Error creating Lambda function: ValidationException

I have configured a Lambda function like so:

resource "aws_lambda_function" "data_load" {

      function_name = "bf_api_load"

      handler = local.lambda_handler_load

      role = "arn:aws:iam::347790762739:role/lambda_s3_getobject_batch_submit"
      //  role = aws_iam_role.lambda_s3_getobject_batch_submit.name

      runtime = local.lambda_language_runtime

      s3_bucket = module.bucket_lambda_deployment.bucket
      s3_key    = module.bucket_lambda_deployment.key

      timeout = local.lambda_timeout_load

      vpc_config {
        subnet_ids         = local.subnet_ids
        security_group_ids = [aws_default_security_group.bf_api.id]
      }
    }

The plan looks like this:

Terraform will perform the following actions:

  # aws_lambda_function.data_load will be created
  + resource "aws_lambda_function" "data_load" {
      + arn                            = (known after apply)
      + function_name                  = "bf_api_load"
      + handler                        = "bfapi_load.handle_load"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + publish                        = false
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = "arn:aws:iam::347790762739:role/lambda_s3_getobject_batch_submit"
      + runtime                        = "python3.7"
      + s3_bucket                      = "bf-lambda-archive"
      + s3_key                         = "api/lambda/example.zip"
      + source_code_hash               = (known after apply)
      + source_code_size               = (known after apply)
      + timeout                        = 6000
      + version                        = (known after apply)

      + tracing_config {
          + mode = (known after apply)
        }

      + vpc_config {
          + security_group_ids = [
              + "sg-0f6f054a81e4058a1",
            ]
          + subnet_ids         = [
              + "subnet-07f50fa5aaeaa291a",
              + "subnet-0bbaf2efcbe42dda1",
            ]
          + vpc_id             = (known after apply)
        }
    }

When I run terraform apply I get the following error:

Error: Error creating Lambda function: ValidationException: 
	status code: 400, request id: e4760477-5a97-43cd-b129-412d2aa615a5

  on bf_api.tf line 254, in resource "aws_lambda_function" "data_load":
 254: resource "aws_lambda_function" "data_load" {

Version info:

$ terraform -version
Terraform v0.12.24
+ provider.aws v2.58.0

There is no indication of where I’ve gone wrong. No additional information is displayed when I use TF_LOG=TRACE. I have tried everything I can think of such as replacing variables with hard-coded strings, using the ARN for the role rather than the role’s resource name, etc. but with no effect, always the same error.

Can anyone advise what else I might try in order to flush out the cause of this error? Thanks in advance for any suggestions or insight.

2 Likes

This turned out to be a problem with the timeout value, as I had specified a value that exceeds the maximum (900 seconds).

Is it reasonable to expect Terraform to validate values such as this and report errors accordingly? It seems like this could/would/should be caught in the plan.

I agree @monocongo, TF should validate provided values, i got the same error and by mistake i have used Role name instead of ARN.

3 Likes