lambda can act upon. You should
only override this list if you do not want to execute more actions as they
become available in future lambda upgrades. If you instead wish to extend
this list, or ignore a subset of actions, use \"include\" and \"exclude\". | `list(string)` | [
"apigateway:Get*",
"apigatewayv2:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudfront:List*",
"dynamodb:Describe*",
"dynamodb:List*",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"eks:Describe*",
"eks:List*",
"elasticbeanstalk:Describe*",
"elasticache:Describe*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"events:List*",
"firehose:Describe*",
"firehose:List*",
"iam:Get*",
"iam:List*",
"kinesis:Describe*",
"kinesis:List*",
"kms:Describe*",
"kms:List*",
"lambda:List*",
"logs:Describe*",
"organizations:Describe*",
"organizations:List*",
"rds:Describe*",
"redshift:Describe*",
"route53:List*",
"s3:GetBucket*",
"s3:List*",
"secretsmanager:List*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"synthetics:Describe*",
"synthetics:List*"
]
| no |
| [eventbridge\_name\_prefix](#input\_eventbridge\_name\_prefix) | Prefix used for EventBridge Rule | `string` | `"observe-lambda-snapshot-"` | no |
| [eventbridge\_schedule\_event\_bus\_name](#input\_eventbridge\_schedule\_event\_bus\_name) | Event Bus for EventBridge scheduled events | `string` | `"default"` | no |
| [eventbridge\_schedule\_expression](#input\_eventbridge\_schedule\_expression) | Rate at which snapshot is triggered. Must be valid EventBridge expression | `string` | `"rate(3 hours)"` | no |
diff --git a/modules/snapshot/variables.tf b/modules/snapshot/variables.tf
index 50a2700..0ff13a4 100644
--- a/modules/snapshot/variables.tf
+++ b/modules/snapshot/variables.tf
@@ -41,6 +41,7 @@ variable "action" {
nullable = false
default = [
"apigateway:Get*",
+ "apigatewayv2:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
From 9f794e2b514f42cc9414a68382be953754cccea9 Mon Sep 17 00:00:00 2001
From: Justin Daines
Date: Wed, 7 May 2025 09:35:14 -0400
Subject: [PATCH 2/4] fix: Fix S3 Bucket Notification Configuration Validation
Error OBSSD-612
Fix S3 Bucket Notification Configuration Validation Error OBSSD-612 to resolve
Error: creating S3 Bucket () Notification: operation error S3:
PutBucketNotificationConfiguration, https response error StatusCode: 400, RequestID: , HostID:
, api error InvalidArgument: Unable to
validate the following destination configurations
with module..module.observe_lambda_s3_subscription.aws_s3_bucket_notification.notification[0],
on .terraform/modules/.observe_lambda_s3_subscription/modules/s3_bucket_subscription/main.tf line 20, in
resource "aws_s3_bucket_notification" "notification":
20: resource "aws_s3_bucket_notification" "notification" {
---
modules/s3_bucket_subscription/main.tf | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/s3_bucket_subscription/main.tf b/modules/s3_bucket_subscription/main.tf
index 07344c5..938010c 100644
--- a/modules/s3_bucket_subscription/main.tf
+++ b/modules/s3_bucket_subscription/main.tf
@@ -28,6 +28,7 @@ resource "aws_s3_bucket_notification" "notification" {
filter_prefix = var.filter_prefix
filter_suffix = var.filter_suffix
}
+ depends_on = [aws_lambda_permission.allow_bucket]
}
resource "aws_iam_policy" "s3_bucket_read" {
From 47fc187c06410b95d4998b7eae7fe3286010b613 Mon Sep 17 00:00:00 2001
From: Conventional Changelog Action
Date: Wed, 7 May 2025 14:54:57 +0000
Subject: [PATCH 3/4] chore(release): v3.7.0 [skip ci]
---
CHANGELOG.md | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6d9225..7b43f46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,14 @@
-# [3.6.0](https://github.com/observeinc/terraform-aws-lambda/compare/v3.5.1...v3.6.0) (2024-05-01)
+# [3.7.0](https://github.com/observeinc/terraform-aws-lambda/compare/v3.6.0...v3.7.0) (2025-05-07)
+
+
+### Bug Fixes
+
+* Fix S3 Bucket Notification Configuration Validation Error OBSSD-612 ([a708fc6](https://github.com/observeinc/terraform-aws-lambda/commit/a708fc6f17fadf1330c048d4165a1a3385de8a9b))
### Features
-* allow KMS encryption of token environment variable ([#83](https://github.com/observeinc/terraform-aws-lambda/issues/83)) ([5d209d5](https://github.com/observeinc/terraform-aws-lambda/commit/5d209d56d478e3e810d4e65bc26eb6daed95beca))
-* bump min terraform version to 1.1.1 ([#85](https://github.com/observeinc/terraform-aws-lambda/issues/85)) ([c660124](https://github.com/observeinc/terraform-aws-lambda/commit/c660124248bc0a3a3ef2a2d96dcef982e85af68e))
+* Update for apigatewayv2 ([a191b9c](https://github.com/observeinc/terraform-aws-lambda/commit/a191b9c8678d9f2c3aecfce14e6d0a5d8e7371fb))
From 016ebddc5997a442e576022f8e92d1b5d47e2ae8 Mon Sep 17 00:00:00 2001
From: Justin Daines
Date: Mon, 23 Feb 2026 13:26:58 -0500
Subject: [PATCH 4/4] chore: Update Lambda Runtime to provided.al2023
Update Lambda runtime
---
main.tf | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/main.tf b/main.tf
index 2b9f889..a478228 100644
--- a/main.tf
+++ b/main.tf
@@ -10,19 +10,19 @@ locals {
"amd64" : {
architectures = ["x86_64"]
handler = "bootstrap"
- runtime = "provided.al2"
+ runtime = "provided.al2023"
}
"arm64" : {
architectures = ["arm64"]
handler = "bootstrap"
- runtime = "provided.al2"
+ runtime = "provided.al2023"
}
},
split("/", var.lambda_version)[0],
{
architectures = null
- handler = "main"
- runtime = "go1.x"
+ handler = "bootstrap"
+ runtime = "provided.al2023"
},
)
}