_This issue was originally opened by @ghost as hashicorp/terraform#12593. It was migrated here as part of the provider split. The original body of the issue is below._
Terraform v0.8.9-dev (8173c76a782c3c8fc0e3b295cbf344d237602ede)
resource "aws_lambda_function" "lambda" {
environment = {
variables = {
FOO = "bar"
}
}
publish = true
# everything else required to make the lambda work
}
A new version of the lambda is published whenever any of the lambda configuration changes.
When only the environment variables were changed, a new version of the lambda was not published. $LATEST was updated.
terraform apply
terraform apply
Looking at the code for Terraform's lambda support, and the AWS SDK, it looks like Terraform is relying on the publish option for CreateFunction
calls, but doing nothing about publishing when there's a pure update. UpdateFunctionConfiguration
doesn't have a publish option available. UpdateFunctionCode
does, and Terraform makes use of that, but it'll only do it _before_ calling UpdateFunctionConfiguration
, and if UpdateFunctionCode
is never called, the publish never happens.
I believe that the use of publish in UpdateFunctionCode
may need to be removed in favour of calling PublishVersion
explicitly when both update operations have been completed. Although this is just from reading the code today, so I may be mistaken about exactly what's going on here in terms of timing. But it certainly looks like if you don't cause a code update you don't get a new lambda version, and it also looks like that new version may miss updates to the function configuration if they're also being done in the same Terraform run.
Just hit this one today when trying to only update timeout. $LATEST is updated, but a new version is not created...
Hi @radeksimko, do you know if this is on the roadmap?
Updating the role
also does not cause a publish to take place. This was a bit of a problem when I changed the role name and Terraform deleted the old role without publishing the new Lambda version first, which caused the lambda function to break.
Looks like there has been no response on this for over a year and a half.
Is there any work-around besides having to trivially edit the code to force terraform to publish a new version?
We've just hit this issue as well. Seems pretty fundamental; is there a reason this is particularly difficult to fix?
Hello guys, what workaround are you using? Thanks
No one, still updating anything such as the source code to force the creation of a new version :c
So only a name change will cause the lambda to have the updates forced?
I don't really want to add a random pet to make it work as it makes deployment from non-TF CI/CD pipeline more challenging :\
I've deleted Lambdas just before a deployment to get it to work. Not good.
The fix for this has been merged and will release with version 2.50.0 of the Terraform AWS Provider, later today. Thanks to @nemreid for the implementation. 👍
Please note that this resource will now use a separate PublishVersion
API call, so any restrictive IAM policies for the Terraform run may require updates.
This has been released in version 2.50.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.
For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
Most helpful comment
Hi @radeksimko, do you know if this is on the roadmap?