Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Only do first creation but ignore changes to lambda & layer #188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
schealex opened this issue Aug 4, 2021 · 3 comments
Closed

Only do first creation but ignore changes to lambda & layer #188

schealex opened this issue Aug 4, 2021 · 3 comments

Comments

@schealex
Copy link

schealex commented Aug 4, 2021

Is your request related to a new offering from AWS?

no

Is your request related to a problem? Please describe.

I'm creating the lambda and it's main layer through terraform but want to update it via aws cli in ci/cd. Once a pipeline is done. Terraform wants to change back the layer version of the function. Is there a way to prevent this?
Also what is the best practice here? Is there a better way to update the lambda and it's layer via seperate ci/cd than aws cli?

I don't want to have to run our whole infrastructure code in terraform for each code change in any of the lambda's.

Describe the solution you'd like.

Make the module able to do the first create but ignore any changes afterwards.

Additional context

####################################################
# S3 Bucket
####################################################

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket        = "devops-${var.environment}-${var.function_name}"
  acl    = "private"

  force_destroy = true
}

resource "aws_s3_bucket_object" "lambda" {
  bucket = module.s3_bucket.s3_bucket_id
  key    = "${var.function_name}-main.zip"
  source = "${path.module}/dummy_lambda.zip"

  lifecycle {
    ignore_changes = [
      tags_all
    ]
  }
}

resource "aws_s3_bucket_object" "layer" {
  bucket = module.s3_bucket.s3_bucket_id
  key    = "${var.function_name}-layer.zip"
  source = "${path.module}/dummy_layer.zip"

  lifecycle {
    ignore_changes = [
      tags_all
    ]
  }
}

####################################################
# Security Group
####################################################

module "lambda_security_group" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"

  name        = "lambda-sg-${var.environment}-${var.function_name}"
  description = "Lambda security group for function ${var.function_name}"
  vpc_id      = var.vpc_vpc_id

  computed_ingress_with_source_security_group_id           = [
    {
      rule                     = "http-80-tcp"
      source_security_group_id = var.api_gateway_security_group_security_group_id
    }
  ]
  number_of_computed_ingress_with_source_security_group_id = 1

  egress_rules = ["all-all"]
}

####################################################
# Lambda Function (building locally, storing on S3,
# set allowed triggers, set policies)
####################################################

module "lambda_function" {
  source = "terraform-aws-modules/lambda/aws"

  function_name = "${var.environment}-${var.function_name}"
  description   = var.function_description
  handler       = var.handler
  runtime       = var.runtime
  publish       = true
  memory_size   = var.memory_size

  create_package = false
  s3_existing_package = {
    bucket = module.s3_bucket.s3_bucket_id
    key    = aws_s3_bucket_object.lambda.id
  }

  layers = [
    module.lambda_layer_s3.lambda_layer_arn,
  ]

  environment_variables = var.environment_variables

  vpc_subnet_ids         = var.vpc_private_subnets
  vpc_security_group_ids = [module.lambda_security_group.security_group_id]

  attach_network_policy         = true
  attach_cloudwatch_logs_policy = true
  attach_tracing_policy         = true

  cloudwatch_logs_retention_in_days = 7
  cloudwatch_logs_tags              = merge(var.tags, {
    lambda = "${var.environment}-${var.function_name}"
  })

  allowed_triggers = {
    AllowExecutionFromAPIGateway = {
      service    = "apigateway"
      source_arn = "${var.api_gateway_apigatewayv2_api_execution_arn}/*/*"
    }
  }

  tags = var.tags
}

###############################
# Lambda Layer (storing on S3)
###############################

module "lambda_layer_s3" {
  source = "terraform-aws-modules/lambda/aws"

  create_layer = true

  layer_name          = "${var.environment}-${var.function_name}-layer"
  description         = "Lambda layer for function ${var.function_name})"
  compatible_runtimes = [var.runtime]

  create_package = false
  s3_existing_package = {
    bucket = module.s3_bucket.s3_bucket_id
    key    = aws_s3_bucket_object.layer.id
  }
}
@vhsantos
Copy link

Hello,

your configuration looks ok, but probably you are going to have the same problem mentioned here because the TF will try to replace your function deployed using your CD.

@antonbabenko
Copy link
Member

Hi @schealex !

I believe this has been just fixed by #175 (for local packages but you are using S3 objects, so we may need to add some improvement for that also).

Please use v2.10.0 that has been released and let us know if there is anything wrong in a separate issue.

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 10, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@antonbabenko @vhsantos @schealex