Terraform-provider-aws: Updating environment variables does not cause a new AWS Lambda version to be published

Created on 13 Jun 2017  ·  12Comments  ·  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @ghost as hashicorp/terraform#12593. It was migrated here as part of the provider split. The original body of the issue is below._


Terraform Version

Terraform v0.8.9-dev (8173c76a782c3c8fc0e3b295cbf344d237602ede)

Affected Resource(s)

  • aws_lambda_function

Terraform Configuration Files

resource "aws_lambda_function" "lambda" {
  environment = {
    variables = {
      FOO = "bar"
    }
  }

  publish = true

  # everything else required to make the lambda work
}

Expected Behavior

A new version of the lambda is published whenever any of the lambda configuration changes.

Actual Behavior

When only the environment variables were changed, a new version of the lambda was not published. $LATEST was updated.

Steps to Reproduce

  1. Create a lambda with an environment variable and publish = true
  2. terraform apply
  3. Observe that there is a version 1 of the lambda function alongside $LATEST
  4. Modify the environment variable value
  5. terraform apply
  6. Observe that there is no version 2 of the lambda function with the new environment configuration, but that $LATEST has been updated.

Speculation

Looking at the code for Terraform's lambda support, and the AWS SDK, it looks like Terraform is relying on the publish option for CreateFunction calls, but doing nothing about publishing when there's a pure update. UpdateFunctionConfiguration doesn't have a publish option available. UpdateFunctionCode does, and Terraform makes use of that, but it'll only do it _before_ calling UpdateFunctionConfiguration, and if UpdateFunctionCode is never called, the publish never happens.

I believe that the use of publish in UpdateFunctionCode may need to be removed in favour of calling PublishVersion explicitly when both update operations have been completed. Although this is just from reading the code today, so I may be mistaken about exactly what's going on here in terms of timing. But it certainly looks like if you don't cause a code update you don't get a new lambda version, and it also looks like that new version may miss updates to the function configuration if they're also being done in the same Terraform run.

bug serviclambda

Most helpful comment

Hi @radeksimko, do you know if this is on the roadmap?

All 12 comments

Just hit this one today when trying to only update timeout. $LATEST is updated, but a new version is not created...

Hi @radeksimko, do you know if this is on the roadmap?

Updating the role also does not cause a publish to take place. This was a bit of a problem when I changed the role name and Terraform deleted the old role without publishing the new Lambda version first, which caused the lambda function to break.

Looks like there has been no response on this for over a year and a half.

Is there any work-around besides having to trivially edit the code to force terraform to publish a new version?

We've just hit this issue as well. Seems pretty fundamental; is there a reason this is particularly difficult to fix?

Hello guys, what workaround are you using? Thanks

No one, still updating anything such as the source code to force the creation of a new version :c

So only a name change will cause the lambda to have the updates forced?

I don't really want to add a random pet to make it work as it makes deployment from non-TF CI/CD pipeline more challenging :\

I've deleted Lambdas just before a deployment to get it to work. Not good.

The fix for this has been merged and will release with version 2.50.0 of the Terraform AWS Provider, later today. Thanks to @nemreid for the implementation. 👍

Please note that this resource will now use a separate PublishVersion API call, so any restrictive IAM policies for the Terraform run may require updates.

This has been released in version 2.50.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

Was this page helpful?
0 / 5 - 0 ratings