hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.82k stars 9.17k forks source link

[Bug]: Switching between "NONE" and "AWS_IAM" for aws_lambda_function_url does not update actual resources #28817

Open bactdam opened 1 year ago

bactdam commented 1 year ago

Terraform Core Version

1.2.2

AWS Provider Version

4.0

Affected Resource(s)

aws_lambda_function_url

Expected Behavior

Switching between NONE and AWS_IAM should update the Lamda function's resource-based policy statement in AWS accordingly.

Actual Behavior

When switching from NONE to AWS_IAM and vice versa, the Lambda function in AWS does NOT update its resource-based policy statement.

Relevant Error/Panic Output Snippet

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lambda_function_url.private_function_url will be updated in-place
  ~ resource "aws_lambda_function_url" "private_function_url" {
      ~ authorization_type = "AWS_IAM" -> "NONE"
        id                 = "abc-private-lambda"
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.
aws_lambda_function_url.private_function_url: Modifying... [id=abc-private-lambda]
aws_lambda_function_url.private_function_url: Modifications complete after 0s [id=abc-private-lambda]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Terraform Configuration Files

data "archive_file" "private_function_file" {
  type             = "zip"
  source_file      = "${path.module}/src/dist/private.js"
  output_file_mode = "0666"
  output_path      = "${path.module}/src/dist/private.zip"
}

resource "aws_lambda_function" "private_lambda" {
  filename         = data.archive_file.private_function_file.output_path
  function_name    = "abc-private-lambda"
  role             = aws_iam_role.iam_for_private_lambda.arn
  handler          = "private.handler"
  source_code_hash = data.archive_file.private_function_file.output_base64sha256
  runtime          = "nodejs16.x"
}

resource "aws_lambda_function_url" "private_function_url" {
  function_name      = aws_lambda_function.private_lambda.function_name
  authorization_type = "NONE"
}

Steps to Reproduce

  1. Apply the configuration above.
  2. Change the authorization_type of aws_lambda_function_url resource to AWS_IAM
  3. Re-apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_url

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue