terraform-provider-aws
terraform-provider-aws copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
[Bug]: aws_lambda_function try to update qualified_arn every time
Terraform Core Version
1.5.5
AWS Provider Version
5.16.1
Affected Resource(s)
aws_lambda_function
Expected Behavior
after do plan or apply if i havent do any change to my lambda function code or environment variables, this should not try to deploy it again over and over
Actual Behavior
each time that i do plan or apply this try to update qualified_arn and qualified_invoke_arn even if i havent change the code or environment variables or environment variables is empty
Relevant Error/Panic Output Snippet
# module.lambda_deployment_security.aws_lambda_function.lambda_function will be updated in-place
~ resource "aws_lambda_function" "lambda_function" {
id = "DeploymentSecurity-test"
~ qualified_arn = "arn:aws:lambda:us-east-1:xxxxxxxxxxxxx:function:DeploymentSecurity-test:5" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:xxxxxxxxxxxxxx:function:DeploymentSecurity-test:5/invocations" -> (known after apply)
tags = {}
~ version = "5" -> (known after apply)
# (20 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
Terraform Configuration Files
data "archive_file" "lambda" {
type = "zip"
source_file = var.source_path
output_path = "./builds/${var.name}.zip"
}
resource "aws_iam_role" "lambda_role" {
name = "lambda-${var.project_name}-${var.name}-LambdaRole"
path = "/"
assume_role_policy = jsonencode({
"Version" : "2012-10-17",
"Statement" : [
{
"Action" : "sts:AssumeRole",
"Principal" : {
"Service" : [
"lambda.amazonaws.com",
"edgelambda.amazonaws.com"
]
},
"Effect" : "Allow",
"Sid" : ""
}
]
})
}
resource "aws_iam_role_policy_attachment" "lambda_inst_role_attc_execution" {
role = aws_iam_role.lambda_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
resource "aws_iam_role_policy_attachment" "lambda_inst_role_attc_cloud_watch" {
role = aws_iam_role.lambda_role.name
policy_arn = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
}
locals {
environment_map = var.environment[*]
}
resource "aws_lambda_function" "lambda_function" {
filename = data.archive_file.lambda.output_path
function_name = var.name
description = var.description
role = aws_iam_role.lambda_role.arn
handler = "index.handler"
source_code_hash = data.archive_file.lambda.output_base64sha256
runtime = var.runtime
publish = true
dynamic "environment" {
for_each = local.environment_map
content {
variables = environment.value
}
}
}
Steps to Reproduce
im just running terraform plan and each time that i do that, the previous output happens
if is the first time its fine because we have to apply the changes, but after that you do again terraform plan you will notice the previous output
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None
