Lambda issues on terraform apply

soniCaH commented 4 years ago

Environment:

macOS 10.15.1

~/S/r/aws-lambda-short-url ❯❯❯ terraform version
Terraform v0.12.16
+ provider.archive v1.3.0
+ provider.aws v2.40.0

Output:

aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [10s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_lambda: Still creating... [10s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [20s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_lambda: Still creating... [20s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_lambda: Still creating... [30s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [30s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_lambda: Still creating... [40s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [40s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_lambda: Still creating... [50s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [50s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m0s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m10s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m20s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m30s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m40s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [1m50s elapsed]
aws_lambda_permission.short_url_lambda_permssion_apply_security_headers_edgelambda: Still creating... [2m0s elapsed]

Error: Error adding new Lambda Permission for arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers: ResourceConflictException: The statement id (AllowExecutionFromCloudFront) provided already exists. Please provide a new statement id, or remove the existing statement.
    status code: 409, request id: def239df-9a3f-4423-9614-869e6a7796c1

  on short_urls.tf line 274, in resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_edgelambda":
 274: resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_edgelambda" {

Error: Error adding new Lambda Permission for arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers: ResourceConflictException: The statement id (AllowExecutionFromCloudFront2) provided already exists. Please provide a new statement id, or remove the existing statement.
    status code: 409, request id: 4e0e8db7-6d91-4c52-a8fb-da021db57f78

  on short_urls.tf line 282, in resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_lambda":
 282: resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_lambda" {

Error: error creating CloudFront Distribution: InvalidLambdaFunctionAssociation: The function has a runtime that is not supported by Lambda@Edge: nodejs12.x Function: arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers:1 Supported runtimes: [nodejs8.10, nodejs10.x, nodejs6.10, python3.7]
    status code: 400, request id: b5634b38-11ce-11ea-be81-57e6b7cd19b5

  on short_urls.tf line 336, in resource "aws_cloudfront_distribution" "short_urls_cloudfront":
 336: resource "aws_cloudfront_distribution" "short_urls_cloudfront" {

jamesridgway commented 4 years ago

HI @soniCaH,

I'm struggling to reproduce the issue. Did this happen the first time you ran terraform apply or have you run the command multiple times due to encountering problems?

If you delete the apply_security_headers lambda function and re-run apply does it still error?

soniCaH commented 4 years ago

I did run it a few times to fix some other errors. Between each attempt, I deleted all policies/group/permission/s3 bucket/dns record/... (if I forgot something, it fails sooner).

I just tried again, same error unfortunately.


Error: Error adding new Lambda Permission for arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers: ResourceConflictException: The statement id (AllowExecutionFromCloudFront) provided already exists. Please provide a new statement id, or remove the existing statement.
    status code: 409, request id: c4764840-7c0e-4741-9f92-7ace93adda4b

  on short_urls.tf line 274, in resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_edgelambda":
 274: resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_edgelambda" {

Error: Error adding new Lambda Permission for arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers: ResourceConflictException: The statement id (AllowExecutionFromCloudFront2) provided already exists. Please provide a new statement id, or remove the existing statement.
    status code: 409, request id: 0c7fe3d0-338d-415f-b63b-c057a6e3e92c

  on short_urls.tf line 282, in resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_lambda":
 282: resource "aws_lambda_permission" "short_url_lambda_permssion_apply_security_headers_lambda" {

Error: error creating CloudFront Distribution: InvalidLambdaFunctionAssociation: The function has a runtime that is not supported by Lambda@Edge: nodejs12.x Function: arn:aws:lambda:us-east-1:740550993546:function:apply_security_headers:1 Supported runtimes: [nodejs8.10, nodejs10.x, nodejs6.10, python3.7]
    status code: 400, request id: 34c8e41c-1945-11ea-9b28-1186190c1107

  on short_urls.tf line 336, in resource "aws_cloudfront_distribution" "short_urls_cloudfront":
 336: resource "aws_cloudfront_distribution" "short_urls_cloudfront" {

davidvasandani commented 4 years ago

@soniCaH which runtime are you using? While Lambda does support the 12.x runtime, Lambda@Edge doesn't yet.

soniCaH commented 4 years ago

I tried node 8 - 10 and 12 (default) via nvm, still same output

davide-sergi commented 3 years ago

You need to use lifecycle policy for your aws_lambda_permission resource, and then replace statement_id with statement_id_prefix

jamesridgway / aws-lambda-short-url

Lambda issues on terraform apply #3