Skip to content

aws.lambda-event-source-mapping resource

Description

EventSourceMapping connects an event source -- a Kinesis or DynamoDB stream, an SQS queue, an Amazon MSK or self-managed Apache Kafka cluster, an Amazon MQ broker, or a DocumentDB change stream -- to a Lambda function, the way CloudFormation models AWS::Lambda::EventSourceMapping. Lambda assigns the mapping a uuid that is its only handle; there is no ARN-based addressing for get, update, or delete. The mapping moves through a state machine, so create, update, and delete each wait for the state to settle, and the enabled value is reconciled into the Enabling and Disabling states rather than a separate enable or disable call. The event source, the starting position, the self-managed source endpoints, the Kafka source configs, and the queue and topic lists are fixed at creation; every other input reconciles in place.

Logging configuration is not modeled, matching the CloudFormation resource the investigation covered.

Source: internal/service/lambda/event_source_mapping_rsrc.go:67

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

resources: {
  example: aws.lambda-event-source-mapping {
    # Set input fields here.
  }
}

Inputs

function-name

string

required

enabled

optional(boolean)

event-source-arn

optional(string)

batch-size

optional(integer)

bisect-batch-on-function-error

optional(boolean)

maximum-batching-window-in-seconds

optional(integer)

maximum-record-age-in-seconds

optional(integer)

maximum-retry-attempts

optional(integer)

parallelization-factor

optional(integer)

tumbling-window-in-seconds

optional(integer)

kms-key-arn

optional(string)

starting-position

optional(string)

starting-position-timestamp

optional(string)

function-response-types

list(string)

queues

list(string)

topics

list(string)

filter-criteria

optional(object) 
optional(
  object({
    filters: list(
      object({
        pattern: optional(string)
      })
    )
  })
)

destination-config

optional(object) 
optional(
  object({
    on-failure: optional(
      object({
        destination: optional(string)
      })
    )
  })
)

scaling-config

optional(object) 
optional(
  object({
    maximum-concurrency: optional(integer)
  })
)

metrics-config

optional(object) 
optional(
  object({
    metrics: list(string)
  })
)

provisioned-poller-config

optional(object) 
optional(
  object({
    minimum-pollers: optional(integer)
    maximum-pollers: optional(integer)
    poller-group-name: optional(string)
  })
)

document-db-event-source-config

optional(object) 
optional(
  object({
    database-name: optional(string)
    collection-name: optional(string)
    full-document: optional(string)
  })
)

logging-config

optional(object) 
optional(
  object({
    system-log-level: optional(string)
  })
)

self-managed-event-source

optional(object) 
optional(
  object({
    endpoints: map(list(string))
  })
)

amazon-managed-kafka-event-source-config

optional(object) 
optional(
  object({
    consumer-group-id: optional(string)
    schema-registry-config: optional(
      object({
        schema-registry-uri: optional(string)
        event-record-format: optional(string)
        access-configs: list(
          object({
            type: optional(string)
            uri: optional(string)
          })
        )
        schema-validation-configs: list(
          object({
            attribute: optional(string)
          })
        )
      })
    )
  })
)

self-managed-kafka-event-source-config

optional(object) 
optional(
  object({
    consumer-group-id: optional(string)
    schema-registry-config: optional(
      object({
        schema-registry-uri: optional(string)
        event-record-format: optional(string)
        access-configs: list(
          object({
            type: optional(string)
            uri: optional(string)
          })
        )
        schema-validation-configs: list(
          object({
            attribute: optional(string)
          })
        )
      })
    )
  })
)

source-access-configurations

list(object) 
list(
  object({
    type: optional(string)
    uri: optional(string)
  })
)

tags

map(string)

Input Constraints

Field combinations

Exactly one of event-source-arn or self-managed-event-source.

Forbidden together: amazon-managed-kafka-event-source-config, self-managed-event-source, and self-managed-kafka-event-source-config.

Forbidden together: self-managed-kafka-event-source-config, event-source-arn, and amazon-managed-kafka-event-source-config.

Starting position rules

starting-position must be TRIM_HORIZON, LATEST, or AT_TIMESTAMP.

Rule logic
When
input.starting-position != null
Require
input.starting-position == 'TRIM_HORIZON'
|| input.starting-position == 'LATEST'
|| input.starting-position == 'AT_TIMESTAMP'

Batch size rules

batch-size must be between 1 and 10000.

Rule logic
When
input.batch-size != null
Require
(input.batch-size == null || input.batch-size >= 1)
&& (input.batch-size == null || input.batch-size <= 10000)

Maximum record age in seconds rules

maximum-record-age-in-seconds must be -1 or between 60 and 604800.

Rule logic
When
input.maximum-record-age-in-seconds != null
Require
input.maximum-record-age-in-seconds == -1
|| ((input.maximum-record-age-in-seconds == null || input.maximum-record-age-in-seconds >= 60) && (input.maximum-record-age-in-seconds == null || input.maximum-record-age-in-seconds <= 604800))

Maximum retry attempts rules

maximum-retry-attempts must be between -1 and 10000.

Rule logic
When
input.maximum-retry-attempts != null
Require
(input.maximum-retry-attempts == null || input.maximum-retry-attempts >= -1)
&& (input.maximum-retry-attempts == null || input.maximum-retry-attempts <= 10000)

Parallelization factor rules

parallelization-factor must be between 1 and 10.

Rule logic
When
input.parallelization-factor != null
Require
(input.parallelization-factor == null || input.parallelization-factor >= 1)
&& (input.parallelization-factor == null || input.parallelization-factor <= 10)

Tumbling window in seconds rules

tumbling-window-in-seconds must be between 0 and 900.

Rule logic
When
input.tumbling-window-in-seconds != null
Require
(input.tumbling-window-in-seconds == null || input.tumbling-window-in-seconds >= 0)
&& (input.tumbling-window-in-seconds == null || input.tumbling-window-in-seconds <= 900)

Maximum batching window in seconds rules

maximum-batching-window-in-seconds must be between 0 and 300.

Rule logic
When
input.maximum-batching-window-in-seconds != null
Require
(input.maximum-batching-window-in-seconds == null || input.maximum-batching-window-in-seconds >= 0)
&& (input.maximum-batching-window-in-seconds == null || input.maximum-batching-window-in-seconds <= 300)

Scaling config rules

scaling-config maximum-concurrency must be between 2 and 1000.

Rule logic
When
input.scaling-config != null
Require
(input.scaling-config.maximum-concurrency == null || input.scaling-config.maximum-concurrency >= 2)
&& (input.scaling-config.maximum-concurrency == null || input.scaling-config.maximum-concurrency <= 1000)

Provisioned poller config rules

provisioned-poller-config maximum-pollers must be between 1 and 2000.

Rule logic
When
input.provisioned-poller-config.maximum-pollers != null
Require
(input.provisioned-poller-config.maximum-pollers == null || input.provisioned-poller-config.maximum-pollers >= 1)
&& (input.provisioned-poller-config.maximum-pollers == null || input.provisioned-poller-config.maximum-pollers <= 2000)

provisioned-poller-config minimum-pollers must be between 1 and 200.

Rule logic
When
input.provisioned-poller-config.minimum-pollers != null
Require
(input.provisioned-poller-config.minimum-pollers == null || input.provisioned-poller-config.minimum-pollers >= 1)
&& (input.provisioned-poller-config.minimum-pollers == null || input.provisioned-poller-config.minimum-pollers <= 200)

Document db event source config rules

document-db-event-source-config full-document must be UpdateLookup or Default.

Rule logic
When
input.document-db-event-source-config.full-document != null
Require
input.document-db-event-source-config.full-document == 'UpdateLookup'
|| input.document-db-event-source-config.full-document == 'Default'

Logging config rules

logging-config system-log-level must be DEBUG, INFO, or WARN.

Rule logic
When
input.logging-config.system-log-level != null
Require
input.logging-config.system-log-level == 'DEBUG'
|| input.logging-config.system-log-level == 'INFO'
|| input.logging-config.system-log-level == 'WARN'

Amazon managed kafka event source config rules

amazon-managed-kafka schema-registry event-record-format must be JSON or SOURCE.

Rule logic
When
input.amazon-managed-kafka-event-source-config.schema-registry-config.event-record-format != null
Require
input.amazon-managed-kafka-event-source-config.schema-registry-config.event-record-format == 'JSON'
|| input.amazon-managed-kafka-event-source-config.schema-registry-config.event-record-format == 'SOURCE'

a schema-registry access-config type must be a valid auth type.

Rule logic
For each
input.amazon-managed-kafka-event-source-config.schema-registry-config.access-configs
When
@each.value.type != null
Require
@each.value.type == 'BASIC_AUTH'
|| @each.value.type == 'CLIENT_CERTIFICATE_TLS_AUTH'
|| @each.value.type == 'SERVER_ROOT_CA_CERTIFICATE'

a schema-registry validation attribute must be KEY or VALUE.

Rule logic
For each
input.amazon-managed-kafka-event-source-config.schema-registry-config.schema-validation-configs
When
@each.value.attribute != null
Require
@each.value.attribute == 'KEY'
|| @each.value.attribute == 'VALUE'

Self managed kafka event source config rules

self-managed-kafka schema-registry event-record-format must be JSON or SOURCE.

Rule logic
When
input.self-managed-kafka-event-source-config.schema-registry-config.event-record-format != null
Require
input.self-managed-kafka-event-source-config.schema-registry-config.event-record-format == 'JSON'
|| input.self-managed-kafka-event-source-config.schema-registry-config.event-record-format == 'SOURCE'

a schema-registry access-config type must be a valid auth type.

Rule logic
For each
input.self-managed-kafka-event-source-config.schema-registry-config.access-configs
When
@each.value.type != null
Require
@each.value.type == 'BASIC_AUTH'
|| @each.value.type == 'CLIENT_CERTIFICATE_TLS_AUTH'
|| @each.value.type == 'SERVER_ROOT_CA_CERTIFICATE'

a schema-registry validation attribute must be KEY or VALUE.

Rule logic
For each
input.self-managed-kafka-event-source-config.schema-registry-config.schema-validation-configs
When
@each.value.attribute != null
Require
@each.value.attribute == 'KEY'
|| @each.value.attribute == 'VALUE'

Function response types rules

function-response-types values must be ReportBatchItemFailures.

Rule logic
For each
input.function-response-types
Require
@each.value == 'ReportBatchItemFailures'

Metrics config rules

a metrics-config metric must be EventCount, ErrorCount, or KafkaMetrics.

Rule logic
For each
input.metrics-config.metrics
Require
@each.value == 'EventCount'
|| @each.value == 'ErrorCount'
|| @each.value == 'KafkaMetrics'

Source access configurations rules

a source-access-configuration type must be a valid auth or VPC type.

Rule logic
For each
input.source-access-configurations
When
@each.value.type != null
Require
@each.value.type == 'BASIC_AUTH'
|| @each.value.type == 'VPC_SUBNET'
|| @each.value.type == 'VPC_SECURITY_GROUP'
|| @each.value.type == 'SASL_SCRAM_512_AUTH'
|| @each.value.type == 'SASL_SCRAM_256_AUTH'
|| @each.value.type == 'VIRTUAL_HOST'
|| @each.value.type == 'CLIENT_CERTIFICATE_TLS_AUTH'
|| @each.value.type == 'SERVER_ROOT_CA_CERTIFICATE'

Outputs

uuid

string

arn

string

function-arn

string

state

string

state-transition-reason

string

last-processing-result

string

last-modified

string