Terraform apply fails with error creating Lambda Event Source Mapping

Question

Terraform apply fails with error creating Lambda Event Source Mapping

ofhouse opened this issue 3 years ago · 6 comments

When setting up a new Next.js app with 0.9.0, the first apply may fail with the following error message:

Error: error creating Lambda Event Source Mapping (arn:aws:sqs:eu-central-1:430654418481:terraform-next-js-existing-cloudfront20210615141542329600000006): InvalidParameterValueException: The provided execution role does not have permissions to call ReceiveMessage on SQS
│ {
│   RespMetadata: {
│     StatusCode: 400,
│     RequestID: "a08ca594-80e3-4db8-8176-dc140f31565a"
│   },
│   Message_: "The provided execution role does not have permissions to call ReceiveMessage on SQS",
│   Type: "User"
│ }
│ 
│   with module.tf_next.module.statics_deploy.module.deploy_trigger.aws_lambda_event_source_mapping.this["sqs_source"],
│   on .terraform/modules/tf_next.statics_deploy.deploy_trigger/main.tf line 211, in resource "aws_lambda_event_source_mapping" "this":
│  211: resource "aws_lambda_event_source_mapping" "this" {

It seems like there is some race condition when the policy for the Lambda is created.

Workaround

You should be able to runterraform apply again and the stack creation would progreed without this error.

Answer 1 · 2021-06-19T19:42:46.000Z

Another error that can pop up:

╷
│ Error: error putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
│       status code: 400, request id: 1ZS0PHX7B4ZBZ8M8, host id: kkKv9mk5ouVUJxrmXYs0Wu2xIJ3YFNfib0yyC/8XvhkYfBVPoETA+HPzUP/LAuNrMcqdOX/IDiQ=
│ 
│   with module.tf_next.module.statics_deploy.aws_s3_bucket_notification.on_create,
│   on ../../modules/statics-deploy/main.tf line 22, in resource "aws_s3_bucket_notification" "on_create":
│   22: resource "aws_s3_bucket_notification" "on_create" {
│ 
╵

Answer 2 · 2021-08-12T17:38:26.000Z

Using depends_on = [ aws_iam_role_policy_attachment.EXAMPLE ] doesn't seem to fix the problem either.

Answer 3 · 2021-08-12T18:07:39.000Z

Yes, the problem is probably caused because we use SQS and S3 als event source for a single Lambda.
To solve this issue the S3 workflow should also be connected to the SQS queue so that the Lambda is only invoked by SQS.

Answer 4 · 2022-02-12T18:59:31.000Z

I had a similar issue. I was using pnpm, do I didn't use yarn or npm at all.
The worst part is that my packages use workspace dependencies, hence unresolvable by yarn nor npm. (pnpm workspace..)

Is it possible to not rely on yarn or npm ? I saw the code source underneath and it seems like next build function is using yarn or npm under the hood with a weird detection method (scrapping files, looking for a package-lock.json or yarn.lock)

Answer 5 · 2022-08-24T18:19:26.000Z

i can confirm this bug on 1.0.0-canary.5 and the workaround is working fine.
thanks.

Answer 6 · 2022-10-03T18:02:16.000Z

Another error that can pop up:

╷
│ Error: error putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
│       status code: 400, request id: 1ZS0PHX7B4ZBZ8M8, host id: kkKv9mk5ouVUJxrmXYs0Wu2xIJ3YFNfib0yyC/8XvhkYfBVPoETA+HPzUP/LAuNrMcqdOX/IDiQ=
│ 
│   with module.tf_next.module.statics_deploy.aws_s3_bucket_notification.on_create,
│   on ../../modules/statics-deploy/main.tf line 22, in resource "aws_s3_bucket_notification" "on_create":
│   22: resource "aws_s3_bucket_notification" "on_create" {
│ 
╵

So what is the workaround for this issue?
I'm seeing the same while trying to configure an event notification with sns topic.