Terraform-provider-aws: Error creating Lambda function: ResourceConflictException: Function already exist

Hi @14mar1983

Thanks for reporting this. Could you provide your configuration?

Also, are you sure that your functions are not already part of you AWS account? to confirm, can you connect to the AWS console & check in the Lambda Service please?

Thanks!

Hey @14mar1983

To do so, first import the lambda function, and then, with your already existing terraform code, you should be able to manage it.

Tell us how it goes!

It was already created that's what the exception is saying, how to deal
with already created lambda role and lambda function.

I think that the import stuff I provided is the answer to this question. Terraform already gives you the way to import & know the background error, if any.

If already created skip and do not fail the running build. can we check using paramter?

As the core would need to be updated to handle this schema option this is not something achievable at the moment sadly.

Is the import answering your initial problem? Please tell me more if there is anything I could help on.

Did this get resolved? I'm having a similar issue. I'm attempting to add permissions to my lambda (the permissions already exist) and I am getting the same exception as @14mar1983. How am I supposed to handle this situation?

Here is some context:

```
resource "aws_lambda_permission" "lambda_connect_permission_stable" {
statement_id = "AllowExecutionFromAmazonConnect-Stable"
action = "lambda:InvokeFunction"
function_name = "${var.function_name}"
principal = "connect.amazonaws.com"
source_account = "${var.connect_account}"
source_arn = "${var.connect_instance_arn}"
qualifier = "stable"
}

Having this same problem:

* aws_lambda_permission.allow_cloudwatch2: [WARN] Error adding new Lambda Permission for arn:aws:lambda:ap-southeast-2:693844451913:function:job_injector, retrying: ResourceConflictException: The statement id (AllowExecutionFromCloudWatch2) provided already exists. Please provide a new statement id, or remove the existing statement.

@bnolan I believe what we did was remove the lambda entirely and then rebuilt allowing terraform to manage the permission. We either that or we went into our terraform state file and edited it manually to include the Permission, I can't quite remember.

I might get the same issue. Terraform could not add two triggers(cloudwatch event) to lambda function. Am I wrong?

resource "aws_lambda_permission" "foo" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action = "lambda:InvokeFunction"
  function_name = "<arn>"
  principal = "events.amazonaws.com"
  source_arn = "foo"
}

resource "aws_lambda_permission" "bar" {
  statement_id  = "AllowExecutionFromCloudWatch"
  action = "lambda:InvokeFunction"
  function_name = "<arn>"
  principal = "events.amazonaws.com"
  source_arn = "bar"
}

* aws_lambda_permission.bar: Error adding new Lambda Permission for <arn>, retrying: ResourceConflictException: The statement id (AllowExecutionFromCloudWatch) provided already exists. Please provide a new statement id, or remove the existing statement.
    status code: 409, request id: <id>

$ tf version
Terraform v0.11.8
+ provider.aws v1.39.0

Just use unique statement_id.

The original post about aws_lambda_function should be resolvable by using terraform import as mentioned previously. The newer posts about aws_lambda_permission should be resolvable by using a unique statement_id in each aws_lambda_permission.

If you have any lingering issues with either, please create a new bug report, filling out all the relevant details from the issue template. 👍

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!