Alicloud Function Compute (FC) Terraform Module
terraform-alicloud-fc
Terraform module which creates FC resources on Alibaba Cloud.
These types of resources are supported:
Root module calls these modules which can also be used separately to create independent resources:
Usage
You can use this in your terraform template with the following steps.
-
Adding a module resource to your template, e.g. main.tf
module "tf-fc" { source = "terraform-alicloud-modules/fc/alicloud" service_name = "tf-example" create_http_function = true http_function_name = "tf-example" http_function_handler = "http.handler" http_function_filename = "../http_function.py" http_function_runtime = "python3" http_triggers = [ { type = "http" config = <<EOF { "authType": "anonymous", "methods": ["GET", "POST"] } EOF } ] }
-
Setting values for the following variables through environment variables:
- ALICLOUD_ACCESS_KEY
- ALICLOUD_SECRET_KEY
- ALICLOUD_REGION
Conditional creation
This moudle can create FC Function and Triggers using a existing FC Service.
-
To create http function and triggers, but not create service:
create_service = false filter_service_with_name_regex = "existing-service-name-regex" create_http_function = true http_triggers = [ { type = "http" config = "http-trigger-conf" } ]
-
To create service, events function and triggers:
create_service = true create_event_function = true events_triggers = [ { type = "timer" config = "timer-trigger-conf" } ]
-
Create both http and event functions and retrieve the existing role by name regex, you can also retrieve role by policy name and policy type:
create_event_function = true create_http_function = true service_role_name_regex = "existing-role-name-regex" trigger_role_name_regex = "existing-role-name-regex" trigger_role_policy_name = "existing-policy-name" trigger_role_policy_type = "your-policy-type"
-
Create several event triggers:
create_service = true create_event_function = true events_triggers = [ { type = "timer" config = "timer-trigger-conf" }, { type = "mns" source_arn = "mns-source-arn" config = "mns-trigger-conf" } ]
-
Create several event triggers and use different roles:
create_service = true create_event_function = true events_triggers = [ { type = "timer" config = "timer-trigger-conf" }, { type = "mns" role = "exist-role-arn" source_arn = "mns-source-arn" config = "mns-trigger-conf" } ]
-
Create functions but not triggers:
create_service = true create_event_function = true create_http_function = true
Examples of triggers
-
create_http_function = true http_triggers = [ { type = "http" config = local.http_trigger_conf } ]
-
module "apigateway-trigger" { # omitted for brevity create_event_function = true } resource "alicloud_api_gateway_api" "apiGatewayApi" { # omitted for brevity service_type = "FunctionCompute" fc_service_config { region = data.alicloud_regions.this.id function_name = module.apigateway-trigger.this_events_function_name service_name = module.apigateway-trigger.this_service_name arn_role = alicloud_ram_role.this.arn timeout = 10 } }
-
create_event_function = true events_triggers = [ { type = "cdn_events" source_arn = "acs:cdn:*:[account_id]" config = local.cdn_trigger_conf }, ]
-
create_event_function = true events_triggers = [ { type = "log" source_arn = "acs:log:[region_id]:[account_id]:project/[log_project_name]" config = local.log_trigger_conf }, ]
-
create_event_function = true events_triggers = [ { type = "mns_topic" source_arn = "acs:mns:[region_id]:[account_id]:/topics/[mns_topic_name]" config = local.mns_trigger_conf }, ]
-
create_event_function = true events_triggers = [ { type = "oss" source_arn = "acs:oss:[region_id]:[account_id]:[oss_bucket_name]" config = local.oss_trigger_conf }, ]
-
create_event_function = true events_triggers = [ { type = "timer" config = local.timer_trigger_conf }, ]
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
create_service | Whether to create a new FC service. Default to true. | bool | true | no |
filter_service_with_name_regex | A regex string to filter results by FC service name. | string | "" | no |
service_name | The FC service name | string | "terraform-fc-service" | no |
service_internet_access | Whether to allow the FC service to access Internet. Default to true. | bool | true | no |
service_role | RAM role arn attached to the FC service. This governs both who / what can invoke your Function, as well as what resources our Function has access to. | string | "" | no |
service_role_name_regex | A regex string to filter roles by name regex. | string | "" | no |
service_role_policy_name | A string to filter roles by policy name. | string | "" | no |
service_role_policy_type | A string to filter roles by policy type. | string | "" | no |
service_log_config | Provide this to store your FC service logs. | list | [] | no |
service_vpc_config | Provide this to allow your FC service to access your VPC. | list | [] | no |
function_memory_size | Amount of memory in MB your Function can use at runtime. Defaults to 128. Limits to [128, 3072]. | int | 128 | no |
function_timeout | The amount of time your Function has to run in seconds. | int | 60 | no |
create_http_function | Whether to create http function. | bool | false | no |
http_function_name | The FC http function name. | string | "terraform-fc-http-function" | no |
http_function_filename | The path to the function's deployment package within the local filesystem. It is conflict with the oss_-prefixed options. | string | "" | no |
http_function_oss_bucket | The bucket of function's deployment package within the oss service. It is conflict with the filename. | string | "" | no |
http_function_oss_key | The key of function's deployment package within the oss service. It is conflict with the filename. | string | "" | no |
http_function_runtime | The FC function runtime type. Valid values: ["nodejs6", "nodejs8", "python2.7", "python3", "php7.2", "java8"] | string | "nodejs6" | no |
http_function_handler | The FC function entry point in your code. | string | "index.handler" | no |
create_event_function | Whether to create event function. | bool | false | no |
events_function_name | The FC events function name. | string | "terraform-fc-events-function" | no |
events_function_filename | The path to the function's deployment package within the local filesystem. It is conflict with the oss_-prefixed options. | string | "" | no |
events_function_oss_bucket | The bucket of function's deployment package within the oss service. It is conflict with the filename. | string | "" | no |
events_function_oss_key | The key of function's deployment package within the oss service. It is conflict with the filename. | string | "" | no |
events_function_runtime | The FC function runtime type. Valid values: ["nodejs6", "nodejs8", "python2.7", "python3", "php7.2", "java8"] | string | "nodejs6" | no |
events_function_handler | The FC function entry point in your code. | string | "index.handler" | no |
trigger_role | Default RAM role arn attached to the FC trigger. Role used by the event source to call the function. The value format is "acs🐏:$account-id:role/$role-name". | string | "" | no |
trigger_source_arn | Event source resource address. | string | "" | no |
trigger_role_name_regex | A regex string to filter roles by name regex. | string | "" | no |
trigger_role_policy_name | A string to filter roles by policy name. | string | "" | no |
trigger_role_policy_type | A string to filter roles by policy type. | string | "" | no |
source_role_name_regex | A regex string to filter source roles by name regex. | string | "" | no |
source_role_policy_name | A string to filter source roles by policy name. | string | "" | no |
source_role_policy_type | A string to filter source roles by policy type. | string | "" | no |
http_trigger_name | The FC http trigger default name. | string | "terraform-http-trigger" | no |
http_triggers | List trigger fields to create http triggers | list(map(string)) | [] | no |
events_trigger_name | The FC events trigger default name. | string | "terraform-events-trigger" | no |
events_triggers | List trigger fields to create events triggers | list(map(string)) | [] | no |
Outputs
Name | Description |
---|---|
this_service_id | The ID of the Service |
this_service_name | The name of the Service |
this_http_function_id | The ID of the http Function |
this_http_function_name | The name of the http Function |
this_http_trigger_ids | The IDs of the http Triggers |
this_http_trigger_names | The names of the http Triggers |
this_events_function_id | The ID of the events Function |
this_events_function_name | The name of the events Function |
this_events_trigger_ids | The IDs of the events Triggers |
this_events_trigger_names | The names of the events Triggers |
Notes
From the version v1.3.0, the module has removed the following provider
setting:
provider "alicloud" {
version = ">=1.56.0"
profile = var.profile != "" ? var.profile : null
shared_credentials_file = var.shared_credentials_file != "" ? var.shared_credentials_file : null
region = var.region != "" ? var.region : null
skip_region_validation = var.skip_region_validation
configuration_source = "terraform-alicloud-modules/fc"
}
If you still want to use the provider
setting to apply this module, you can specify a supported version, like 1.2.0:
module "tf-fc" {
source = "terraform-alicloud-modules/fc/alicloud"
version = "1.2.0"
region = "cn-beijing"
profile = "Your-Profile-Name"
service_name = "production-triggers"
create_http_function = true
// ...
}
If you want to upgrade the module to 1.3.0 or higher in-place, you can define a provider which same region with previous region:
provider "alicloud" {
region = "cn-beijing"
profile = "Your-Profile-Name"
}
module "tf-fc" {
source = "terraform-alicloud-modules/fc/alicloud"
service_name = "production-triggers"
create_http_function = true
// ...
}
or specify an alias provider with a defined region to the module using providers
:
provider "alicloud" {
region = "cn-beijing"
profile = "Your-Profile-Name"
alias = "bj"
}
module "tf-fc" {
source = "terraform-alicloud-modules/fc/alicloud"
providers = {
alicloud = alicloud.bj
}
service_name = "production-triggers"
create_http_function = true
// ...
}
and then run terraform init
and terraform apply
to make the defined provider effect to the existing module state.
More details see How to use provider in the module
Terraform versions
Name | Version |
---|---|
terraform | >= 0.13.0 |
alicloud | >= 1.56.0 |
Authors
Created and maintained by Alibaba Cloud Terraform Team(terraform@alibabacloud.com)