Skip to content

Commit

Permalink
Merge pull request #57 from schubergphilis/fix_timeouts
Browse files Browse the repository at this point in the history 
fix: increasing timeouts and memory usage on lambdas to prevent lambda timeouts
  • Loading branch information
@macampo
macampo authored Dec 6, 2024
2 parents 85eeacd + 49f2cc3 commit 57fa615
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,8 +148,8 @@ Since a lambda layer is used to provide the aws-lambda-powertools if you want to
|------|-------------|------|---------|:--------:|
| <a name="input_kms_key_arn"></a> [kms\_key\_arn](#input\_kms\_key\_arn) | The ARN of the KMS key used to encrypt the resources | `string` | n/a | yes |
| <a name="input_s3_bucket_name"></a> [s3\_bucket\_name](#input\_s3\_bucket\_name) | The name for the S3 bucket which will be created for storing the function's deployment package | `string` | n/a | yes |
| <a name="input_findings_manager_events_lambda"></a> [findings\_manager\_events\_lambda](#input\_findings\_manager\_events\_lambda) | Findings Manager Lambda settings - Manage Security Hub findings in response to EventBridge events | <pre>object({<br> name = optional(string, "securityhub-findings-manager-events")<br> log_level = optional(string, "INFO")<br> memory_size = optional(number, 256)<br> timeout = optional(number, 120)<br><br> security_group_egress_rules = optional(list(object({<br> cidr_ipv4 = optional(string)<br> cidr_ipv6 = optional(string)<br> description = string<br> from_port = optional(number, 0)<br> ip_protocol = optional(string, "-1")<br> prefix_list_id = optional(string)<br> referenced_security_group_id = optional(string)<br> to_port = optional(number, 0)<br> })), [])<br> })</pre> | `{}` | no |
| <a name="input_findings_manager_trigger_lambda"></a> [findings\_manager\_trigger\_lambda](#input\_findings\_manager\_trigger\_lambda) | Findings Manager Lambda settings - Manage Security Hub findings in response to S3 file upload triggers | <pre>object({<br> name = optional(string, "securityhub-findings-manager-trigger")<br> log_level = optional(string, "INFO")<br> memory_size = optional(number, 256)<br> timeout = optional(number, 120)<br><br> security_group_egress_rules = optional(list(object({<br> cidr_ipv4 = optional(string)<br> cidr_ipv6 = optional(string)<br> description = string<br> from_port = optional(number, 0)<br> ip_protocol = optional(string, "-1")<br> prefix_list_id = optional(string)<br> referenced_security_group_id = optional(string)<br> to_port = optional(number, 0)<br> })), [])<br> })</pre> | `{}` | no |
| <a name="input_findings_manager_events_lambda"></a> [findings\_manager\_events\_lambda](#input\_findings\_manager\_events\_lambda) | Findings Manager Lambda settings - Manage Security Hub findings in response to EventBridge events | <pre>object({<br> name = optional(string, "securityhub-findings-manager-events")<br> log_level = optional(string, "INFO")<br> memory_size = optional(number, 256)<br> timeout = optional(number, 300)<br><br> security_group_egress_rules = optional(list(object({<br> cidr_ipv4 = optional(string)<br> cidr_ipv6 = optional(string)<br> description = string<br> from_port = optional(number, 0)<br> ip_protocol = optional(string, "-1")<br> prefix_list_id = optional(string)<br> referenced_security_group_id = optional(string)<br> to_port = optional(number, 0)<br> })), [])<br> })</pre> | `{}` | no |
| <a name="input_findings_manager_trigger_lambda"></a> [findings\_manager\_trigger\_lambda](#input\_findings\_manager\_trigger\_lambda) | Findings Manager Lambda settings - Manage Security Hub findings in response to S3 file upload triggers | <pre>object({<br> name = optional(string, "securityhub-findings-manager-trigger")<br> log_level = optional(string, "INFO")<br> memory_size = optional(number, 1024)<br> timeout = optional(number, 900)<br><br> security_group_egress_rules = optional(list(object({<br> cidr_ipv4 = optional(string)<br> cidr_ipv6 = optional(string)<br> description = string<br> from_port = optional(number, 0)<br> ip_protocol = optional(string, "-1")<br> prefix_list_id = optional(string)<br> referenced_security_group_id = optional(string)<br> to_port = optional(number, 0)<br> })), [])<br> })</pre> | `{}` | no |
| <a name="input_jira_eventbridge_iam_role_name"></a> [jira\_eventbridge\_iam\_role\_name](#input\_jira\_eventbridge\_iam\_role\_name) | The name of the role which will be assumed by EventBridge rules for Jira integration | `string` | `"SecurityHubFindingsManagerJiraEventBridge"` | no |
| <a name="input_jira_integration"></a> [jira\_integration](#input\_jira\_integration) | Findings Manager - Jira integration settings | <pre>object({<br> enabled = optional(bool, false)<br> autoclose_enabled = optional(bool, false)<br> autoclose_comment = optional(string, "Security Hub finding has been resolved. Autoclosing the issue.")<br> autoclose_transition_name = optional(string, "Close Issue")<br> credentials_secret_arn = string<br> exclude_account_ids = optional(list(string), [])<br> finding_severity_normalized_threshold = optional(number, 70)<br> issue_custom_fields = optional(map(string), {})<br> issue_type = optional(string, "Security Advisory")<br> project_key = string<br><br> security_group_egress_rules = optional(list(object({<br> cidr_ipv4 = optional(string)<br> cidr_ipv6 = optional(string)<br> description = string<br> from_port = optional(number, 0)<br> ip_protocol = optional(string, "-1")<br> prefix_list_id = optional(string)<br> referenced_security_group_id = optional(string)<br> to_port = optional(number, 0)<br> })), [])<br><br> lambda_settings = optional(object({<br> name = optional(string, "securityhub-findings-manager-jira")<br> log_level = optional(string, "INFO")<br> memory_size = optional(number, 256)<br> timeout = optional(number, 60)<br> }), {<br> name = "securityhub-findings-manager-jira"<br> iam_role_name = "SecurityHubFindingsManagerJiraLambda"<br> log_level = "INFO"<br> memory_size = 256<br> timeout = 60<br> security_group_egress_rules = []<br> })<br><br> step_function_settings = optional(object({<br> log_level = optional(string, "ERROR")<br> retention = optional(number, 90)<br> }), {<br> log_level = "ERROR"<br> retention = 90<br> })<br><br> })</pre> | <pre>{<br> "credentials_secret_arn": null,<br> "enabled": false,<br> "project_key": null<br>}</pre> | no |
| <a name="input_jira_step_function_iam_role_name"></a> [jira\_step\_function\_iam\_role\_name](#input\_jira\_step\_function\_iam\_role\_name) | The name of the role which will be assumed by AWS Step Function for Jira integration | `string` | `"SecurityHubFindingsManagerJiraStepFunction"` | no |
Expand Down
6 changes: 3 additions & 3 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ variable "findings_manager_events_lambda" {
name = optional(string, "securityhub-findings-manager-events")
log_level = optional(string, "INFO")
memory_size = optional(number, 256)
timeout = optional(number, 120)
timeout = optional(number, 300)

security_group_egress_rules = optional(list(object({
cidr_ipv4 = optional(string)
Expand All @@ -29,8 +29,8 @@ variable "findings_manager_trigger_lambda" {
type = object({
name = optional(string, "securityhub-findings-manager-trigger")
log_level = optional(string, "INFO")
memory_size = optional(number, 256)
timeout = optional(number, 120)
memory_size = optional(number, 1024)
timeout = optional(number, 900)

security_group_egress_rules = optional(list(object({
cidr_ipv4 = optional(string)
Expand Down

0 comments on commit 57fa615

Please sign in to comment.