Terraform-provider-aws: Error finding Lambda policy statement: Failed to find statement

Created on 25 Nov 2019 · 10Comments · Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @wubigo as hashicorp/terraform#23480. It was migrated here as a result of the provider split. The original body of the issue is below._

Terraform Version

Terraform v0.12.16
+ provider.aws v2.39.0

Terraform Configuration Files

...

Debug Output

https://gist.github.com/wubigo/0c7afe6822135b917d9fedc2ca5916a3

Crash Output

Expected Behavior

Actual Behavior

Steps to Reproduce

https://learn.hashicorp.com/terraform/aws/lambda-api-gateway

Additional Context

References

serviclambda

Source

hashibot[bot]

👍7

All 10 comments

Same error
2019/12/17 14:39:13 [TRACE] EvalWriteState: writing current state object for aws_cloudwatch_metric_alarm.orange_low_cpu
2019/12/17 14:39:13 [TRACE] [walkRefresh] Exiting eval tree: aws_cloudwatch_metric_alarm.orange_low_cpu
2019/12/17 14:39:13 [TRACE] vertex "aws_cloudwatch_metric_alarm.orange_low_cpu": visit complete
2019/12/17 14:39:13 [TRACE] vertex "aws_cloudwatch_metric_alarm.orange_low_cpu": dynamic subgraph completed successfully
2019/12/17 14:39:13 [TRACE] vertex "aws_cloudwatch_metric_alarm.orange_low_cpu": visit complete
2019/12/17 14:39:13 [TRACE] dag/walk: upstream of "provider.aws (close)" errored, so skipping
2019/12/17 14:39:13 [TRACE] dag/walk: upstream of "root" errored, so skipping

Error: Error finding Lambda policy statement: Failed to find statement "AllowExecutionFromCloudWatch" in Lambda policy:

SantiEich on 17 Dec 2019

Same Error

```
aws_lambda_permission.allow_bucket: Refreshing state... [id=AllowExecutionFromS3Bucket]

Error: Error finding Lambda policy statement: Failed to find statement "AllowExecutionFromS3Bucket" in Lambda policy:

adamo57 on 18 Dec 2019

😕3

Also getting the same error with provider aws_v2.41.0_x4

s4ntos on 23 Dec 2019

could it be a problem that happens after a certain number of lambda / lambda permission ? as I have a several lambda in several workspace (dev/staging/prod) and I only got the error for one

allan-simon on 3 Jan 2020

seems to not be related to the quantity, for some reason the permission was no more present (or was never there in the first place), I worked-around the problem by first manually adding the statement using aws lambda add-permission (check https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html#permissions-resource-serviceinvoke for the syntax for your case)

in my case it was related to cloudwatch calling the lambda (so it does not seem to be specific to APIGW)

allan-simon on 3 Jan 2020

Getting the same error on Terraform v0.12.20 + provider.aws v2.47.0

raymondwclark on 4 Feb 2020

Hi all,

Any idea when this might be resolved or having the PR that is raised above will be merged in?

Alternatively, does anybody have a workaround?

Thanks

dannyburke1 on 13 Feb 2020

@dannyburke1 , have you tried the one of my post above ?

allan-simon on 13 Feb 2020

@dannyburke1 , have you tried the one of my post above ?

Hi Allan - I've not tried this, as these permissions are already set, however running a Terraform plan on some older code is causing me this issue when the plan is running.

dannyburke1 on 13 Feb 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] on 20 Mar 2020

Was this page helpful?

0 / 5 - 0 ratings