search

terraform-aws-modules / terraform-aws-lambda

Terraform module, which takes care of a lot of AWS Lambda/serverless tasks (build dependencies, packages, updates, deployments) in countless combinations 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/lambda/aws
Apache License 2.0
886 stars 656 forks source link

lambda_function_container_image after give extra access show errors #477

Closed Johana30 closed 1 year ago

Johana30 commented 1 year ago

Description

I am using a image created with docker, I have upload it to aws and created a Lambda container manually, all works fine.

in prod I have tried to use module "lambda_function_container_image" { source = "terraform-aws-modules/lambda/aws" }

using the same rights than in the test env, it does not work.

"errorMessage": "2023-06-30T14:21:23.837Z 2dd7921c-2c92-42e8-a041-3900aa6fa938 Task timed out after 3.02 seconds"

the program in the docker image is using python3.10.

the lambda container function just need access to s3 and rekognitio. CODE: Main.tf module "lambda_function_container_image" { source = "terraform-aws-modules/lambda/aws"

function_name = var.f-name description = "Terraform"

create_package = false

image_uri = var.image-uri package_type = "Image" }

resource "aws_iam_policy" "Policy" { name = "access-s3" policy = data.aws_iam_policy_document.Lambda-access.json }

resource "aws_iam_role_policy_attachment" "attachment" { role = module.lambda_function_container_image.lambda_function_name policy_arn = aws_iam_policy.Policy.arn

} resource "aws_iam_policy" "Policy2" { name = "rekognition" policy = data.aws_iam_policy_document.rekognition.json }

resource "aws_iam_role_policy_attachment" "attachment2" { role = module.lambda_function_container_image.lambda_function_name policy_arn = aws_iam_policy.Policy2.arn

}

policy.tf data "aws_iam_policy_document" "Lambda" { statement { actions = [ "s3:GetObject", "s3:GetObjectAcl", "s3:GetObjectTagging", "s3:GetObjectVersion", "s3:PutObject"]

resources = ["arn:aws:s3:::${var.rource-policy[0]}",
            "arn:aws:s3:::${var.rource-policy[1]}"]
effect    = "Allow"

} }

data "aws_iam_policy_document" "rekognition" { statement { actions = ["rekognition:DetectFaces"]

resources = ["*"]
effect    = "Allow"

}
}

with the above policies works in the lambda container created by hand, but does not work with the module. Thanks.

Johana30 commented 1 year ago

all working now

github-actions[bot] commented 11 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.