Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Only do first creation but ignore changes to lambda & layer #188

New issue
New issue
Closed
Closed
Only do first creation but ignore changes to lambda & layer#188
@schealex

Description

@schealex
schealex
opened on Aug 4, 2021

Is your request related to a new offering from AWS?

no

Is your request related to a problem? Please describe.

I'm creating the lambda and it's main layer through terraform but want to update it via aws cli in ci/cd. Once a pipeline is done. Terraform wants to change back the layer version of the function. Is there a way to prevent this?
Also what is the best practice here? Is there a better way to update the lambda and it's layer via seperate ci/cd than aws cli?

I don't want to have to run our whole infrastructure code in terraform for each code change in any of the lambda's.

Describe the solution you'd like.

Make the module able to do the first create but ignore any changes afterwards.

Additional context

####################################################
# S3 Bucket
####################################################

module "s3_bucket" {
  source = "terraform-aws-modules/s3-bucket/aws"

  bucket        = "devops-${var.environment}-${var.function_name}"
  acl    = "private"

  force_destroy = true
}

resource "aws_s3_bucket_object" "lambda" {
  bucket = module.s3_bucket.s3_bucket_id
  key    = "${var.function_name}-main.zip"
  source = "${path.module}/dummy_lambda.zip"

  lifecycle {
    ignore_changes = [
      tags_all
    ]
  }
}

resource "aws_s3_bucket_object" "layer" {
  bucket = module.s3_bucket.s3_bucket_id
  key    = "${var.function_name}-layer.zip"
  source = "${path.module}/dummy_layer.zip"

  lifecycle {
    ignore_changes = [
      tags_all
    ]
  }
}

####################################################
# Security Group
####################################################

module "lambda_security_group" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 4.0"

  name        = "lambda-sg-${var.environment}-${var.function_name}"
  description = "Lambda security group for function ${var.function_name}"
  vpc_id      = var.vpc_vpc_id

  computed_ingress_with_source_security_group_id           = [
    {
      rule                     = "http-80-tcp"
      source_security_group_id = var.api_gateway_security_group_security_group_id
    }
  ]
  number_of_computed_ingress_with_source_security_group_id = 1

  egress_rules = ["all-all"]
}

####################################################
# Lambda Function (building locally, storing on S3,
# set allowed triggers, set policies)
####################################################

module "lambda_function" {
  source = "terraform-aws-modules/lambda/aws"

  function_name = "${var.environment}-${var.function_name}"
  description   = var.function_description
  handler       = var.handler
  runtime       = var.runtime
  publish       = true
  memory_size   = var.memory_size

  create_package = false
  s3_existing_package = {
    bucket = module.s3_bucket.s3_bucket_id
    key    = aws_s3_bucket_object.lambda.id
  }

  layers = [
    module.lambda_layer_s3.lambda_layer_arn,
  ]

  environment_variables = var.environment_variables

  vpc_subnet_ids         = var.vpc_private_subnets
  vpc_security_group_ids = [module.lambda_security_group.security_group_id]

  attach_network_policy         = true
  attach_cloudwatch_logs_policy = true
  attach_tracing_policy         = true

  cloudwatch_logs_retention_in_days = 7
  cloudwatch_logs_tags              = merge(var.tags, {
    lambda = "${var.environment}-${var.function_name}"
  })

  allowed_triggers = {
    AllowExecutionFromAPIGateway = {
      service    = "apigateway"
      source_arn = "${var.api_gateway_apigatewayv2_api_execution_arn}/*/*"
    }
  }

  tags = var.tags
}

###############################
# Lambda Layer (storing on S3)
###############################

module "lambda_layer_s3" {
  source = "terraform-aws-modules/lambda/aws"

  create_layer = true

  layer_name          = "${var.environment}-${var.function_name}-layer"
  description         = "Lambda layer for function ${var.function_name})"
  compatible_runtimes = [var.runtime]

  create_package = false
  s3_existing_package = {
    bucket = module.s3_bucket.s3_bucket_id
    key    = aws_s3_bucket_object.layer.id
  }
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions