Terraform: DynamoDB stream arn is not available as variable

Created on 17 Jan 2016 · 8Comments · Source: hashicorp/terraform

I tried to set up an AWS Lambda function listening to a DynamoDB stream, but it looks like I'm not able to get the stream's arn.

bug provideaws

Source

drieselliott

Most helpful comment

For those wondering, the update in 0.6.12 allows you to write:

event_source_arn = "${aws_dynamodb_table.TABLE_NAME_HERE.stream_arn}"

wilmoore on 2 Feb 2017

👍12

All 8 comments

@drieselliott hi, this should be abled. Please can you post your terraform config here (without any secret keys) so we can try and test it?

Thanks

stack72 on 18 Jan 2016

The DynamoDB table I'm creating:

resource "aws_dynamodb_table" "user-table" {
  name = "elliodr_user_table"
  read_capacity = 1
  write_capacity = 1
  hash_key = "email"
  attribute {
    name = "email"
    type = "S"
  }
  stream_enabled = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
}

The Lambda function definition:

resource "aws_iam_role" "user-added-lambda-iam-role" {
  name = "elliodr-user-added-lambda-iam-role"
  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_role_policy" "user-added-lambda-iam-role-policy" {
  name = "elliodr-user-added-lambda-iam-role-policy"
  role = "${aws_iam_role.user-added-lambda-iam-role.id}"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "dynamodb:GetRecords",
        "dynamodb:GetShardIterator",
        "dynamodb:DescribeStream",
        "dynamodb:ListStreams"
      ],
      "Effect": "Allow",
      "Resource": "${aws_dynamodb_table.user-table.arn}/*"
    },
    {
      "Action": [
        "logs:CreateLogGroup",
         "logs:CreateLogStream",
         "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:logs:*:*:*"
    }
  ]
}
EOF
}

resource "aws_lambda_function" "user-added-lambda" {
  filename = "target/user-added-lambda.jar"
  function_name = "elliodr-user-added-lambda"
  role = "${aws_iam_role.user-added-lambda-iam-role.arn}"
  handler = "com.xti.awspresentation.demo.UserAddedLambda::handleDynamoChange"
  runtime = "java8"
}

resource "aws_lambda_event_source_mapping" "event_source_mapping" {
  batch_size = 100
  event_source_arn = "DYNAMODB_STREAM_ARN_GOES_HERE"
  enabled = true
  function_name = "${aws_lambda_function.user-added-lambda.arn}"
  starting_position = "LATEST"
}

What expression do I need to enter in place of DYNAMODB_STREAM_ARN_GOES_HERE in order to make the event-source work for the DynamoDB stream I created?

drieselliott on 19 Jan 2016

@drieselliott You are correct - the stream ARN is not exposed via Terraform. I will investigate supporting this and open a pull request soon. Thanks for reporting and providing a test case!

jen20 on 19 Jan 2016

Any updates on this issue?

drieselliott on 2 Feb 2016

This is also blocking me. I wish I could do a PR but i'm not familiar with go _at all_. This is probably very easy to implement.

The "StreamArn" is available in the table creation response under [TableDescription][LatestStreamArn].

https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_CreateTable.html

jonapich on 18 Feb 2016

Closed via 0ce4aed52ad9be15d7f7ef9f70209ffc39a2d398 - available since 0.6.12

Paul

stack72 on 7 Jul 2016

For those wondering, the update in 0.6.12 allows you to write:

event_source_arn = "${aws_dynamodb_table.TABLE_NAME_HERE.stream_arn}"

wilmoore on 2 Feb 2017

👍12

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.