Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_lambda_event_source_mapping does not retry when modifying source mapping #22973

Closed
cecheta opened this issue Feb 6, 2022 · 2 comments · Fixed by #28586
Closed

aws_lambda_event_source_mapping does not retry when modifying source mapping #22973

cecheta opened this issue Feb 6, 2022 · 2 comments · Fixed by #28586
Labels
bug Addresses a defect in current functionality. eventual-consistency Pertains to eventual consistency issues. service/lambda Issues and PRs that pertain to the lambda service.
Milestone
v4.64.0

Comments

@cecheta
Copy link

cecheta commented Feb 6, 2022
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.5

  • provider registry.terraform.io/hashicorp/aws v3.74.0

Affected Resource(s)

  • aws_lambda_event_source_mapping

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_sqs_queue" "queue" {}

resource "aws_lambda_event_source_mapping" "mapping" {
  event_source_arn = aws_sqs_queue.queue.arn
  function_name    = aws_lambda_function.function.arn
}

resource "aws_lambda_function" "function" {
  function_name = "function"
  role          = aws_iam_role.role.arn
  handler       = "index.handler"
  runtime       = "nodejs14.x"
  filename      = "${path.module}/index.zip"
}

resource "aws_iam_role" "role" {
  name = "role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Principal = {
          Service = "lambda.amazonaws.com"
        }
      }
    ]
  })
}

resource "aws_iam_policy" "policy" {
  name = "${aws_lambda_function.function.function_name}-policy"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "sqs:*"
        ]
        Effect   = "Allow"
        Resource = aws_sqs_queue.queue.arn
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "attach" {
  role       = aws_iam_role.role.name
  policy_arn = aws_iam_policy.policy.arn
}

Steps to Reproduce

  1. Apply the above configuration
  2. Rename aws_lambda_function and aws_iam_role
resource "aws_lambda_function" "function" {
  function_name = "function-rename"
  ...
}

resource "aws_iam_role" "role" {
  name = "role-rename"
  ...
}
  1. Apply the configuration

Expected Behavior

The lambda function + IAM role, policy and attachment are destroyed and recreated, and the existing lambda event source mapping is updated to the new lambda function.

Actual Behavior

Error: error updating Lambda Event Source Mapping (742a8399-979c-49d6-b4ad-b75d4443d5c4): InvalidParameterValueException: The provided execution role does not have permissions to call ReceiveMessage on SQS
{
  RespMetadata: {
    StatusCode: 400,
    RequestID: "cf39b3b5-407e-4e56-9f5b-1e8d08250068"
  },
  Message_: "The provided execution role does not have permissions to call ReceiveMessage on SQS",
  Type: "User"
}

  on main.tf line 7, in resource "aws_lambda_event_source_mapping" "mapping":
   7: resource "aws_lambda_event_source_mapping" "mapping" {

Important Factoids

When creating/updating a lambda event source mapping, AWS responds with an error if the lambda function does not have the necessary permissions. When creating a new lambda event source mapping, the AWS provider retries for up to 2 minutes as IAM policy changes can take some time to propagate. However, this retry does not occur when updating an existing lambda event source mapping. Re-running the configuration after a brief time completes successfully.
@github-actions github-actions bot added needs-triage Waiting for first response or review from a maintainer. service/iam Issues and PRs that pertain to the iam service. service/lambda Issues and PRs that pertain to the lambda service. service/sqs Issues and PRs that pertain to the sqs service. labels Feb 6, 2022
@justinretzolk justinretzolk added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Feb 16, 2022
@cecheta cecheta mentioned this issue Dec 27, 2022
Merged
@ewbankkit ewbankkit added eventual-consistency Pertains to eventual consistency issues. and removed service/iam Issues and PRs that pertain to the iam service. service/sqs Issues and PRs that pertain to the sqs service. labels Apr 17, 2023
@github-actions github-actions bot added this to the v4.64.0 milestone Apr 18, 2023
@github-actions
Copy link

This functionality has been released in v4.64.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. eventual-consistency Pertains to eventual consistency issues. service/lambda Issues and PRs that pertain to the lambda service.
Projects
None yet
Milestone
v4.64.0
Development

Successfully merging a pull request may close this issue.

Fix retry when updating aws_lambda_event_source_mapping
3 participants
@ewbankkit @justinretzolk @cecheta