Terraform-provider-aws: Get latest version number of data source aws_lambda_function
Community Note
- Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
To associate a lambda function to CloudFront distribution as a Lambda@Edge (using a cache behiavor's lambda_function_association block), it is required to provide a __numbered version__. The qualifier $LATEST will (unfortunately) not work.
At the moment, that data source allow to pass a qualifier as an argument, but its qualified_arn attribute will reference that exact same qualifier, not necessarily a version number, unless the attribute itself is a version number, but that requires that version number to be known.
From what I understand, the AWS SDK does not provide a built-in function to get the last published version directly, but as a workaround, it can be retrieved using the pagination API, such as shown in the resource aws_lambda_function:
https://github.com/terraform-providers/terraform-provider-aws/blob/v2.27.0/aws/resource_aws_lambda_function.go#L583
New or Affected Resource(s)
- data-source aws_lambda_function
Proposal: add new attributes to the data source aws_lambda_function to access the latest numbered version (and/or even better: the fully qualified latest numbered version?)
- latest_version_number (the actual version number only)
- latest_version_qualified_arn (the fully qualified latest numbered version of the function)
(better names can probably be found)
Potential Terraform Configuration
This is an example how what would be possible with such a feature:
data "aws_lambda_function" "example_lambda" {
function_name = "example"
qualifier = "$LATEST"
}
resource "aws_cloudfront_distribution" "example_distribution" {
# ...
default_cache_behavior {
# ...
lambda_function_association {
event_type = "viewer-request"
# The following ARN MUST BE a numbered version
# Option 1: format the ARN manually
lambda_arn = format("%s:%s", data.aws_lambda_function.example_lambda.arn, data.aws_lambda_function.example_lambda.latest_version_number)
# Option 2: use a fully qualified ARN if provided
lambda_arn = data.aws_lambda_function.example_lambda.latest_version_qualified_arn
}
}
}
References
- https://github.com/terraform-providers/terraform-provider-aws/issues/8782 (I initially posted a comment on that issue)
- https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-requirements-limits.html
If the change can be resumed to something as simple as copy-pasting the behavior of the resource to the data source, I would be more than happy to create a PR for it myself.
I would like to get some feedback on the proposal before starting, though.
And since I have never written a single line of Go code in my life before, I would need some guidance regarding contribution and especially testing, if that is possible?
ghost
All 6 comments
(Hello, I am deleting this account in favour of @flo-sch, will keep watching it from there.)
@ddriddle I saw that your PR has been merged, is that a workaround that can already be used?
ghost
on 24 Apr 2020
@flo-sch Yes, setting an alias called latest in Terraform code works fine as a workaround for CloudFront.
ddriddle
on 27 Apr 2020
Has there been any progress on the data resource for this? I'm keen not to hardcode the version number if I can help it.
brucedvgw
on 19 Jun 2020
This seems related to: https://github.com/terraform-providers/terraform-provider-aws/issues/11787.
I attempted the suggest workarounds in https://github.com/terraform-providers/terraform-provider-aws/issues/8782 but none of them seem to work since I can't control the lambda and do not publish it.
Has anybody found a workaround if you're not publishing the lambda using data either on aws_lambda_alias or aws_lambda_function?
nkoterba
on 25 Aug 2020
I could really do with a fix for this issue too, although as I do publish the Lambda functions via another Terraform run, I am able to extract the latest version number that was deployed by Terraform using the following code (edited to remove some specifics).
data "terraform_remote_state" "lambda" {
backend = "s3"
config = {
encrypt = true
bucket = "terraform-state"
key = "${local.vpc_tags["Account"]}/compute/lambda/global.tfstate"
region = "eu-west-2"
role_arn = "arn:aws:iam::123456789012:role/terraform"
}
}
data "aws_lambda_function" "cloudfront" {
provider = aws.cf_cert_region # us-east-1
function_name = "function_name"
qualifier = data.terraform_remote_state.lambda.outputs.lambda_details["function_name"].version
}
I hope this helps someone until this fix gets landed.
Hasgaroth
on 21 Oct 2020
I could really do with a fix for this issue too, although as I do publish the Lambda functions via another Terraform run, I am able to extract the latest version number that was deployed by Terraform using the following code (edited to remove some specifics).
data "terraform_remote_state" "lambda" { backend = "s3" config = { encrypt = true bucket = "terraform-state" key = "${local.vpc_tags["Account"]}/compute/lambda/global.tfstate" region = "eu-west-2" role_arn = "arn:aws:iam::123456789012:role/terraform" } } data "aws_lambda_function" "cloudfront" { provider = aws.cf_cert_region # us-east-1 function_name = "function_name" qualifier = data.terraform_remote_state.lambda.outputs.lambda_details["function_name"].version }I hope this helps someone until this fix gets landed.
Thank you! It works fine for me...
I just had to include an output after the lambda resource is created
pzanuto
on 25 Nov 2020
Related issues
hashibot
路
3Comments
EmmN
路
3Comments
hashibot
路
3Comments
hashibot
路
3Comments
ccslamstack
路
3Comments
Most helpful comment
@flo-sch Yes, setting an alias called latest in Terraform code works fine as a workaround for CloudFront.