Lambda Configuration Details
Lambda EKS Access
The DR failover Lambda uses EKS Access Entries (not aws-auth ConfigMap) for Kubernetes authentication. This provides:
Auditable access via CloudTrail
No cluster-side ConfigMap management required
Automatic credential rotation via STS
Namespace-scoped permissions (restricted to logging namespace via AmazonEKSClusterAdminPolicy)
Configuration Variables
| Variable | Default | Range | Description |
|---|---|---|---|
dr_failover_lambda_pre_failover_failure_seconds
| 180 | 0-600 | Minimum consecutive seconds primary must be failing before failover. Set to 0 for testing only |
Module-internal defaults (not configurable via tfvars): The following
parameters are hardcoded within the dr-failover-lambda
module and use sensible defaults:
failover_cooldown_seconds (300s — prevents
flapping), max_retries (3 — K8s API retry
attempts), base_delay_seconds (1.0s — exponential
backoff base), max_delay_seconds (30.0s — backoff
cap). To customize these, modify
modules/aws/dr-failover-lambda/variables.tf directly.