terraform-aws-modules/terraform-aws-lambda

s3_existing_package not working as expected

ffleandro opened this issue · 4 comments

ffleandro commented

Description

local_existing_package updates the lambda correctly, but s3_existing_package doesn't.

In my terraform scripts I manually upload the lambda code into an s3 bucket using:

module "s3_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = ">= 3.6.0"

  bucket        = "my-bucket-name"
  acl           = "private"
  force_destroy = true

  # S3 bucket-level Public Access Block configuration
  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

resource "aws_s3_object" "app_dist_zip" {
  depends_on = [module.s3_bucket]
  bucket = module.s3_bucket.s3_bucket_id
  key    = local.app_package_name
  acl    = "private"
  source = "../device-service/dist/${local.app_package_name}"
  etag = filemd5("../device-service/dist/${local.app_package_name}")
  source_hash = filemd5("../device-service/dist/${local.app_package_name}")
}

I've confirmed that the s3 object is properly updated every time the md5 of the zip file changes.

However, the lambda never updates when this object changes, even if I run a few times sequentially.
Initially I thought the lambda was using the source_hash of the file that exists on S3 before the upload so a second attempt would fix this since now the s3 object is already online.

This is my lambda example:

module "lambda_service" {
  source  = "terraform-aws-modules/lambda/aws"
  version = ">= 4.7.2"
  depends_on = [module.s3_bucket]

  function_name = "my-lambda-name"
  description   = "My Lambda Description"
  handler       = "index.httpHandler"
  runtime       = "nodejs16.x"
  publish       = true

  create_package = false
  hash_extra = aws_s3_object.app_dist_zip.source_hash
  s3_existing_package = {
    bucket = module.s3_bucket.s3_bucket_id
    key    = aws_s3_object.app_dist_zip.id
  }
  #  local_existing_package = "../device-service/dist/${local.app_package_name}"


  attach_tracing_policy    = true
  attach_policy_statements = true

  policy_statements = {
    dynamodb = {
      (...)
    }
  }

  allowed_triggers = {
    AllowExecutionFromAPIGateway = {
      service    = "apigateway"
      source_arn = "${module.api_gateway.apigatewayv2_api_execution_arn}/*/*/*"
    }
  }

  environment_variables = {
    (...)
  }
}
  • I have searched the open/closed issues and my issue is not listed.

Versions

  • Module version [Required]: 4.7.2

  • Terraform version:

Terraform v1.3.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.50.0
+ provider registry.terraform.io/hashicorp/external v2.2.3
+ provider registry.terraform.io/hashicorp/local v2.3.0
+ provider registry.terraform.io/hashicorp/null v3.2.1

Expected behavior

module.lambda_service.lambda_function_source_code_hash would change everytime a new file is uploaded to the s3 bucket.

Actual behavior

module.lambda_service.lambda_function_source_code_hash doesn't change if a new file is uploaded to the s3 bucket.

Untanky commented

Having the same issue 👍🏻