Support for GovCloud Appears to be Missing

Question

Support for GovCloud Appears to be Missing

olivereri opened this issue a year ago · 4 comments

Expected Behavior

When deploying to an AWS account in the GovCloud partition (aws-us-gov) the lambda function uses the govcloud version of the datadog layers

Actual Behavior

The lambda wrapper only targets the aws partition, not aws-us-gov, and doesn't use the Govcloud account ID resulting a TF apply error:

module.my_lambda_function.aws_lambda_function.this: Creating...
╷
│ Error: creating Lambda Function (my_lambda_function): operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: 07f20e55-59d1-4bf1-b8a4-15a5814847bf, InvalidParameterValueException: Invalid layer version arn:aws:lambda:us-gov-west-1:464622532012:layer:Datadog-Extension:57
│ 
│   with module.chip_api_token_function.aws_lambda_function.this,
│   on .terraform/modules/my_lambda_function/main.tf line 92, in resource "aws_lambda_function" "this":
│   92: resource "aws_lambda_function" "this" {
│ 
╵

Steps to Reproduce

Deploy terraform-aws-lambda-datadog to AWS GovCLoud

Relations

#3

Answer 1 · 2024-06-06T22:09:52.000Z

Great! Looks like the changes in the pull request function correctly. I set the source attribute to my repo fork ref with the modifications and got this TF output:

 # module.chip_api_token_function.aws_lambda_function.this will be created
  + resource "aws_lambda_function" "this" {
      + architectures                  = [
          + "x86_64",
        ]
      + arn                            = (known after apply)
      + description                    = "Generate a JWT for CHIP clients"
      + function_name                  = "project-chipAPI-token-dev"
      + handler                        = "/opt/nodejs/node_modules/datadog-lambda-js/handler.handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + layers                         = [
          + "arn:aws-us-gov:lambda:us-gov-west-1:002406178527:layer:Datadog-Extension:57",
          + "arn:aws-us-gov:lambda:us-gov-west-1:002406178527:layer:Datadog-Node18-x:109",

Lambda creates properly and the layers exist:

Answer 2 · 2024-06-06T22:19:53.000Z

I still need to test a deployment to the commercial aws partition of AWS, but I'm confident that the simple logic and metadata call will function just as well.

Answer 3 · 2024-06-10T15:47:00.000Z

Hey @olivereri thanks for adding this! I tested this for both AWS Govcloud and AWS Commercial and confirmed the correct layer arns are generated. I just approved and merged the PR. I'll let you know once this is released!

Answer 4 · 2024-06-10T18:04:29.000Z

GovCloud support is now available in v1.1.0!

https://github.com/DataDog/terraform-aws-lambda-datadog/releases/tag/v1.1.0