From 1a380a2060a96c541a7b07c635a16db1b3cc45a5 Mon Sep 17 00:00:00 2001
From: Justin Daines <33838396+dainesj@users.noreply.github.com>
Date: Wed, 29 May 2024 14:49:49 -0400
Subject: [PATCH 1/3] feat: Update for apigatewayv2
Adding apigatewayv2 as default.
---
.gitignore | 2 ++
README.md | 2 +-
modules/snapshot/README.md | 2 +-
modules/snapshot/variables.tf | 1 +
4 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/.gitignore b/.gitignore
index 64ba6a7..4ac5c7f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@ terraform.tfstate
terraform.tfvars
.terraform.lock.hcl
+
+.idea
diff --git a/README.md b/README.md
index 36b181e..bb3ff33 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Additionally, this repository provides submodules to interact with the lambda fu
* [Upload S3 objects using S3 bucket notifications](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/s3_bucket_subscription)
* [Subscribe CloudWatch Logs to Observe Lambda](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/cloudwatch_logs_subscription)
-* [Collect API snapshots](https://github.com/observeinc/terraform-aws-lambda/tree/main/snapshot)
+* [Collect API snapshots](https://github.com/observeinc/terraform-aws-lambda/tree/main/modules/snapshot)
## Examples
diff --git a/modules/snapshot/README.md b/modules/snapshot/README.md
index 4f3306c..086298c 100644
--- a/modules/snapshot/README.md
+++ b/modules/snapshot/README.md
@@ -123,7 +123,7 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [action](#input\_action) | List of actions allowed by policy and periodically triggered. By default,
this list contains all policies which the lambda can act upon. You should
only override this list if you do not want to execute more actions as they
become available in future lambda upgrades. If you instead wish to extend
this list, or ignore a subset of actions, use \"include\" and \"exclude\". | `list(string)` | [
"apigateway:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudfront:List*",
"dynamodb:Describe*",
"dynamodb:List*",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"eks:Describe*",
"eks:List*",
"elasticbeanstalk:Describe*",
"elasticache:Describe*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"events:List*",
"firehose:Describe*",
"firehose:List*",
"iam:Get*",
"iam:List*",
"kinesis:Describe*",
"kinesis:List*",
"kms:Describe*",
"kms:List*",
"lambda:List*",
"logs:Describe*",
"organizations:Describe*",
"organizations:List*",
"rds:Describe*",
"redshift:Describe*",
"route53:List*",
"s3:GetBucket*",
"s3:List*",
"secretsmanager:List*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"synthetics:Describe*",
"synthetics:List*"
]
| no |
+| [action](#input\_action) | List of actions allowed by policy and periodically triggered. By default,
this list contains all policies which the lambda can act upon. You should
only override this list if you do not want to execute more actions as they
become available in future lambda upgrades. If you instead wish to extend
this list, or ignore a subset of actions, use \"include\" and \"exclude\". | `list(string)` | [
"apigateway:Get*",
"apigatewayv2:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudfront:List*",
"dynamodb:Describe*",
"dynamodb:List*",
"ec2:Describe*",
"ecs:Describe*",
"ecs:List*",
"eks:Describe*",
"eks:List*",
"elasticbeanstalk:Describe*",
"elasticache:Describe*",
"elasticfilesystem:Describe*",
"elasticloadbalancing:Describe*",
"elasticmapreduce:Describe*",
"elasticmapreduce:List*",
"events:List*",
"firehose:Describe*",
"firehose:List*",
"iam:Get*",
"iam:List*",
"kinesis:Describe*",
"kinesis:List*",
"kms:Describe*",
"kms:List*",
"lambda:List*",
"logs:Describe*",
"organizations:Describe*",
"organizations:List*",
"rds:Describe*",
"redshift:Describe*",
"route53:List*",
"s3:GetBucket*",
"s3:List*",
"secretsmanager:List*",
"sns:Get*",
"sns:List*",
"sqs:Get*",
"sqs:List*",
"synthetics:Describe*",
"synthetics:List*"
]
| no |
| [eventbridge\_name\_prefix](#input\_eventbridge\_name\_prefix) | Prefix used for EventBridge Rule | `string` | `"observe-lambda-snapshot-"` | no |
| [eventbridge\_schedule\_event\_bus\_name](#input\_eventbridge\_schedule\_event\_bus\_name) | Event Bus for EventBridge scheduled events | `string` | `"default"` | no |
| [eventbridge\_schedule\_expression](#input\_eventbridge\_schedule\_expression) | Rate at which snapshot is triggered. Must be valid EventBridge expression | `string` | `"rate(3 hours)"` | no |
diff --git a/modules/snapshot/variables.tf b/modules/snapshot/variables.tf
index 50a2700..0ff13a4 100644
--- a/modules/snapshot/variables.tf
+++ b/modules/snapshot/variables.tf
@@ -41,6 +41,7 @@ variable "action" {
nullable = false
default = [
"apigateway:Get*",
+ "apigatewayv2:Get*",
"autoscaling:Describe*",
"cloudformation:Describe*",
"cloudformation:List*",
From 359a76d38a7e3f5ccdedee681fbc75c5bb6aacd1 Mon Sep 17 00:00:00 2001
From: Justin Daines
Date: Wed, 7 May 2025 09:35:14 -0400
Subject: [PATCH 2/3] fix: Fix S3 Bucket Notification Configuration Validation
Error OBSSD-612
Fix S3 Bucket Notification Configuration Validation Error OBSSD-612 to resolve
Error: creating S3 Bucket () Notification: operation error S3:
PutBucketNotificationConfiguration, https response error StatusCode: 400, RequestID: , HostID:
, api error InvalidArgument: Unable to
validate the following destination configurations
with module..module.observe_lambda_s3_subscription.aws_s3_bucket_notification.notification[0],
on .terraform/modules/.observe_lambda_s3_subscription/modules/s3_bucket_subscription/main.tf line 20, in
resource "aws_s3_bucket_notification" "notification":
20: resource "aws_s3_bucket_notification" "notification" {
---
modules/s3_bucket_subscription/main.tf | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/s3_bucket_subscription/main.tf b/modules/s3_bucket_subscription/main.tf
index 07344c5..938010c 100644
--- a/modules/s3_bucket_subscription/main.tf
+++ b/modules/s3_bucket_subscription/main.tf
@@ -28,6 +28,7 @@ resource "aws_s3_bucket_notification" "notification" {
filter_prefix = var.filter_prefix
filter_suffix = var.filter_suffix
}
+ depends_on = [aws_lambda_permission.allow_bucket]
}
resource "aws_iam_policy" "s3_bucket_read" {
From 064d9a80b6e34b14b5734c012bc29ceacaca4795 Mon Sep 17 00:00:00 2001
From: Conventional Changelog Action
Date: Wed, 7 May 2025 14:54:57 +0000
Subject: [PATCH 3/3] chore(release): v3.7.0 [skip ci]
---
CHANGELOG.md | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d6d9225..7b43f46 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,10 +1,14 @@
-# [3.6.0](https://github.com/observeinc/terraform-aws-lambda/compare/v3.5.1...v3.6.0) (2024-05-01)
+# [3.7.0](https://github.com/observeinc/terraform-aws-lambda/compare/v3.6.0...v3.7.0) (2025-05-07)
+
+
+### Bug Fixes
+
+* Fix S3 Bucket Notification Configuration Validation Error OBSSD-612 ([a708fc6](https://github.com/observeinc/terraform-aws-lambda/commit/a708fc6f17fadf1330c048d4165a1a3385de8a9b))
### Features
-* allow KMS encryption of token environment variable ([#83](https://github.com/observeinc/terraform-aws-lambda/issues/83)) ([5d209d5](https://github.com/observeinc/terraform-aws-lambda/commit/5d209d56d478e3e810d4e65bc26eb6daed95beca))
-* bump min terraform version to 1.1.1 ([#85](https://github.com/observeinc/terraform-aws-lambda/issues/85)) ([c660124](https://github.com/observeinc/terraform-aws-lambda/commit/c660124248bc0a3a3ef2a2d96dcef982e85af68e))
+* Update for apigatewayv2 ([a191b9c](https://github.com/observeinc/terraform-aws-lambda/commit/a191b9c8678d9f2c3aecfce14e6d0a5d8e7371fb))