Merge pull request #2814 from kakakakakku/lambda-ssm-parameter-terraform

julianwood · web-flow · commit 3f62ddc1b1f3 · 2025-12-08T07:24:18.000-08:00
lambda-ssm-parameter-terraform: Update runtime to nodejs22.x
diff --git a/lambda-ssm-parameter-terraform/.gitignore b/lambda-ssm-parameter-terraform/.gitignore
@@ -0,0 +1 @@
+lambda.zip
diff --git a/lambda-ssm-parameter-terraform/main.tf b/lambda-ssm-parameter-terraform/main.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = "~> 4.22"
+      version = "~> 5.0"
     }
   }
 
@@ -31,7 +31,7 @@ resource "aws_lambda_function" "lambda_function" {
   source_code_hash = data.archive_file.lambda_zip_file.output_base64sha256
   handler          = "app.handler"
   role             = aws_iam_role.lambda_iam_role.arn
-  runtime          = "nodejs16.x"
+  runtime          = "nodejs22.x"
   environment {
     variables = {
       SSMParameterName = var.ssm_parameter_name
@@ -50,11 +50,7 @@ data "aws_iam_policy" "lambda_basic_execution_role_policy" {
 }
 
 resource "aws_iam_role" "lambda_iam_role" {
-  name_prefix         = "LambdaSSMParameterRole-"
-  managed_policy_arns = [
-    data.aws_iam_policy.lambda_basic_execution_role_policy.arn,
-    aws_iam_policy.lambda_policy.arn
-  ]
+  name_prefix = "LambdaSSMParameterRole-"
 
   assume_role_policy = <<EOF
 {
@@ -73,11 +69,21 @@ resource "aws_iam_role" "lambda_iam_role" {
 EOF
 }
 
+resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = data.aws_iam_policy.lambda_basic_execution_role_policy.arn
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_ssm" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = aws_iam_policy.lambda_policy.arn
+}
+
 data "aws_iam_policy_document" "lambda_policy_document" {
   statement {
-  
+
     effect = "Allow"
-  
+
     actions = [
       "ssm:GetParameter",
       "ssm:PutParameter"
diff --git a/lambda-ssm-parameter-terraform/src/app.js b/lambda-ssm-parameter-terraform/src/app.js
@@ -6,8 +6,11 @@
 // 2. GET or PUT an SSM Parameter Store parameter.
 // 3. Return a response with parameter result.
 
-const AWS = require("aws-sdk")
-const ssm = new AWS.SSM()
+const { SSMClient, GetParameterCommand, PutParameterCommand } = require('@aws-sdk/client-ssm')
+
+const ssmClient = new SSMClient({
+  region: process.env.AWS_REGION
+})
 
 exports.handler = async (event, context) => {
   try {
@@ -34,12 +37,12 @@ exports.handler = async (event, context) => {
         Overwrite: true,
         Type: "String",
       };
-      result = await ssm.putParameter(ssmPutParams).promise()
+      result = await ssmClient.send(new PutParameterCommand(ssmPutParams))
     } else if (method == "GET") {
       const ssmGetParams = {
         Name: parameterName,
       };
-      result = await ssm.getParameter(ssmGetParams).promise()
+      result = await ssmClient.send(new GetParameterCommand(ssmGetParams))
     } else {
       result = "Method not supported"
     }
@@ -57,4 +60,4 @@ exports.handler = async (event, context) => {
     console.error(error);
     throw new Error(error);
   }
-}
+}
