Lambda consistently fails the FIRST pull from ECR after `docker_image_registry` completed uploading `docker_image`
garysassano opened this issue ยท 1 comments
garysassano commented
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform (and docker Provider) Version
Affected Resource(s)
docker_XXXXX
Terraform Configuration Files
// Configure AWS provider
new AwsProvider(this, "aws");
// Get ECR authorization token
const token = new DataAwsEcrAuthorizationToken(this, "token");
// Configure Docker provider
new DockerProvider(this, "docker", {
registryAuth: [
{
address: token.proxyEndpoint,
password: token.password,
username: token.userName,
},
],
});
// Create ECR repos
const backRepo = new EcrRepository(this, "BackRepo", {
name: "back-repo",
});
const frontRepo = new EcrRepository(this, "FrontRepo", {
name: "front-repo",
});
// Calculate the SHA256 digests for the Dockerfiles
const backDockerfileDigest = Fn.filesha256(
path.join(__dirname, "back/Dockerfile"),
);
const frontDockerfileDigest = Fn.filesha256(
path.join(__dirname, "front/Dockerfile"),
);
// Build Docker images
const backImage = new Image(this, "BackImage", {
buildAttribute: {
context: path.join(__dirname, "back"),
platform: "linux/amd64",
},
name: `${backRepo.repositoryUrl}:latest`,
triggers: { filesha256: backDockerfileDigest },
});
const frontImage = new Image(this, "FrontImage", {
buildAttribute: {
context: path.join(__dirname, "front"),
platform: "linux/amd64",
},
name: `${frontRepo.repositoryUrl}:latest`,
triggers: { filesha256: frontDockerfileDigest },
});
// Push Docker images to ECR
new RegistryImage(this, "BackPush", {
name: backImage.name,
triggers: { filesha256: backDockerfileDigest },
});
new RegistryImage(this, "FrontPush", {
name: frontImage.name,
triggers: { filesha256: frontDockerfileDigest },
});
Debug Output
Panic Output
Expected Behaviour
Actual Behaviour
Steps to Reproduce
- The TF provider builds the
docker_image
locally, then pushes it to ECR usingdocker_image_registry
- Lambda tries to pull the
docker_image
from ECR and it fails at first try - Running
tf apply
a second time fixes the issue
It looks like the Docker image isn't yet available in ECR when the Lambda function tries to pull it soon after it has been pushed.
Important Factoids
References
- #0000
garysassano commented
Fixed by referencering docker_image_registry.name
instead of docker_image.name
(even though they are the same) in the AWS Lambda function image_uri
.