[Bug]: aws_lambda_function unable to create a new lambda function

[shasi24]

Terraform Core Version

1.4.4

AWS Provider Version

4.62.0

Affected Resource(s)

aws_lambda_function

Expected Behavior

To create a new lambda function

Actual Behavior

Fails over "operation error lambda createfunction decomposing request unsupported protocol scheme"

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Used provider example to deploy. (used to work with version 4.50.0 without any issues)

resource "aws_lambda_function" "lambda" {
  function_name = "my_lambda"
  role          = "arn:aws:iam::XXXXXXXXXXXX:role/my_role"
  image_uri     = "${local.mgmt_account_id}.dkr.ecr.${var.aws_region}.amazonaws.com/${local.image_and_tag}"
  package_type  = "Image"
  timeout       = 300
  memory_size   = 10240

  file_system_config {
    arn              = "XXXXXXXXXXXXXXXX"
    local_mount_path = "/mnt/lambda"
  }
  vpc_config {
    subnet_ids         = [var.private_subnet_id]
    security_group_ids = [var.security_group_id]
  }

  tags = var.default_tags
}

Steps to Reproduce

Use terraform apply with the provider version of 4.62.0

Debug Output

I'm unable to post any image or original debug output. so I will write the actual error

Error: creating lambda function XXXXX: operation error Lambda: CreateFunction , decomposing request: unsupporrted protocol scheme ""

Panic Output

No response

Important Factoids

After lots of debugging I decided to downgrade back to version 4.50.0 and everything works as expected without any change.

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[trevorrea]

Can you post what image_uri = "${local.mgmt_account_id}.dkr.ecr.${var.aws_region}.amazonaws.com/${local.image_and_tag}" is being evaluated to please? Feel free to blank out the account ID.

From the info you've given I'd guess this is being evaluated to an incorrect value though what you have does look to match what it should be.

[shasi24]

I won't be around my pc in the next couple days.. but I can guarantee 100% all the parameters are correct. As i said i tried the same configuration with version 4.50.0 and it worked just fine.

[shasi24]

Hello again, So it took me a while but Im here now. As I said tried successfully to deploy with older version of the AWS provider (4.50.0) but when I try with newer version (5.7.0) with the exact same configuration I`m getting the error I mentioned above. ** For both cases I'm using Lambda VPC endpoint !

here are some screenshots (All the marked info is 100% validated) That's my terraform code:

That's my terraform plan for version 4.50.0 ( WHICH IS WORKING)

That's my terraform plan for version 5.7.0

That's the error I'm getting (tried to destroy the resources after creating it with provider version 4.50.0 - but the same error pops when trying to destroy the function

[trevorrea]

Please don't screenshot code and error messages. Use plain text. Also why blank out the end of the image URI completely? That's the bit we actually need to see.

[shasi24]

I'm not able to copy the text, only takes photos of it unfortunately. URI is validated. And also not the issue.

[trevorrea]

Well nobody going to be able to help you then. The next step would be to provide full debug logs as per https://github.com/hashicorp/terraform-provider-aws/issues/new?assignees=&labels=bug&projects=&template=00_bug_report.yml&title=%5BBug%5D%3A+

[shasi24]

@trevorrea Terraform version: 1.5.2 AWS Provider version: 5.7.0

Adding plain text: error message:

2023-07-27T06:27:58.5362 [DEBUG] provider.terraform-provider-aws_V5.7.0 X5: request failed with unretryable error decomposing request: unsupported protocol scheme "": @caller=github.com/hashicorp/aws-sdk-g
-base/v2@v2.0.0-beta.31/logging/logger.go:39 @module=aws tf mux provider=*schema.GRPCProviderserver tf_req_id=454ee8f8-dclb-6960-b4a9-00bc9713a27e tf_ provider addr=registry.terraform.i0/hashicorp/aws tf
source _type-aws lambda _function tf_rpc-ReadResource timestamp=2023-07-27T06:27:58.536Z
2023-07-27T06:27:58.537Z [ERROR] provider-terraform-provider-aws_v5.7.0 x5: Response contains error diagnostic: diagnostic severity=ERROR tf_ resource type aws lambda_ function tf_rpc ReadResource @caller=gi
thub.com/hashicorp/terraform.plugin-go@v0.17/tfprotov05/internal/diag/diaonosties. go:58 @module=sdk .proto diagnostic detail= dlagnostic summary=" reading Lambda Function (test): operation error Lambda: Get
tf_ proto -version=5 3 tf provider addr=registry.terraform.io/hashicorp/aws tf_req id-454ee8f8-dclb-6960-b4a9-00bc9713a27e timestamp=2023-07-27T06:27:58.536Z
function, decompos ing request: unsupported protocol scheme
2023-07-27T06:27:58.537Z [ERROR] vertex "aws_lambda_function.condor_query" error: reading Lambda Function (test): operation error Lambda: GetFunction, decomposing request: unsupported protocol scheme ""
6:27:58.5362
2023-07 27T06:27:58.537Z [ERROR] vertex "aws_lambda_function.condor_query (expand)" error: reading Lambda Function (test): operation error Lambda: GetFunction, decomposing request: unsupported protocol sch
me

    Error: reading Lambda Function (test): operation error Lambda: GetFunction, decomposing request: unsupported protocol scheme ""

    with aws_lambda_function.condor.query
    function" "condor _query":
    on main.tf line 49, in resource "aws_lambda_function "condor_query"
    49: resource "aws_ lambda_function" "condor_query"

My tf code:

resource "aws_lambda_function" "condor_query" {
    function_name = "test"
    role          = "arn:aws:iam::222222222222:role/my-lambda-role"
    image_uri     = "111111111111.dkr.ecr.us-east-2.amazonaws.com/my-lambda-function:0.1"
    package_type  = "Image"
    timeout       = 300
    memory_size   = 10240
}

[shasi24]

@trevorrea anything?

[trevorrea]

Yeah your image URI is invalid. You need to specify a tag on it e.g. 111111111111.dkr.ecr.us-east-2.amazonaws.com/my-lambda-function:1.0.1

[shasi24]

@trevorrea Im sorry, that was my mistake. the tag is missing from the code - as it was a variable. fixed it. so the problem still exists.

[trevorrea]

I have no idea then. I don't work for Hashicorp. I'm just another user. I still think it's something wrong with your code as I have the exact same thing working with no issues. I'm unsubscribing from this thread.

[shasi24]

@trevorrea As I said, with older provider version (e.g. 4.50.0) everything working great.