-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
terraform fails to modify lambda function, but performing same action succeeds in AWS console #2826
Comments
I actually destroyed and recreated the function, it only occurs when both the policy attachment and vpc configuration happen at the same time. However, it works correctly when all the resources are created at once. I have had issues in the past with AWS reporting an object as created but being unable to use it. Maybe there is a timing issue at play here as well. |
Hi! Thanks for opening an issue about this. It looks like we have an eventual consistency issue to me - could you try adding a null resource with a local provisioner of |
Yes, it took a |
Ensure to set permissions in the AWS role: |
This particular IAM eventual consistency issue ( For anyone who thinks they've come across this in the future, please open a new issue with all the issue template details and we'll investigate further, thanks! |
I've faced the same issue as OP with the:
I have been using a custom IAM policy (not the built-in AWSLambdaBasicExecutionRole), and on a first attempt when I had started from scratch it has always failed with
The following change has helped me:
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Background
I created the lambda function and other resources. I then wanted to update the lambda function to run inside the VPC. I added the policy attachment above as well as the
vpc_config
. But I got the above error when I ranterraform apply.
So I went into the AWS console and set the subnets and security group ids from the lambda function's manage page. I then ranterraform apply
again, and no changes were made.Terraform Version
Affected Resource(s)
Affected resources:
Terraform Configuration Files
Debug Output
I don't have debug output, as when I undo the change from the console, terraform can successfully re-apply the change. It's possible this error only occurs when the role policy attachment and the lambda function modification happen in the same run.
Expected Behavior
Actual Behavior
Steps to Reproduce
Steps:
vpc_config
terraform apply
and verify that the function is created.vpc_config
The text was updated successfully, but these errors were encountered: