diff --git a/modules/notification/README.md b/modules/notification/README.md
index 3cfa272d..d2fb883e 100644
--- a/modules/notification/README.md
+++ b/modules/notification/README.md
@@ -40,6 +40,7 @@ No modules.
| [bucket](#input\_bucket) | Name of S3 bucket to use | `string` | `""` | no |
| [bucket\_arn](#input\_bucket\_arn) | ARN of S3 bucket to use in policies | `string` | `null` | no |
| [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no |
+| [create\_lambda\_permission](#input\_create\_lambda\_permission) | Whether to create Lambda permissions or not? | `bool` | `true` | no |
| [create\_sns\_policy](#input\_create\_sns\_policy) | Whether to create a policy for SNS permissions or not? | `bool` | `true` | no |
| [create\_sqs\_policy](#input\_create\_sqs\_policy) | Whether to create a policy for SQS permissions or not? | `bool` | `true` | no |
| [eventbridge](#input\_eventbridge) | Whether to enable Amazon EventBridge notifications | `bool` | `null` | no |
diff --git a/modules/notification/main.tf b/modules/notification/main.tf
index 33651d40..05c0cfa3 100644
--- a/modules/notification/main.tf
+++ b/modules/notification/main.tf
@@ -60,7 +60,7 @@ resource "aws_s3_bucket_notification" "this" {
# Lambda
resource "aws_lambda_permission" "allow" {
- for_each = var.lambda_notifications
+ for_each = { for k, v in var.lambda_notifications : k => v if var.create_lambda_permission }
statement_id_prefix = "AllowLambdaS3BucketNotification-"
action = "lambda:InvokeFunction"
diff --git a/modules/notification/variables.tf b/modules/notification/variables.tf
index 16f81937..a5343687 100644
--- a/modules/notification/variables.tf
+++ b/modules/notification/variables.tf
@@ -16,6 +16,12 @@ variable "create_sqs_policy" {
default = true
}
+variable "create_lambda_permission" {
+ description = "Whether to create Lambda permissions or not?"
+ type = bool
+ default = true
+}
+
variable "bucket" {
description = "Name of S3 bucket to use"
type = string
diff --git a/wrappers/notification/main.tf b/wrappers/notification/main.tf
index 794e2686..9e54f2db 100644
--- a/wrappers/notification/main.tf
+++ b/wrappers/notification/main.tf
@@ -3,13 +3,14 @@ module "wrapper" {
for_each = var.items
- bucket = try(each.value.bucket, var.defaults.bucket, "")
- bucket_arn = try(each.value.bucket_arn, var.defaults.bucket_arn, null)
- create = try(each.value.create, var.defaults.create, true)
- create_sns_policy = try(each.value.create_sns_policy, var.defaults.create_sns_policy, true)
- create_sqs_policy = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true)
- eventbridge = try(each.value.eventbridge, var.defaults.eventbridge, null)
- lambda_notifications = try(each.value.lambda_notifications, var.defaults.lambda_notifications, {})
- sns_notifications = try(each.value.sns_notifications, var.defaults.sns_notifications, {})
- sqs_notifications = try(each.value.sqs_notifications, var.defaults.sqs_notifications, {})
+ bucket = try(each.value.bucket, var.defaults.bucket, "")
+ bucket_arn = try(each.value.bucket_arn, var.defaults.bucket_arn, null)
+ create = try(each.value.create, var.defaults.create, true)
+ create_lambda_permission = try(each.value.create_lambda_permission, var.defaults.create_lambda_permission, true)
+ create_sns_policy = try(each.value.create_sns_policy, var.defaults.create_sns_policy, true)
+ create_sqs_policy = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true)
+ eventbridge = try(each.value.eventbridge, var.defaults.eventbridge, null)
+ lambda_notifications = try(each.value.lambda_notifications, var.defaults.lambda_notifications, {})
+ sns_notifications = try(each.value.sns_notifications, var.defaults.sns_notifications, {})
+ sqs_notifications = try(each.value.sqs_notifications, var.defaults.sqs_notifications, {})
}