[WIP] - ASG Lambda Update

- Added S3 Bucket as an origin to lambda zip file
- Only supports two regions [us-west-2, us-east-1 (Need Security Whitelist for other regions)]
- Tested & Working (See internal ZTW-1182)
* TODO: [Final QA Validation, Release Notes]

examples/base_cc_gwlb_asg/main.tf

@@ -265,6 +265,7 @@ module "asg_lambda" {
   secret_name             = var.secret_name
   autoscaling_group_names = module.cc_asg.autoscaling_group_ids
   asg_lambda_filename     = var.asg_lambda_filename
+  aws_region              = var.aws_region
 }
 
 

examples/base_cc_gwlb_asg_zpa/main.tf

@@ -283,6 +283,7 @@ module "asg_lambda" {
   secret_name             = var.secret_name
   autoscaling_group_names = module.cc_asg.autoscaling_group_ids
   asg_lambda_filename     = var.asg_lambda_filename
+  aws_region              = var.aws_region
 }
 
 

modules/terraform-zscc-asg-lambda-aws/main.tf

@@ -162,15 +162,15 @@ resource "aws_iam_role_policy_attachment" "lambda_logs_attachment" {
 # Create Lambda Function
 ################################################################################
 resource "aws_lambda_function" "asg_lambda_function" {
-  function_name    = "${var.name_prefix}_asg_lambda_function_${var.resource_tag}"
-  handler          = "${var.asg_lambda_filename}.lambda_handler"
-  runtime          = "python3.12"
-  filename         = "${path.module}/${var.asg_lambda_filename}.zip"
-  source_code_hash = filebase64sha256("${path.module}/${var.asg_lambda_filename}.zip")
-  role             = aws_iam_role.asg_lambda_iam_role.arn
-  timeout          = 180 # executes for max 180 seconds
-  memory_size      = 256
-  architectures    = [var.architecture]
+  function_name = "${var.name_prefix}_asg_lambda_function_${var.resource_tag}"
+  handler       = "${var.asg_lambda_filename}.lambda_handler"
+  runtime       = "python3.12"
+  s3_bucket     = "${var.s3_bucket}-${var.aws_region}"
+  s3_key        = "${var.asg_lambda_filename}.zip"
+  role          = aws_iam_role.asg_lambda_iam_role.arn
+  timeout       = 180 # executes for max 180 seconds
+  memory_size   = 256
+  architectures = [var.architecture]
 
   environment {
     variables = {

modules/terraform-zscc-asg-lambda-aws/variables.tf

@@ -1,3 +1,11 @@
+variable "aws_region" {
+  type        = string
+  description = "The AWS region."
+}
+variable "s3_bucket" {
+  description = "S3 bucket containing Lambda deployment packages"
+  default     = "zscaler-cc-lambda-service"
+}
 variable "name_prefix" {
   type        = string
   description = "A prefix to associate to all the Cloud Connector module resources"