[Terraform Support] Error Linking Multiple Layers to a Function

[mildaniel]

AWS SAM CLI support for Terraform is in preview as of today. The team has worked hard to implement a solid minimum viable product (MVP) to get feedback from our community. However, there are a few caveats. Please +1 on individual items to help us prioritize these.

AWS SAM CLI does not currently support linking multiple Lambda Layers to a Lambda Function with Terraform projects. Similary, AWS SAM CLI does not support the use of conditional expressions or coalesce functions to select resources. Doing this will result in a OneLambdaLayerLinkingLimitationException. Follow this issue for updates on this feature.

[TLaue]

+1

[timmyeats]

+1

[moelasmar]

Hello @TLaue, @timmy86125 Could you please share with us how are you using the multiple layers with lambda function in your terraform project?

[TLaue]

Hello @moelasmar,

I am adding at least the following two Lambda layers to more or less every function declaration in Terraform:

I am mostly using the Terraform-AWS-Modules Lambda package (https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws/latest) for to declare my functions - just in case this makes any difference.

[timmyeats]

Hi @moelasmar,

I am currently using two Layers on Lambda

module "main_function" {
  source        = "terraform-aws-modules/lambda/aws"
  version       = "4.7.1"
  function_name = "main-function"
  description   = "Main Function"
  handler       = "main_function.lambda_handler"
  runtime       = "python3.9"
  source_path   = "main_function.py"
  memory_size   = 128
  timeout       = 60
  create_role   = true
  tags          = var.resource_tags

  layers = [
    module.default_layer.lambda_layer_arn,
    module.project_layer.lambda_layer_arn
  ]
}

When I use the following command to execute it, I encounter the following error

sam local invoke --hook-name terraform module.main_function.aws_lambda_function --beta-features

Experimental features are enabled for this session.
Please visit the documentation page for more information on AWS Beta terms https://aws.amazon.com/service-terms/.

Run the Prepare hook to prepare the current application
Execute the prepare hook for the hook "terraform"
Initialize the Terraform application
..................
Create terraform plan and get JSON output
................................................
Generate metadata file
Error. AWS SAM CLI cannot handle a Terraform project that contains a Lambda function linked to more than one Lambda layer. The error caused by [{'Ref': 'ModuleDefaultLayerAwsLambdaLayerVersionThis00AE60F8A'}, {'Ref': ' ModuleＰProjectLayerAwsLambdaLayerVersionThis0258837A2'}] defined layer cannot be linked to the lambda function module.main_function.aws_lambda_function.this.

[hannutho]

+1 Whats the status of this?

[moelasmar]

You can now try to run terraform apply for your project as a workaround for this limitation issue. You do not need to apply the project with every change you made to the project like updating the lambda function code, but you need it if you added a new Lambda function or a new Lambda Layer to your project, and you faced this limitation. This workaround is supported in SAM CLI stating from version 1.83.0.

Please share with us your feedback about this workaround, and if it is a visible solution for you or not. Also, we are looking for your feedback about if you would like that SAM CLI run terraform apply on behalf of you if it detects that the project is not applied. You will be prompted for sure before applying it.

[PavloFesenko]

@moelasmar, I am using multiple Lambda layers with Terraform (via serverless.tf) and it works fine after terraform apply but if I change the code in the Lambda function itself and try running sam local start-lambda --hook-name terraform --warm-containers EAGER, I get the error Lambda functions containers initialization failed because of Can not observe non exist path. Upon further inspection, it looks like the above command correctly creates metadata JSON files but fails to zip the updated Lambda function into a new build file, hence the metadata path points at nothing. Does it look like a new issue or was it known before?