Can't find archive_file module output

Blfrg · May 23, 2022, 11:15pm

I’m trying to use HCP as my Terraform backend, and my configuration works locally.
I am receiving an error when trying to reference a file zipped by the archive_file module (to upload a lambda function).

Waiting for the plan to start...

Terraform v1.2.0
on linux_amd64
Initializing plugins and modules...
╷
│ Error: Error in function call
│
│   on example.tf line 72, in resource "aws_lambda_function" "example":
│   72:   source_code_hash = filebase64sha256("example.zip")
│
│ Call to function "filebase64sha256" failed: open example.zip: no such file
│ or directory.
╵
Operation failed: failed running terraform plan (exit 1)

In typical CI/CD environments, plan and apply may be run in different containers or instances and could cause this error, but on HCP, this error is seen in the plan stage, and I believe it would bleed over into the apply stage.

I couldn’t find any references to this issue on HCP, so I have started this topic.

Please let me know if there’s already a workaround to this.
If not, maybe a /tmp storage can be made available during plan+apply for file operations.

Below is a minimal example to reproduce the issue:

terraform {
  required_version = ">= 1.2.0"

  cloud {
    organization = "example"

    workspaces {
      name = "example"
    }
  }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.15.1"
    }

    archive = {
      source  = "hashicorp/archive"
      version = "2.2.0"
    }
  }
}

provider "aws" {
  profile             = "default"
  region              = "us-east-1"
  shared_config_files = ["$HOME/.aws/credentials"]
}

resource "aws_iam_role" "example" {
  name = "lambda_assume_role"

  assume_role_policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Sid" : "",
        "Effect" : "Allow"
        "Action" : "sts:AssumeRole",
        "Principal" : {
          "Service" : [
            "lambda.amazonaws.com",
            "edgelambda.amazonaws.com"
          ]
        },
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "lambda_policy" {
  role       = aws_iam_role.example.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

data "archive_file" "example" {
  source_file = "example.js"
  output_path = "example.zip"
  type        = "zip"
}

resource "aws_lambda_function" "example" {
  memory_size      = "128"
  timeout          = 10
  runtime          = "nodejs14.x"
  architectures    = ["arm64"]
  handler          = "example.handler"
  function_name    = "example"
  role             = aws_iam_role.example.arn
  filename         = "example.zip"
  source_code_hash = filebase64sha256("example.zip")
}

maxb · May 24, 2022, 6:37am

In Terraform, you express dependencies by referencing attributes of other blocks.

You need to express the dependency on the data block to ensure Terraform delays evaluating the function until it is available:

    source_code_hash = filebase64sha256(data.archive_file.example.output_path)

Blfrg · May 24, 2022, 2:30pm

@maxb Thank you, this is the perfect solution!

Topic		Replies	Views
Lambda archive_file output_path error in module Terraform	1	3105	April 22, 2021
Issues with lambda module HCP Terraform hcp-terraform	2	2324	April 29, 2022
Provider produced inconsistent final plan on aws_lambda_function {source_code_hash} AWS	4	2568	May 24, 2024
Aws_lambda_function gets file hash different from the one exported by archive_file Terraform Providers	2	1300	November 4, 2022
[Tutorial: Store remote state] Migrated to HCP, get error missing .tf, while main.tf is in place HashiCorp Cloud Platform (HCP) hcp-terraform	0	93	July 3, 2024

Can't find archive_file module output

Related topics