archive_file + aws_lambda_function - am I doing it right?

[shorn....@gmail.com]

Using TF 0.7.1 on a Win 10 machine.

My setup looks like this:

resource "archive_file" "cloudwatch-sumo-lambda-archive" {

  source_file = "${var.lambda_src_dir}/cloudwatch/cloudwatchSumologic.js"

  output_path = "${var.lambda_gen_dir}/cloudwatchSumologic.zip"

  type = "zip"

}

resource "aws_lambda_function" "cloudwatch-sumo-lambda" {

  function_name = "cloudwatch-sumo-lambda"

  description = "managed by source project"

  filename = "${archive_file.cloudwatch-sumo-lambda-archive.output_path}"

  source_code_hash = "${archive_file.cloudwatch-sumo-lambda-archive.output_sha}"

  handler = "cloudwatchSumologic.handler"

  

  ...

}

var.lambda_src_dir points to a sibling directory containing the javascript files for my various lambda functions (under source control).

var.lambda_gen_dir points to an external directory that is not under source control.

Before TF 0.7.1, my wrapper scripts would do the zipping of the js files into archive files in the lambda_gen_dir.

My process was to edit a javascript file, re-run my wrapper script, which would update the zip file and run the TF apply command and the lambda would be updated in AWS.

At first, I thought the above setup would negate the need for my wrapper scripts to do the archiving process and I could leave it to TF.

It works exactly right the first time, but if I then edit the javascript source code and re-run TF apply, it doesn't update the source in the zip file.

Weirdly, TF says it's applying a change to the lambda, but of course the lambda doesn't actually change (since the zip archive didn't actually change).

I can make the whole process work by editing the code, deleting the zip file, then running apply, but that just seems weird.

Is the current behaviour intended?

[James McKay]

I've been trying to adopt a similar approach here, and I've run into a couple of problems myself.

First of all, if your archive doesn't already exist, terraform plan will throw an error in the aws_lambda_function resource. Secondly, if you make changes to your script, terraform plan and terraform apply will only report that the archive itself needs to be changed; they won't report any changes to the lambda function.

This is because Terraform doesn't update the zip archive when you run terraform plan, but only when you run terraform apply. On the other hand, it looks at the generated zip archive when deciding whether or not to update the lambda function.

The second case can be fixed by running terraform apply twice. In the first case, you need to run terraform apply on the archive file as follows:

terraform apply -target=archive_file.cloudwatch-sumo-lambda-archive

I've tried adding a depends_on directive in the lambda to the archive file, but that only affects the order in which resources are generated. It doesn't cause changes to the zip file to invalidate the lambda, which is what we really need.

I'd be interested to know how other people are generating AWS Lambda resources in Terraform. Has anyone got any suggestions here?