Last active
March 20, 2025 01:52
-
-
Save chilledornaments/3a84d4ecdf056fc419fccb9f88bbe47b to your computer and use it in GitHub Desktop.
Lambda Terraform env var validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| variable "function_env_variables" { | |
| description = "(Optional) Environment variables for the lambda function to use." | |
| type = map(string) | |
| default = {} | |
| validation { | |
| condition = length( | |
| # setintersection() docs: https://developer.hashicorp.com/terraform/language/functions/setintersection | |
| # setintersection() produces a set containing all values shared between sets passed to it | |
| # If the caller provides a reserved env var, the resulting set contains at least one value | |
| setintersection( | |
| toset( | |
| # We only care about the keys passed to us | |
| keys(var.function_env_variables) | |
| ), | |
| # We can't reference a local here, so we must hardcode all reserved env vars | |
| toset( | |
| [ | |
| "AWS_REGION", | |
| "AWS_DEFAULT_REGION", | |
| "_HANDLER", | |
| "_X_AMZN_TRACE_ID", | |
| "AWS_EXECUTION_ENV", | |
| "AWS_LAMBDA_FUNCTION_NAME", | |
| "AWS_LAMBDA_FUNCTION_VERSION", | |
| "AWS_LAMBDA_INITIALIZATION_TYPE", | |
| "AWS_LAMBDA_LOG_GROUP_NAME", | |
| "AWS_LAMBDA_LOG_STREAM_NAME", | |
| "AWS_ACCESS_KEY", | |
| "AWS_ACCESS_KEY_ID", | |
| "AWS_SECRET_ACCESS_KEY", | |
| "AWS_SESSION_TOKEN", | |
| "AWS_LAMBDA_RUNTIME_API", | |
| "LAMBDA_TASK_ROOT", | |
| "LAMBDA_RUNTIME_DIR" | |
| ] | |
| ) | |
| ) | |
| ) == 0 | |
| error_message = "You may not specify reserved environment variables https://docs.aws.amazon.com/lambda/latest/dg/configuration-envvars.html#configuration-envvars-runtime." | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment