feat: Add support for tenant isolation mode feature (#718)

Co-authored-by: Anton Babenko <393243+antonbabenko@users.noreply.github.com>

Author: paliwalvimal

README.md

@@ -858,6 +858,7 @@ No modules.
 | <a name="input_source_path"></a> [source\_path](#input\_source\_path) | The absolute path to a local file or directory containing your Lambda source code | `any` | `null` | no |
 | <a name="input_store_on_s3"></a> [store\_on\_s3](#input\_store\_on\_s3) | Whether to store produced artifacts on S3 or locally. | `bool` | `false` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A map of tags to assign to resources. | `map(string)` | `{}` | no |
+| <a name="input_tenant_isolation_mode"></a> [tenant\_isolation\_mode](#input\_tenant\_isolation\_mode) | Enable tenant isolation mode for the Lambda Function | `bool` | `false` | no |
 | <a name="input_timeout"></a> [timeout](#input\_timeout) | The amount of time your Lambda Function has to run in seconds. | `number` | `3` | no |
 | <a name="input_timeouts"></a> [timeouts](#input\_timeouts) | Define maximum timeout for creating, updating, and deleting Lambda Function resources | `map(string)` | `{}` | no |
 | <a name="input_tracing_mode"></a> [tracing\_mode](#input\_tracing\_mode) | Tracing mode of the Lambda Function. Valid value can be either PassThrough or Active. | `string` | `null` | no |

main.tf

@@ -137,6 +137,13 @@ resource "aws_lambda_function" "this" {
     }
   }
 
+  dynamic "tenancy_config" {
+    for_each = var.tenant_isolation_mode ? [true] : []
+    content {
+      tenant_isolation_mode = "PER_TENANT"
+    }
+  }
+
   tags = merge(
     var.tags,
     var.function_tags

variables.tf

@@ -280,6 +280,12 @@ variable "skip_destroy" {
   default     = null
 }
 
+variable "tenant_isolation_mode" {
+  description = "Enable tenant isolation mode for the Lambda Function"
+  type        = bool
+  default     = false
+}
+
 ###############
 # Function URL
 ###############

wrappers/main.tf

@@ -128,6 +128,7 @@ module "wrapper" {
   source_path                                  = try(each.value.source_path, var.defaults.source_path, null)
   store_on_s3                                  = try(each.value.store_on_s3, var.defaults.store_on_s3, false)
   tags                                         = try(each.value.tags, var.defaults.tags, {})
+  tenant_isolation_mode                        = try(each.value.tenant_isolation_mode, var.defaults.tenant_isolation_mode, false)
   timeout                                      = try(each.value.timeout, var.defaults.timeout, 3)
   timeouts                                     = try(each.value.timeouts, var.defaults.timeouts, {})
   tracing_mode                                 = try(each.value.tracing_mode, var.defaults.tracing_mode, null)