terraform-aws-modules · Nov 21, 2020
diff --git a/‎.chglog/CHANGELOG.tpl.md
+111 b/‎.chglog/CHANGELOG.tpl.md
+111
diff --git a/‎.chglog/config.yml
+10 b/‎.chglog/config.yml
+10
diff --git a/‎.editorconfig
+33 b/‎.editorconfig
+33
diff --git a/‎.gitignore
+9 b/‎.gitignore
+9
diff --git a/‎.pre-commit-config.yaml
+26 b/‎.pre-commit-config.yaml
+26
diff --git a/‎CHANGELOG.md
+305 b/‎CHANGELOG.md
+305
diff --git a/‎LICENSE
+13 b/‎LICENSE
+13
diff --git a/‎Makefile
+7 b/‎Makefile
+7
diff --git a/‎README.md
+194 b/‎README.md
+194
diff --git a/‎examples/complete/README.md
+51 b/‎examples/complete/README.md
+51
diff --git a/‎examples/complete/main.tf
+156 b/‎examples/complete/main.tf
+156
diff --git a/‎examples/complete/outputs.tf
+31 b/‎examples/complete/outputs.tf
+31
diff --git a/‎examples/complete/variables.tf b/‎examples/complete/variables.tf
diff --git a/‎examples/complete/versions.tf
+8 b/‎examples/complete/versions.tf
+8
diff --git a/‎locals.tf
+709 b/‎locals.tf
+709
diff --git a/‎main.tf
+217 b/‎main.tf
+217
diff --git a/‎outputs.tf
+31 b/‎outputs.tf
+31
diff --git a/‎variables.tf
+190 b/‎variables.tf
+190
diff --git a/‎versions.tf
+7 b/‎versions.tf
+7
@@ -0,0 +1,111 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+{{ if .Versions -}}
+<a name="unreleased"></a>
+## [Unreleased]
+{{ if .Unreleased.CommitGroups -}}
+{{ range .Unreleased.CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Unreleased.Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ end -}}
+
+{{ range .Versions }}
+<a name="{{ .Tag.Name }}"></a>
+## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }}
+{{ if .CommitGroups -}}
+{{ range .CommitGroups -}}
+### {{ .Title }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+{{ else }}
+{{ range .Commits -}}
+{{/* SKIPPING RULES - START */ -}}
+{{- if not (hasPrefix .Subject "Updated CHANGELOG") -}}
+{{- if not (contains .Subject "[ci skip]") -}}
+{{- if not (contains .Subject "[skip ci]") -}}
+{{- if not (hasPrefix .Subject "Merge pull request ") -}}
+{{- if not (hasPrefix .Subject "Added CHANGELOG") -}}
+{{- /* SKIPPING RULES - END */ -}}
+- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }}
+{{/* SKIPPING RULES - START */ -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+{{/* SKIPPING RULES - END */ -}}
+{{ end }}
+{{ end -}}
+
+{{- if .NoteGroups -}}
+{{ range .NoteGroups -}}
+### {{ .Title }}
+{{ range .Notes }}
+{{ .Body }}
+{{ end }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{- if .Versions }}
+[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD
+{{ range .Versions -}}
+{{ if .Tag.Previous -}}
+[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }}
+{{ end -}}
+{{ end -}}
+{{ end -}}
@@ -0,0 +1,10 @@
+style: github
+template: CHANGELOG.tpl.md
+info:
+  title: CHANGELOG
+  repository_url: https://github.com/terraform-aws-modules/terraform-aws-step-function
+options:
+  header:
+    pattern: "^(.*)$"
+    pattern_maps:
+      - Subject
@@ -0,0 +1,33 @@
+# EditorConfig is awesome: http://EditorConfig.org
+# Uses editorconfig to maintain consistent coding styles
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+max_line_length = 80
+trim_trailing_whitespace = true
+
+[*.py]
+indent_size = 4
+
+[*.{tf,tfvars}]
+indent_size = 2
+indent_style = space
+
+[*.md]
+max_line_length = 0
+trim_trailing_whitespace = false
+
+[Makefile]
+tab_width = 2
+indent_style = tab
+
+[COMMIT_EDITMSG]
+max_line_length = 0
@@ -0,0 +1,9 @@
+.terraform
+*.tfstate.backup
+*.tfstate
+*.tfvars
+*.tfplan
+
+builds/
+
+__pycache__/
@@ -0,0 +1,26 @@
+repos:
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.45.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+      - id: terraform_tflint
+        args:
+          - '--args=--only=terraform_deprecated_interpolation'
+          - '--args=--only=terraform_deprecated_index'
+          - '--args=--only=terraform_unused_declarations'
+          - '--args=--only=terraform_comment_syntax'
+          - '--args=--only=terraform_documented_outputs'
+          - '--args=--only=terraform_documented_variables'
+          - '--args=--only=terraform_typed_variables'
+          - '--args=--only=terraform_module_pinned_source'
+          - '--args=--only=terraform_naming_convention'
+          - '--args=--only=terraform_required_version'
+          - '--args=--only=terraform_required_providers'
+          - '--args=--only=terraform_standard_module_structure'
+          - '--args=--only=terraform_workspace_remote'
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v3.3.0
+    hooks:
+      - id: check-merge-conflict
@@ -0,0 +1,305 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+<a name="unreleased"></a>
+## [Unreleased]
+
+
+
+<a name="v1.29.0"></a>
+## [v1.29.0] - 2020-11-19
+
+- feat: Customizable prefixes for IAM policies (as for IAM role) ([#74](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/74))
+
+
+<a name="v1.28.0"></a>
+## [v1.28.0] - 2020-11-17
+
+- feat: Updated range of supported versions of Terraform and providers ([#71](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/71))
+
+
+<a name="v1.27.0"></a>
+## [v1.27.0] - 2020-11-02
+
+- ci: Updated pre-commit hooks, added terraform_validate ([#68](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/68))
+
+
+<a name="v1.26.0"></a>
+## [v1.26.0] - 2020-10-27
+
+- fix: Removed hash_extra_paths to have the same hash for multiple executors ([#66](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/66))
+
+
+<a name="v1.25.0"></a>
+## [v1.25.0] - 2020-10-26
+
+- fix: Fixed concurrent builds ([#65](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/65))
+- chore: Upgraded pre-commit-terraform to fix terraform-docs
+
+
+<a name="v1.24.0"></a>
+## [v1.24.0] - 2020-09-23
+
+- feat: Added tflint as pre-commit hook ([#60](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/60))
+
+
+<a name="v1.23.0"></a>
+## [v1.23.0] - 2020-09-14
+
+- feat: Added support for policy_jsons (list of strings) ([#58](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/58))
+
+
+<a name="v1.22.0"></a>
+## [v1.22.0] - 2020-08-26
+
+- feat: Updated submodules to support Terraform 0.13
+
+
+<a name="v1.21.0"></a>
+## [v1.21.0] - 2020-08-25
+
+- fix: os xcode python interpreter ([#50](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/50))
+- docs: Updated description for provisioned_concurrent_executions (closes [#38](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/38))
+- chore: Set number_of_policies in example
+
+
+<a name="v1.20.0"></a>
+## [v1.20.0] - 2020-08-19
+
+- fix: Fix policy attachments for managed policies ([#45](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/45))
+- feat: Add support for EFS File System Config ([#46](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/46))
+- feat: Bump version of AWS provider to support v3
+- feat: Upgraded Terraform version supported
+- docs: Updated FAQ with info about "We currently do not support adding policies for "
+- fix: Adds region wildcard to log group arn when lambda[@edge](https://github.com/edge) ([#35](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/35))
+- fix: Fixed issue with zip renaming on Windows platform ([#32](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/32))
+- feat: docker image building for installing pip requirements independently from OS ([#31](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/31))
+- fix: Fixed patterns applying ([#30](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/30))
+- fix: Fixed DUMP_ENV logging level ([#28](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/28))
+- fix: Fixed IAM policy attachment with multiple functions ([#26](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/26))
+- feat: Added support for variety of options for source_path, closes [#12](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/12) ([#25](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/25))
+- Updated examples and readme
+- Added more samples to examples/simple/main.tf
+- package.py - Log directories with ending /
+- package.py - Log skipped items + made uniform some messages
+- package.py - Added support for comments in patterns
+- package.py - Renamed: logger -> log
+- feat: Added ZipContentFilter class to apply patterns filtering
+- package.py - Fixed and improved logging
+- package.py - Added BuildPlanManager initial implementation
+- package.py - Fixed building in docker
+- package.py - Implemented ZipFileStream.write_file
+- feat: In-place zip archiving
+- package.py - Removed dir changing on zip archive generation
+- package.py - Simplified emit_dir_files func
+- package.py - Fixed timestamp appling
+- package.py - Added hidden hash command to calculate Lambda's content hash
+- package.py - Finished ZipFileStream.write_dirs implementation
+- package.py - Moved borrowed ZipInfo.from_file to a ZipWriteStream class
+- package.py - Added initial ZipFileStream skel
+- package.py - Move out inner functions from *_command functions
+- feat: Added pid to the prepare stage log records
+- feat: Added AWS CodeDeploy group name to outputs
+- fix: Create AWS CodeDeploy resources conditionally
+- fix: Do not create AWS Cloudwatch log group for Lambda Layers
+- feat: Add Cloudwatch Logs resources (or use existing) ([#24](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/24))
+
+
+<a name="v1.6.1"></a>
+## [v1.6.1] - 2020-08-14
+
+- fix: Added support for AWS provider v3 used by notify-slack module with Terraform 0.12
+
+
+<a name="v1.19.0"></a>
+## [v1.19.0] - 2020-08-14
+
+- feat: Add support for EFS File System Config ([#46](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/46))
+
+
+<a name="v1.18.0"></a>
+## [v1.18.0] - 2020-08-13
+
+- feat: Bump version of AWS provider to support v3
+
+
+<a name="v1.17.0"></a>
+## [v1.17.0] - 2020-07-20
+
+- feat: Upgraded Terraform version supported
+
+
+<a name="v1.16.0"></a>
+## [v1.16.0] - 2020-06-26
+
+- docs: Updated FAQ with info about "We currently do not support adding policies for "
+
+
+<a name="v1.15.0"></a>
+## [v1.15.0] - 2020-06-24
+
+- fix: Adds region wildcard to log group arn when lambda[@edge](https://github.com/edge) ([#35](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/35))
+
+
+<a name="v1.14.0"></a>
+## [v1.14.0] - 2020-06-18
+
+- fix: Fixed issue with zip renaming on Windows platform ([#32](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/32))
+
+
+<a name="v1.13.0"></a>
+## [v1.13.0] - 2020-06-17
+
+- feat: docker image building for installing pip requirements independently from OS ([#31](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/31))
+
+
+<a name="v1.12.0"></a>
+## [v1.12.0] - 2020-06-16
+
+- fix: Fixed patterns applying ([#30](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/30))
+- fix: Fixed DUMP_ENV logging level ([#28](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/28))
+
+
+<a name="v1.11.0"></a>
+## [v1.11.0] - 2020-06-16
+
+- fix: Fixed IAM policy attachment with multiple functions ([#26](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/26))
+
+
+<a name="v1.10.0"></a>
+## [v1.10.0] - 2020-06-14
+
+- feat: Added support for variety of options for source_path, closes [#12](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/12) ([#25](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/25))
+- Updated examples and readme
+- Added more samples to examples/simple/main.tf
+- package.py - Log directories with ending /
+- package.py - Log skipped items + made uniform some messages
+- package.py - Added support for comments in patterns
+- package.py - Renamed: logger -> log
+- feat: Added ZipContentFilter class to apply patterns filtering
+- package.py - Fixed and improved logging
+- package.py - Added BuildPlanManager initial implementation
+- package.py - Fixed building in docker
+- package.py - Implemented ZipFileStream.write_file
+- feat: In-place zip archiving
+- package.py - Removed dir changing on zip archive generation
+- package.py - Simplified emit_dir_files func
+- package.py - Fixed timestamp appling
+- package.py - Added hidden hash command to calculate Lambda's content hash
+- package.py - Finished ZipFileStream.write_dirs implementation
+- package.py - Moved borrowed ZipInfo.from_file to a ZipWriteStream class
+- package.py - Added initial ZipFileStream skel
+- package.py - Move out inner functions from *_command functions
+- feat: Added pid to the prepare stage log records
+
+
+<a name="v1.9.0"></a>
+## [v1.9.0] - 2020-06-12
+
+- feat: Added AWS CodeDeploy group name to outputs
+
+
+<a name="v1.8.0"></a>
+## [v1.8.0] - 2020-06-12
+
+- fix: Create AWS CodeDeploy resources conditionally
+- fix: Do not create AWS Cloudwatch log group for Lambda Layers
+
+
+<a name="v1.7.0"></a>
+## [v1.7.0] - 2020-06-12
+
+- feat: Add Cloudwatch Logs resources (or use existing) ([#24](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/24))
+
+
+<a name="v1.6.0"></a>
+## [v1.6.0] - 2020-06-11
+
+- feat: Added package debug levels
+
+
+<a name="v1.5.0"></a>
+## [v1.5.0] - 2020-06-10
+
+- fix: Added dependency for aws_s3_bucket_object, fixes [#15](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/15) ([#19](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/19))
+- feat: Added support for one-shot artifacts build to skip recreation of missing packages ([#20](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/20))
+
+
+<a name="v1.4.0"></a>
+## [v1.4.0] - 2020-06-10
+
+- feat: Added deploy module to do complex deployments using AWS CodeDeploy ([#17](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/17))
+- feat: Stable zip archives - v1 ([#18](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/18))
+- feat: Added better support for Lambda Alias resources via separate submodule ([#14](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/14))
+- feat: Reliable passing build plan by a separate file + minor changes ([#13](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/13))
+
+
+<a name="v1.3.0"></a>
+## [v1.3.0] - 2020-06-07
+
+- fix: Computed values in number of policies
+
+
+<a name="v1.2.0"></a>
+## [v1.2.0] - 2020-06-07
+
+- feat: Added support for Lambda Permissions for allowed triggers ([#11](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/11))
+- docs: Added link to apigateway-v2 module
+
+
+<a name="v1.1.0"></a>
+## [v1.1.0] - 2020-06-05
+
+- feat: Added 4 new ways to customize IAM policies for Lambda Function ([#10](https://github.com/terraform-aws-modules/terraform-aws-lambda/issues/10))
+- Fixed README
+- Updated README formatting
+
+
+<a name="v1.0.0"></a>
+## [v1.0.0] - 2020-06-04
+
+- Updated README formatting
+- Initial terraform-aws-lambda implementation
+- Added example of Dockerfile for custom AWS Lambda build env
+- Added initial draft implementation of lambda.py and package.tf
+
+
+<a name="v0.0.1"></a>
+## v0.0.1 - 2020-06-02
+
+- first commit
+
+
+[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.29.0...HEAD
+[v1.29.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.28.0...v1.29.0
+[v1.28.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.27.0...v1.28.0
+[v1.27.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.26.0...v1.27.0
+[v1.26.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.25.0...v1.26.0
+[v1.25.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.24.0...v1.25.0
+[v1.24.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.23.0...v1.24.0
+[v1.23.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.22.0...v1.23.0
+[v1.22.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.21.0...v1.22.0
+[v1.21.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.20.0...v1.21.0
+[v1.20.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.1...v1.20.0
+[v1.6.1]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.19.0...v1.6.1
+[v1.19.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.18.0...v1.19.0
+[v1.18.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.17.0...v1.18.0
+[v1.17.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.16.0...v1.17.0
+[v1.16.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.15.0...v1.16.0
+[v1.15.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.14.0...v1.15.0
+[v1.14.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.13.0...v1.14.0
+[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.12.0...v1.13.0
+[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.11.0...v1.12.0
+[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.10.0...v1.11.0
+[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.9.0...v1.10.0
+[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.8.0...v1.9.0
+[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.7.0...v1.8.0
+[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.6.0...v1.7.0
+[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.5.0...v1.6.0
+[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.4.0...v1.5.0
+[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.3.0...v1.4.0
+[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.2.0...v1.3.0
+[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.1.0...v1.2.0
+[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v1.0.0...v1.1.0
+[v1.0.0]: https://github.com/terraform-aws-modules/terraform-aws-lambda/compare/v0.0.1...v1.0.0
@@ -0,0 +1,13 @@
+Copyright 2020 Anton Babenko (Betajob AS)
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
@@ -0,0 +1,7 @@
+.PHONY: changelog release
+
+changelog:
+	git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o`
+
+release:
+	semtag final -s minor
@@ -0,0 +1,194 @@
+# AWS Step Functions Terraform module
+
+Terraform module, which creates AWS Step Functions as well as required IAM role and IAM policies for [Integrated Services](https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html).
+
+This Terraform module is the part of [serverless.tf framework](https://github.com/antonbabenko/serverless.tf), which aims to simplify all operations when working with the serverless in Terraform.
+
+
+## Features
+
+- [x] Creates AWS Step Function
+- [x] Conditional creation for many types of resources
+- [x] Support IAM policy attachments for [Integrated Services (eg, Lambda, SQS, ECS, EKS, Batch, DynamoDB, etc)](https://docs.aws.amazon.com/step-functions/latest/dg/service-integration-iam-templates.html) and various ways to create and attach additional policies
+
+
+## Usage
+
+### Step Function
+  
+```hcl
+module "step_function" {
+  source = "terraform-aws-modules/step-function/aws"
+
+  name       = "my-step-function"
+  definition = <<EOF
+{
+  "Comment": "A Hello World example of the Amazon States Language using Pass states",
+  "StartAt": "Hello",
+  "States": {
+    "Hello": {
+      "Type": "Pass",
+      "Result": "Hello",
+      "Next": "World"
+    },
+    "World": {
+      "Type": "Pass",
+      "Result": "World",
+      "End": true
+    }
+  }
+}
+EOF
+  
+  service_integrations = {
+    dynamodb = {
+      dynamodb = ["arn:aws:dynamodb:eu-west-1:052212379155:table/Test"]
+    }
+
+    lambda = {
+      lambda = ["arn:aws:lambda:eu-west-1:123456789012:function:test1", "arn:aws:lambda:eu-west-1:123456789012:function:test2"]
+    }
+  }
+
+  tags = {
+    Module = "my"
+  }
+}
+```
+
+## Service integration policies
+
+There are predefined policies for all available integrations (see `aws_service_policies` in `locals.tf` for values) which can be used as a key inside `service_integrations` argument.
+
+Each key of `aws_service_policies` contains configuration for the IAM policy statements which will be combined with the values specified in `service_integrations` argument.
+
+Example of `service_integrations` arguments:
+
+```hcl
+module "step_function" {
+  source = "terraform-aws-modules/step-function/aws"
+
+  # ... omitted
+  service_integrations = {
+    xray = {
+      xray = true  # the value of default_resources key will be used when key value is `true`
+    }
+
+    sqs = {
+      sqs = "arn:aws:sqs:..."  # sqs queue ARN is required because there is no default_resources key for such integration
+    }
+ 
+    # Special case to deny all actions for the step function (this will override all IAM policies allowed for the function)
+    no_tasks = {
+      deny_all = true
+    }
+  }
+}
+```
+
+
+## Additional IAM policies for Step Function
+
+In addition to all supported AWS service integrations you may want to create and attach additional policies.
+
+There are 5 supported ways to attach additional IAM policies to IAM role used by Step Function:
+
+1. `policy_json` - JSON string or heredoc, when `attach_policy_json = true`.
+1. `policy_jsons` - List of JSON strings or heredoc, when `attach_policy_jsons = true` and `number_of_policy_jsons > 0`.
+1. `policy` - ARN of existing IAM policy, when `attach_policy = true`.
+1. `policies` - List of ARNs of existing IAM policies, when `attach_policies = true` and `number_of_policies > 0`.
+1. `policy_statements` - Map of maps to define IAM statements which will be generated as IAM policy. Requires `attach_policy_statements = true`. See `examples/complete` for more information.
+
+
+## Conditional creation
+
+Sometimes you need to have a way to create resources conditionally, so the solution is to specify `create` arguments.
+
+```hcl
+module "step_function" {
+  source = "terraform-aws-modules/step-function/aws"
+
+  create      = false # to disable all resources
+  create_role = false  # to control creation of the IAM role and policies required for Step Function
+
+  # ... omitted
+}
+```
+
+
+## Examples
+
+* [Complete](https://github.com/terraform-aws-modules/terraform-aws-step-function/tree/master/examples/complete) - Create Step Function and required IAM resources in various combinations with all supported features.
+
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.67 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 2.67 |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| attach\_policies | Controls whether list of policies should be added to IAM role | `bool` | `false` | no |
+| attach\_policies\_for\_integrations | Whether to attach AWS Service policies to IAM role | `bool` | `true` | no |
+| attach\_policy | Controls whether policy should be added to IAM role | `bool` | `false` | no |
+| attach\_policy\_json | Controls whether policy\_json should be added to IAM role | `bool` | `false` | no |
+| attach\_policy\_jsons | Controls whether policy\_jsons should be added to IAM role | `bool` | `false` | no |
+| attach\_policy\_statements | Controls whether policy\_statements should be added to IAM role | `bool` | `false` | no |
+| aws\_region\_assume\_role | Name of AWS regions where IAM role can be assumed by the Step Function | `string` | `""` | no |
+| create | Whether to create Step Function resource | `bool` | `true` | no |
+| create\_role | Whether to create IAM role for the Step Function | `bool` | `true` | no |
+| definition | The Amazon States Language definition of the Step Function | `string` | `""` | no |
+| name | The name of the Step Function | `string` | `""` | no |
+| number\_of\_policies | Number of policies to attach to IAM role | `number` | `0` | no |
+| number\_of\_policy\_jsons | Number of policies JSON to attach to IAM role | `number` | `0` | no |
+| policies | List of policy statements ARN to attach to IAM role | `list(string)` | `[]` | no |
+| policy | An additional policy document ARN to attach to IAM role | `string` | `null` | no |
+| policy\_json | An additional policy document as JSON to attach to IAM role | `string` | `null` | no |
+| policy\_jsons | List of additional policy documents as JSON to attach to IAM role | `list(string)` | `[]` | no |
+| policy\_statements | Map of dynamic policy statements to attach to IAM role | `any` | `{}` | no |
+| role\_arn | The Amazon Resource Name (ARN) of the IAM role to use for this Step Function | `string` | `""` | no |
+| role\_description | Description of IAM role to use for Step Function | `string` | `null` | no |
+| role\_force\_detach\_policies | Specifies to force detaching any policies the IAM role has before destroying it. | `bool` | `true` | no |
+| role\_name | Name of IAM role to use for Step Function | `string` | `null` | no |
+| role\_path | Path of IAM role to use for Step Function | `string` | `null` | no |
+| role\_permissions\_boundary | The ARN of the policy that is used to set the permissions boundary for the IAM role used by Step Function | `string` | `null` | no |
+| role\_tags | A map of tags to assign to IAM role | `map(string)` | `{}` | no |
+| service\_integrations | Map of AWS service integrations to allow in IAM role policy | `any` | `{}` | no |
+| tags | Maps of tags to assign to the Step Function | `map(string)` | `{}` | no |
+| trusted\_entities | Step Function additional trusted entities for assuming roles (trust relationship) | `list(string)` | `[]` | no |
+| use\_existing\_role | Whether to use an existing IAM role for this Step Function | `bool` | `false` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_role\_arn | The ARN of the IAM role created for the Step Function |
+| this\_role\_name | The name of the IAM role created for the Step Function |
+| this\_state\_machine\_arn | The ARN of the Step Function |
+| this\_state\_machine\_creation\_date | The date the Step Function was created |
+| this\_state\_machine\_id | The ARN of the Step Function |
+| this\_state\_machine\_status | The current status of the Step Function |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Authors
+
+Module managed by [Anton Babenko](https://github.com/antonbabenko). Check out [serverless.tf](https://serverless.tf) to learn more about doing serverless with Terraform.
+
+Please reach out to [Betajob](https://www.betajob.com/) if you are looking for commercial support for your Terraform, AWS, or serverless project.
+
+
+## License
+
+Apache 2 Licensed. See LICENSE for full details.
@@ -0,0 +1,51 @@
+# Complete AWS Step Function example
+
+Configuration in this directory creates AWS Step Function and IAM role with large variety of supported AWS Service integrations and custom policies.
+
+Note: You probably don't need to set custom/additional policies but use `service_integrations` only.
+
+
+## Usage
+
+To run this example you need to execute:
+
+```bash
+$ terraform init
+$ terraform plan
+$ terraform apply
+```
+
+Note that this example may create resources which cost money. Run `terraform destroy` when you don't need these resources.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| terraform | >= 0.12.6 |
+| aws | >= 2.67 |
+| random | >= 2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | >= 2.67 |
+| random | >= 2 |
+
+## Inputs
+
+No input.
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| this\_role\_arn | The ARN of the IAM role created for the State Machine |
+| this\_role\_name | The name of the IAM role created for the State Machine |
+| this\_state\_machine\_arn | The ARN of the State Machine |
+| this\_state\_machine\_creation\_date | The date the State Machine was created |
+| this\_state\_machine\_id | The ARN of the State Machine |
+| this\_state\_machine\_status | The current status of the State Machine |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -0,0 +1,156 @@
+provider "aws" {
+  region = "eu-west-1"
+
+  # Make it faster by skipping something
+  skip_get_ec2_platforms      = true
+  skip_metadata_api_check     = true
+  skip_region_validation      = true
+  skip_credentials_validation = true
+  skip_requesting_account_id  = true
+}
+
+locals {
+  definition_template = <<EOF
+{
+  "Comment": "A Hello World example of the Amazon States Language using Pass states",
+  "StartAt": "Hello",
+  "States": {
+    "Hello": {
+      "Type": "Pass",
+      "Result": "Hello",
+      "Next": "World"
+    },
+    "World": {
+      "Type": "Pass",
+      "Result": "World",
+      "End": true
+    }
+  }
+}
+EOF
+}
+
+
+module "step_function" {
+  source = "../../"
+
+  name = random_pet.this.id
+
+  definition = local.definition_template
+
+  service_integrations = {
+
+    dynamodb = {
+      dynamodb = ["arn:aws:dynamodb:eu-west-1:052212379155:table/Test"]
+    }
+
+    athena_StartQueryExecution_Sync = {
+      athena        = ["arn:aws:athena:eu-west-1:123456789012:something1:test1"]
+      glue          = ["arn:aws:glue:eu-west-1:123456789012:something2:test1"]
+      s3            = true # options: true (use default value from `aws_service_policies`) or provide a list of ARNs
+      lakeformation = ["arn:aws:lakeformation:eu-west-1:123456789012:something3:test1"]
+    }
+
+    lambda = {
+      lambda = ["arn:aws:lambda:eu-west-1:123456789012:function:test1", "arn:aws:lambda:eu-west-1:123456789012:function:test2"]
+    }
+
+    xray = {
+      xray = true
+    }
+
+    no_tasks = {
+      deny_all = true
+    }
+  }
+
+  ######################
+  # Additional policies
+  # Probably you are not going to need them (use `service_integrations` instead)!
+  ######################
+
+  attach_policy_json = true
+  policy_json        = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "xray:GetSamplingStatisticSummaries"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+EOF
+
+  attach_policy_jsons = true
+  policy_jsons = [<<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "xray:*"
+            ],
+            "Resource": ["*"]
+        }
+    ]
+}
+EOF
+  ]
+  number_of_policy_jsons = 1
+
+  attach_policy = true
+  policy        = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+
+  attach_policies    = true
+  policies           = ["arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess"]
+  number_of_policies = 1
+
+  attach_policy_statements = true
+  policy_statements = {
+    dynamodb = {
+      effect    = "Allow",
+      actions   = ["dynamodb:BatchWriteItem"],
+      resources = ["arn:aws:dynamodb:eu-west-1:052212379155:table/Test"]
+    },
+    s3_read = {
+      effect    = "Deny",
+      actions   = ["s3:HeadObject", "s3:GetObject"],
+      resources = ["arn:aws:s3:::my-bucket/*"]
+    }
+  }
+
+  ###########################
+  # END: Additional policies
+  ###########################
+
+  tags = {
+    Module = "step_function"
+  }
+}
+
+###########
+# Disabled
+###########
+
+module "disabled_step_function" {
+  source = "../../"
+
+  create = false
+}
+
+##################
+# Extra resources
+##################
+
+resource "random_pet" "this" {
+  length = 2
+}
+
+resource "aws_sqs_queue" "queue" {
+  name = random_pet.this.id
+}
@@ -0,0 +1,31 @@
+# State Machine
+output "this_state_machine_id" {
+  description = "The ARN of the State Machine"
+  value       = module.step_function.this_state_machine_id
+}
+
+output "this_state_machine_arn" {
+  description = "The ARN of the State Machine"
+  value       = module.step_function.this_state_machine_arn
+}
+
+output "this_state_machine_creation_date" {
+  description = "The date the State Machine was created"
+  value       = module.step_function.this_state_machine_creation_date
+}
+
+output "this_state_machine_status" {
+  description = "The current status of the State Machine"
+  value       = module.step_function.this_state_machine_status
+}
+
+# IAM Role
+output "this_role_arn" {
+  description = "The ARN of the IAM role created for the State Machine"
+  value       = module.step_function.this_role_arn
+}
+
+output "this_role_name" {
+  description = "The name of the IAM role created for the State Machine"
+  value       = module.step_function.this_role_name
+}
@@ -0,0 +1,8 @@
+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws    = ">= 2.67"
+    random = ">= 2"
+  }
+}
@@ -0,0 +1,217 @@
+locals {
+  create_role = var.create && var.create_role && ! var.use_existing_role
+  aws_region  = local.create_role && var.aws_region_assume_role == "" ? data.aws_region.current[0].name : var.aws_region_assume_role
+
+  role_name = local.create_role ? coalesce(var.role_name, var.name) : null
+}
+
+resource "aws_sfn_state_machine" "this" {
+  count = var.create ? 1 : 0
+
+  name = var.name
+
+  role_arn   = var.use_existing_role ? var.role_arn : aws_iam_role.this[0].arn
+  definition = var.definition
+
+  tags = merge({ Name = var.name }, var.tags)
+}
+
+###########
+# IAM Role
+###########
+
+data "aws_region" "current" {
+  count = local.create_role && var.aws_region_assume_role == "" ? 1 : 0
+}
+
+data "aws_iam_policy_document" "assume_role" {
+  count = local.create_role ? 1 : 0
+
+  statement {
+    effect  = "Allow"
+    actions = ["sts:AssumeRole"]
+
+    principals {
+      type        = "Service"
+      identifiers = distinct(concat(["states.${local.aws_region}.amazonaws.com"], var.trusted_entities))
+    }
+  }
+}
+
+resource "aws_iam_role" "this" {
+  count = local.create_role ? 1 : 0
+
+  name                  = local.role_name
+  description           = var.role_description
+  path                  = var.role_path
+  force_detach_policies = var.role_force_detach_policies
+  permissions_boundary  = var.role_permissions_boundary
+  assume_role_policy    = data.aws_iam_policy_document.assume_role[0].json
+
+  tags = merge(var.tags, var.role_tags)
+}
+
+##############################
+# Predefined service policies
+##############################
+
+data "aws_iam_policy_document" "service" {
+  for_each = local.create_role && var.attach_policies_for_integrations ? var.service_integrations : tomap({})
+
+  dynamic "statement" {
+    for_each = each.value
+
+    content {
+      effect    = lookup(local.aws_service_policies[each.key][statement.key], "effect", "Allow")
+      sid       = replace("${each.key}${title(statement.key)}", "/[^0-9A-Za-z]*/", "")
+      actions   = local.aws_service_policies[each.key][statement.key]["actions"]
+      resources = statement.value == true ? local.aws_service_policies[each.key][statement.key]["default_resources"] : tolist(statement.value)
+
+      dynamic "condition" {
+        for_each = lookup(local.aws_service_policies[each.key][statement.key], "condition", [])
+        content {
+          test     = condition.value.test
+          variable = condition.value.variable
+          values   = condition.value.values
+        }
+      }
+    }
+  }
+}
+
+resource "aws_iam_policy" "service" {
+  for_each = local.create_role && var.attach_policy_statements ? var.service_integrations : tomap({})
+
+  name   = "${local.role_name}-${each.key}"
+  policy = data.aws_iam_policy_document.service[each.key].json
+}
+
+resource "aws_iam_policy_attachment" "service" {
+  for_each = local.create_role && var.attach_policy_statements ? var.service_integrations : tomap({})
+
+  name       = "${local.role_name}-${each.key}"
+  roles      = [aws_iam_role.this[0].name]
+  policy_arn = aws_iam_policy.service[each.key].arn
+}
+
+
+###########################
+# Additional policy (JSON)
+###########################
+
+resource "aws_iam_policy" "additional_json" {
+  count = local.create_role && var.attach_policy_json ? 1 : 0
+
+  name   = local.role_name
+  policy = var.policy_json
+}
+
+resource "aws_iam_policy_attachment" "additional_json" {
+  count = local.create_role && var.attach_policy_json ? 1 : 0
+
+  name       = local.role_name
+  roles      = [aws_iam_role.this[0].name]
+  policy_arn = aws_iam_policy.additional_json[0].arn
+}
+
+#####################################
+# Additional policies (list of JSON)
+#####################################
+
+resource "aws_iam_policy" "additional_jsons" {
+  count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0
+
+  name   = "${local.role_name}-${count.index}"
+  policy = var.policy_jsons[count.index]
+}
+
+resource "aws_iam_policy_attachment" "additional_jsons" {
+  count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0
+
+  name       = "${local.role_name}-${count.index}"
+  roles      = [aws_iam_role.this[0].name]
+  policy_arn = aws_iam_policy.additional_jsons[count.index].arn
+}
+
+###########################
+# ARN of additional policy
+###########################
+
+resource "aws_iam_role_policy_attachment" "additional_one" {
+  count = local.create_role && var.attach_policy ? 1 : 0
+
+  role       = aws_iam_role.this[0].name
+  policy_arn = var.policy
+}
+
+######################################
+# List of ARNs of additional policies
+######################################
+
+resource "aws_iam_role_policy_attachment" "additional_many" {
+  count = local.create_role && var.attach_policies ? var.number_of_policies : 0
+
+  role       = aws_iam_role.this[0].name
+  policy_arn = var.policies[count.index]
+}
+
+###############################
+# Additional policy statements
+###############################
+
+data "aws_iam_policy_document" "additional_inline" {
+  count = local.create_role && var.attach_policy_statements ? 1 : 0
+
+  dynamic "statement" {
+    for_each = var.policy_statements
+
+    content {
+      sid           = lookup(statement.value, "sid", replace(statement.key, "/[^0-9A-Za-z]*/", ""))
+      effect        = lookup(statement.value, "effect", null)
+      actions       = lookup(statement.value, "actions", null)
+      not_actions   = lookup(statement.value, "not_actions", null)
+      resources     = lookup(statement.value, "resources", null)
+      not_resources = lookup(statement.value, "not_resources", null)
+
+      dynamic "principals" {
+        for_each = lookup(statement.value, "principals", [])
+        content {
+          type        = principals.value.type
+          identifiers = principals.value.identifiers
+        }
+      }
+
+      dynamic "not_principals" {
+        for_each = lookup(statement.value, "not_principals", [])
+        content {
+          type        = not_principals.value.type
+          identifiers = not_principals.value.identifiers
+        }
+      }
+
+      dynamic "condition" {
+        for_each = lookup(statement.value, "condition", [])
+        content {
+          test     = condition.value.test
+          variable = condition.value.variable
+          values   = condition.value.values
+        }
+      }
+    }
+  }
+}
+
+resource "aws_iam_policy" "additional_inline" {
+  count = local.create_role && var.attach_policy_statements ? 1 : 0
+
+  name   = "${local.role_name}-inline"
+  policy = data.aws_iam_policy_document.additional_inline[0].json
+}
+
+resource "aws_iam_policy_attachment" "additional_inline" {
+  count = local.create_role && var.attach_policy_statements ? 1 : 0
+
+  name       = local.role_name
+  roles      = [aws_iam_role.this[0].name]
+  policy_arn = aws_iam_policy.additional_inline[0].arn
+}
@@ -0,0 +1,31 @@
+# Step Function
+output "this_state_machine_id" {
+  description = "The ARN of the Step Function"
+  value       = element(concat(aws_sfn_state_machine.this.*.id, [""]), 0)
+}
+
+output "this_state_machine_arn" {
+  description = "The ARN of the Step Function"
+  value       = element(concat(aws_sfn_state_machine.this.*.arn, [""]), 0)
+}
+
+output "this_state_machine_creation_date" {
+  description = "The date the Step Function was created"
+  value       = element(concat(aws_sfn_state_machine.this.*.creation_date, [""]), 0)
+}
+
+output "this_state_machine_status" {
+  description = "The current status of the Step Function"
+  value       = element(concat(aws_sfn_state_machine.this.*.status, [""]), 0)
+}
+
+# IAM Role
+output "this_role_arn" {
+  description = "The ARN of the IAM role created for the Step Function"
+  value       = element(concat(aws_iam_role.this.*.arn, [""]), 0)
+}
+
+output "this_role_name" {
+  description = "The name of the IAM role created for the Step Function"
+  value       = element(concat(aws_iam_role.this.*.name, [""]), 0)
+}
@@ -0,0 +1,190 @@
+variable "create" {
+  description = "Whether to create Step Function resource"
+  type        = bool
+  default     = true
+}
+
+variable "create_role" {
+  description = "Whether to create IAM role for the Step Function"
+  type        = bool
+  default     = true
+}
+
+variable "use_existing_role" {
+  description = "Whether to use an existing IAM role for this Step Function"
+  type        = bool
+  default     = false
+}
+
+################
+# Step Function
+################
+
+variable "name" {
+  description = "The name of the Step Function"
+  type        = string
+  default     = ""
+}
+
+variable "definition" {
+  description = "The Amazon States Language definition of the Step Function"
+  type        = string
+  default     = ""
+}
+
+variable "role_arn" {
+  description = "The Amazon Resource Name (ARN) of the IAM role to use for this Step Function"
+  type        = string
+  default     = ""
+}
+
+variable "tags" {
+  description = "Maps of tags to assign to the Step Function"
+  type        = map(string)
+  default     = {}
+}
+
+###########
+# IAM Role
+###########
+
+variable "aws_region_assume_role" {
+  description = "Name of AWS regions where IAM role can be assumed by the Step Function"
+  type        = string
+  default     = ""
+}
+
+variable "role_name" {
+  description = "Name of IAM role to use for Step Function"
+  type        = string
+  default     = null
+}
+
+variable "role_description" {
+  description = "Description of IAM role to use for Step Function"
+  type        = string
+  default     = null
+}
+
+variable "role_path" {
+  description = "Path of IAM role to use for Step Function"
+  type        = string
+  default     = null
+}
+
+variable "role_force_detach_policies" {
+  description = "Specifies to force detaching any policies the IAM role has before destroying it."
+  type        = bool
+  default     = true
+}
+
+variable "role_permissions_boundary" {
+  description = "The ARN of the policy that is used to set the permissions boundary for the IAM role used by Step Function"
+  type        = string
+  default     = null
+}
+
+variable "role_tags" {
+  description = "A map of tags to assign to IAM role"
+  type        = map(string)
+  default     = {}
+}
+
+#####################################################
+# Predefined IAM Policies for supported AWS Services
+# (Lambda, DynamoDB, ECS, EKS, EMR, SageMaker, ...)
+#####################################################
+
+variable "attach_policies_for_integrations" {
+  description = "Whether to attach AWS Service policies to IAM role"
+  type        = bool
+  default     = true
+}
+
+variable "service_integrations" {
+  description = "Map of AWS service integrations to allow in IAM role policy"
+  type        = any
+  default     = {}
+}
+
+##########################
+# Various custom policies
+##########################
+
+variable "attach_policy_json" {
+  description = "Controls whether policy_json should be added to IAM role"
+  type        = bool
+  default     = false
+}
+
+variable "attach_policy_jsons" {
+  description = "Controls whether policy_jsons should be added to IAM role"
+  type        = bool
+  default     = false
+}
+
+variable "attach_policy" {
+  description = "Controls whether policy should be added to IAM role"
+  type        = bool
+  default     = false
+}
+
+variable "attach_policies" {
+  description = "Controls whether list of policies should be added to IAM role"
+  type        = bool
+  default     = false
+}
+
+variable "number_of_policy_jsons" {
+  description = "Number of policies JSON to attach to IAM role"
+  type        = number
+  default     = 0
+}
+
+variable "number_of_policies" {
+  description = "Number of policies to attach to IAM role"
+  type        = number
+  default     = 0
+}
+
+variable "attach_policy_statements" {
+  description = "Controls whether policy_statements should be added to IAM role"
+  type        = bool
+  default     = false
+}
+
+variable "trusted_entities" {
+  description = "Step Function additional trusted entities for assuming roles (trust relationship)"
+  type        = list(string)
+  default     = []
+}
+
+variable "policy_json" {
+  description = "An additional policy document as JSON to attach to IAM role"
+  type        = string
+  default     = null
+}
+
+variable "policy_jsons" {
+  description = "List of additional policy documents as JSON to attach to IAM role"
+  type        = list(string)
+  default     = []
+}
+
+variable "policy" {
+  description = "An additional policy document ARN to attach to IAM role"
+  type        = string
+  default     = null
+}
+
+variable "policies" {
+  description = "List of policy statements ARN to attach to IAM role"
+  type        = list(string)
+  default     = []
+}
+
+variable "policy_statements" {
+  description = "Map of dynamic policy statements to attach to IAM role"
+  type        = any
+  default     = {}
+}
@@ -0,0 +1,7 @@
+terraform {
+  required_version = ">= 0.12.6"
+
+  required_providers {
+    aws = ">= 2.67"
+  }
+}