AWS Lambda Function

Just been working on deploying an AWS Lambda function and having a bit of an issue regarding the aws_lambda_function argument source_code_hash.

When testing the Terraform from the CLI the base64-encode value remains the same providing the source Python hasn’t changed, but when attempting to use the same script in a Bitbucket pipeline - using a debian image - it appears to calculate a different value every run of the pipeline prompting the Lambda function to be updated.

While this is not, in itself, causing an issue I’m sure there must be a way of stopping Terraform from deploying the same Python Lambda function needlessly.

resource “aws_lambda_function” “deployment_group_api” {
function_name = “deployment_group_api”
role = aws_iam_role.deployment_group_api.arn

filename = “deployment_group_api.zip”
handler = “main.lambda_handler”
runtime = “python3.9”
source_code_hash = filebase64sha256(“deployment_group_api.zip”)
}

Note: The ZIP file is generated every time the pipeline runs via a Bash script.

The only thing I can think of that changes every time the pipeline runs is the date/timestamp, but the Terraform documentation says the filebase64sha256 reads the contents of a file so the date/timestamp shouldn’t make any difference.

Any help or explanation as to what is actually happening will be appreciated.

It is likely to be a timestamp issue, not of the zip file itself but of the files within the archive. One way you could try to prevent this would be to force all files to have a specific timestamp before producing the zip archive.

Smart thinking there, Stuart, will give it a go and see how it works out. Will post and update in due course.

Spot on, Stuart.

Setting the file(s) timestamp as part of the pipeline stops the Lambda function ZIP file being deployed every time the pipeline is run, only when the Lambda files themselves are updated.

Thanks for the help, Stuart, appreciate the advicie.