terraform-aws-modules · antonbabenko · Jan 13, 2025 · Jan 12, 2025 · Jan 13, 2025
diff --git a/modules/notification/README.md b/modules/notification/README.md
@@ -40,6 +40,7 @@ No modules.
 | <a name="input_bucket"></a> [bucket](#input\_bucket) | Name of S3 bucket to use | `string` | `""` | no |
 | <a name="input_bucket_arn"></a> [bucket\_arn](#input\_bucket\_arn) | ARN of S3 bucket to use in policies | `string` | `null` | no |
 | <a name="input_create"></a> [create](#input\_create) | Whether to create this resource or not? | `bool` | `true` | no |
+| <a name="input_create_lambda_policy"></a> [create\_lambda\_policy](#input\_create\_lambda\_policy) | Whether to create a policy for Lambda permissions or not? | `bool` | `true` | no |
 | <a name="input_create_sns_policy"></a> [create\_sns\_policy](#input\_create\_sns\_policy) | Whether to create a policy for SNS permissions or not? | `bool` | `true` | no |
 | <a name="input_create_sqs_policy"></a> [create\_sqs\_policy](#input\_create\_sqs\_policy) | Whether to create a policy for SQS permissions or not? | `bool` | `true` | no |
 | <a name="input_eventbridge"></a> [eventbridge](#input\_eventbridge) | Whether to enable Amazon EventBridge notifications | `bool` | `null` | no |

diff --git a/modules/notification/main.tf b/modules/notification/main.tf
@@ -60,7 +60,7 @@ resource "aws_s3_bucket_notification" "this" {
 
 # Lambda
 resource "aws_lambda_permission" "allow" {
-  for_each = var.lambda_notifications
+  for_each = { for k, v in var.lambda_notifications : k => v if var.create_lambda_policy }
 
   statement_id_prefix = "AllowLambdaS3BucketNotification-"
   action              = "lambda:InvokeFunction"

diff --git a/modules/notification/variables.tf b/modules/notification/variables.tf
@@ -16,6 +16,12 @@ variable "create_sqs_policy" {
   default     = true
 }
 
+variable "create_lambda_policy" {
+  description = "Whether to create a policy for Lambda permissions or not?"
+  type        = bool
+  default     = true
+}
+
 variable "bucket" {
   description = "Name of S3 bucket to use"
   type        = string

diff --git a/wrappers/notification/main.tf b/wrappers/notification/main.tf
@@ -6,6 +6,7 @@ module "wrapper" {
   bucket               = try(each.value.bucket, var.defaults.bucket, "")
   bucket_arn           = try(each.value.bucket_arn, var.defaults.bucket_arn, null)
   create               = try(each.value.create, var.defaults.create, true)
+  create_lambda_policy = try(each.value.create_lambda_policy, var.defaults.create_lambda_policy, true)
   create_sns_policy    = try(each.value.create_sns_policy, var.defaults.create_sns_policy, true)
   create_sqs_policy    = try(each.value.create_sqs_policy, var.defaults.create_sqs_policy, true)
   eventbridge          = try(each.value.eventbridge, var.defaults.eventbridge, null)