Error creating Lambda function: ValidationException Lambda

tarazena · July 9, 2020, 1:31pm

Hi there

I’m trying to create a lambda function, I already created 2 lambda functions before using the same exact code and its working fine, however when I’m trying to create the third one, i get the error Error creating Lambda function: ValidationException, here is my code below

resource "aws_iam_role" "iam_role_for_lambda" {
  name = "${var.project_name}-${var.environment}-iam-role-for-lambda-test"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com",
          "ec2.amazonaws.com"
          ]
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_iam_policy" "policy" {
  name        = "${var.project_name}-${var.environment}-lambda-test-policy"
  description = ""

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "secretsmanager:GetSecretValue",
        "kms:Decrypt",
        "ec2:DescribeNetworkInterfaces",
        "ec2:CreateNetworkInterface",
        "ec2:DeleteNetworkInterface"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_iam_role_policy_attachment" "lambda-policy-attach" {
  role       = aws_iam_role.iam_role_for_lambda.name
  policy_arn = aws_iam_policy.policy.arn
}

data "archive_file" "lambda_zip" {
  type        = "zip"
  source_dir  = "${path.module}/api"
  output_path = "${path.module}/build/test.zip"
}


resource "aws_lambda_function" "test_lambda" {
  filename      = "${path.module}/build/test.zip"
  function_name = "test"
  role          = aws_iam_role.iam_role_for_lambda.arn
  handler       = "index.handler"
  runtime       = "nodejs12.x"

  memory_size      = 128
  publish          = false
  source_code_hash = data.archive_file.lambda_zip.output_base64sha256

  timeout = 60

  tracing_config {
    mode = "Active"
  }
}

here is the plan details

+ resource "aws_lambda_function" "test_lambda" {
      + arn                            = (known after apply)
      + filename                       = "../../../modules/lambda/twilio_call/build/test.zip"
      + function_name                  = "test"
      + handler                        = "index.handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = "arn:aws:iam::<REDACTED>:role/x-y-iam-role-for-lambda-test"
      + runtime                        = "nodejs12.x"
      + source_code_hash               = "JOH7RCkIPyvDPrEA9VoIZRaBYH7+aoERCs/I5hZBzNc="
      + source_code_size               = (known after apply)
      + timeout                        = 60
      + version                        = (known after apply)

      + tracing_config {
          + mode = "Active"
        }
    }

When i try to manually create the function using the AWS console, it works fine, terraform fails with no error details which its confusing, help?

tarazena · July 9, 2020, 2:18pm

Ok I solved it, the zip file (or path) name was too long, i changed it to a shorter name and it worked.

Terraform really needs a better error message handling.

Craigfis · July 22, 2020, 11:07pm

I’m getting the same error. It is not due to the zip path though.