AWS Lambda creation fails with ValidationException

Trying to create a very trivial lambda, plan passes, apply fails with JUST “ValidationException” and no thing else.

This is my TF code:

resource "aws_lambda_function" "odp_deployment" {
  function_name    = var.odp_deploy_lambda_name
  handler          = var.odp_deploy_lambda_handler
  runtime          = var.odp_deploy_lambda_runtime
  # filename         = var.odp_deploy_lambda_zip
  s3_bucket = "<REDUCTED>"
  s3_key    = "/lambda.zip"
  # source_code_hash = filebase64sha256(var.odp_deploy_lambda_zip)
  role             = "arn:aws:lambda:us-west-2:<REDUCTED>:function:deploy_odp_job"
  # memory_size      = var.odp_deploy_lambda_memory_size
  timeout          = 120   # Default is 3
}

This is what plan reports:

  # aws_lambda_function.odp_deployment will be created
  + resource "aws_lambda_function" "odp_deployment" {
      + arn                            = (known after apply)
      + function_name                  = "deployment_monitoring_1_odp_deploy"
      + handler                        = "deploy_odp_job.deploy_job"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = "arn:aws:lambda:us-west-2:<REDUCTED>:function:deploy_odp_job"
      + runtime                        = "python3.6"
      + s3_bucket                      = "<REDUCTED>"
      + s3_key                         = "/lambda.zip"
      + source_code_hash               = (known after apply)
      + source_code_size               = (known after apply)
      + timeout                        = 120
      + version                        = (known after apply)

      + tracing_config {
          + mode = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

… and then I get this:

aws_lambda_function.odp_deployment: Creating...

Error: Error creating Lambda function: ValidationException:
	status code: 400, request id: d7daf6c6-20d6-4bc6-be68-3f00d41d6223

  on lambdas.tf line 1, in resource "aws_lambda_function" "odp_deployment":
   1: resource "aws_lambda_function" "odp_deployment" {
$ terraform -version
Terraform v0.12.19
+ provider.aws v2.49.0
+ provider.random v2.2.1

Any pointers are appreciated!

I’m an idiot. A really bad case of cut and past - used lambda’s ARN instead of Role.

Please Update the Role with actual ROLE ARN from AWS IAM console or if you are creating IAM ROLE and POLICY as a part of template then map the correct role ARN

Example:
role = “${aws_iam_role.iam_for_lambda.arn}”

1 Like

ahhh, sometimes one needs that little grain of salt to see the obvious.
Thanks for the answer. First google result and straight to the point. ID instead of ARN … it’s THERE right in front of the eyes :slight_smile: