Closed bbernays closed 5 years ago
@bbernays I believe the reason this is occurring is because you have the source_code_hash
present in your lambda layer configuration.
From the AWS docs on object versioning:
Unique version IDs are randomly generated, Unicode, UTF-8 encoded, URL-ready, opaque strings that are at most 1024 bytes long.
A lambda layer resource in AWS has a source code hash that contains an sha256 hash of the actual source code. Likely what you're seeing is that the base64sha256 hash of the version id (a random string) is different than what AWS is returning as the source_code_hash of the lambda layer, so it shows a diff every time.
I think you should be able to fix the issue (and still retain the behavior you want) by removing the source_code_hash
line from your terraform. The lambda layer will still update whenever the s3 object version_id changes as you are passing that in via s3_object_version
@acburdine- Thank you for that!
Do you think that theaws_lambda_layer_version
could be updated to also update on s3_object_version
changing? This behavior would be very similar to how the lambda resource also works where it looks for diffs in the s3 configs?
Does it not already? I thought it did. If not that’s something I must have overlooked implementing it initially, and can definitely be added
No it doesn't. That's why I was trying to pass the s3_object_version
(as a hash) to the source_code_hash
cause I didn't have the source code as it is in s3 and the data source for s3 doesn't automatically download zip files
@bbernays I tested this locally and unfortunately couldn't reproduce what you're seeing. I added an acceptance test that tested whether or not a changing version_id would update the lambda layer, using this configuration:
resource "aws_s3_bucket" "lambda_bucket" {
bucket = "<random name>"
versioning {
enabled = true
}
}
resource "aws_s3_bucket_object" "lambda_code" {
bucket = "${aws_s3_bucket.lambda_bucket.id}"
key = "lambdatest.zip"
source = "<source>"
etag = "${md5(file("<source>"))}"
}
resource "aws_lambda_layer_version" "lambda_layer_test" {
s3_bucket = "${aws_s3_bucket.lambda_bucket.id}"
s3_key = "${aws_s3_bucket_object.lambda_code.id}"
s3_object_version = "${aws_s3_bucket_object.lambda_code.version_id}"
layer_name = "<random name>"
}
Changing the "source" of the s3_bucket object correctly caused the object and the layer version to be updated. I'd imagine there's something else going on that's causing you to not see your layer updating. Are you sure versioning is enabled on the s3 bucket that your lambda layer code is in?
Closing due to lack of response to the above. If there is something else expected here, please do reach out.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Community Note
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
Panic Output
Expected Behavior
This should only be creating a new Lambda Layer Version when the Version_ ID changes
Actual Behavior
A new version is created every time that
terraform apply
is runSteps to Reproduce
terraform apply
Important Factoids
References