Terraform: aws_s3_bucket_notification - lambda - append new instead of deleting all previous

Created on 31 Jan 2017 · 3Comments · Source: hashicorp/terraform

Terraform Version

Terraform v0.8.5

Affected Resource(s)

aws_instance

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "aws_s3_bucket_notification" "LambdaS3Notification" {
    bucket = "${var.LogBucket}"
    lambda_function = [
        {
                id = "${var.customer}-LambdaFunction"
                lambda_function_arn = "${aws_lambda_function.LambdaFunction.arn}"
                events = ["s3:ObjectCreated:*"]
                filter_suffix = "gz"
        }
    ]
}

Debug Output

N/A

Panic Output

N/A

Expected Behavior

It should appends the added lambda functions to the existing S3 Event notification set - in this case, the existing set of lambda functions.

Actual Behavior

It deletes all existing lambda functions, and adds the new one. It seems to treat the item as a single value, instead of a list which contains multiple items.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:
terraform apply -parallelism=1

Important Factoids

N/A - full access, admin account.

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
I found this which seems semi-related: https://github.com/hashicorp/terraform/issues/6934
However, that's more about the end-user creating multiple functions/resources as events.

enhancement provideaws

Source

ventz

👍2

Most helpful comment

@dennis-bsi Saw the doc example (that's where I thought of adding it as a list thinking it would append), but I can't figure out a way not to replace existing resources.

Here's the use case:
For larger providers, they use one S3 bucket to keep the CDN logs from each customer. When a customer has multiple CDN points, they all go to one bucket. We need to add a different lambda trigger for each CDN.

When we add an event notification, we want to make sure that it's added and not replaced. It's almost treating it like a key=list value, instead of of a key=list-of-pair-of-values.

The specific use case for this involves the WAF, which needs one lambda notification for each "protection zone". That is, clients want one set of "properties" for one CDN and another set for a different one. (Ex: they want to block 5 attempts on one CDN from one set of "bad IPs", vs "30" on another set from the same bad IPs from the total pool of logs aggregated between the two).

ventz on 31 Jan 2017

👍3

All 3 comments

The s3_bucket_notification resource handles all the bucket notifications for a single bucket. If you define multiples of this resource type, each will overwrite the other. Instead you should only have a single s3_bucket_notification resource per s3_bucket, and list the multiple events inside the resource. A good example of this is in the documentation for the Trigger Multiple Lambda Functions example.

denniswebb on 31 Jan 2017

👍1

@dennis-bsi Saw the doc example (that's where I thought of adding it as a list thinking it would append), but I can't figure out a way not to replace existing resources.

When we add an event notification, we want to make sure that it's added and not replaced. It's almost treating it like a key=list value, instead of of a key=list-of-pair-of-values.

ventz on 31 Jan 2017

👍3

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.