Can't find archive_file module output

I’m trying to use HCP as my Terraform backend, and my configuration works locally.
I am receiving an error when trying to reference a file zipped by the archive_file module (to upload a lambda function).

Waiting for the plan to start...

Terraform v1.2.0
on linux_amd64
Initializing plugins and modules...
╷
│ Error: Error in function call
│
│   on example.tf line 72, in resource "aws_lambda_function" "example":
│   72:   source_code_hash = filebase64sha256("example.zip")
│
│ Call to function "filebase64sha256" failed: open example.zip: no such file
│ or directory.
╵
Operation failed: failed running terraform plan (exit 1)

In typical CI/CD environments, plan and apply may be run in different containers or instances and could cause this error, but on HCP, this error is seen in the plan stage, and I believe it would bleed over into the apply stage.

I couldn’t find any references to this issue on HCP, so I have started this topic.

Please let me know if there’s already a workaround to this.
If not, maybe a /tmp storage can be made available during plan+apply for file operations.

Below is a minimal example to reproduce the issue:

terraform {
  required_version = ">= 1.2.0"

  cloud {
    organization = "example"

    workspaces {
      name = "example"
    }
  }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.15.1"
    }

    archive = {
      source  = "hashicorp/archive"
      version = "2.2.0"
    }
  }
}

provider "aws" {
  profile             = "default"
  region              = "us-east-1"
  shared_config_files = ["$HOME/.aws/credentials"]
}

resource "aws_iam_role" "example" {
  name = "lambda_assume_role"

  assume_role_policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : [
      {
        "Sid" : "",
        "Effect" : "Allow"
        "Action" : "sts:AssumeRole",
        "Principal" : {
          "Service" : [
            "lambda.amazonaws.com",
            "edgelambda.amazonaws.com"
          ]
        },
      }
    ]
  })
}

resource "aws_iam_role_policy_attachment" "lambda_policy" {
  role       = aws_iam_role.example.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

data "archive_file" "example" {
  source_file = "example.js"
  output_path = "example.zip"
  type        = "zip"
}

resource "aws_lambda_function" "example" {
  memory_size      = "128"
  timeout          = 10
  runtime          = "nodejs14.x"
  architectures    = ["arm64"]
  handler          = "example.handler"
  function_name    = "example"
  role             = aws_iam_role.example.arn
  filename         = "example.zip"
  source_code_hash = filebase64sha256("example.zip")
}

In Terraform, you express dependencies by referencing attributes of other blocks.

You need to express the dependency on the data block to ensure Terraform delays evaluating the function until it is available:

    source_code_hash = filebase64sha256(data.archive_file.example.output_path)
1 Like

@maxb Thank you, this is the perfect solution!