Hi there,
i face an issue with AWS Lambda functions when using a layer. When updating with terraform, both the function-code and the layer-code, terraform does this (unless i am mistaken):
- create new layer-version
- attach new layer-version to the lambda
- update the code of the lambda function
- delete the old lambda-layer-version
Between step 2 and 3 (which takes only 4-20 seconds), the layer-code is updated - but the function code not yet. When we do have a breaking code change, this causes issues. See screenshot below.
I thought to be able to solve this by using lambda’s publishing parameter set to true. But this doesn’t seem to solve the issue. It just adds a step “3.a publish new version”, but events arriving before that, still hit the delta of new layer-version with not-yet updated lambda-function code.
Expected behaviour:
- Function code and layer code get updated and only then a new lambda version is published containing both updates. In between the old combination of lambda-function + lambda-layer is active.
I have ideas for workarounds, but i hope there is a terraform native solution. e.g.
- Execute the plan and store it
- Disable event source mapper (between sqs and lambda) via aws cli
- Execute terraform apply with the output of terraform plan produced in step 1
- Reenable the event source mapper with the aws cli
See behaviour below, where “common” is produced by the layer-code and “main” by the function-code.
With the CLI it is more straight forward:
- aws lambda publish-layer-version: creates new lambda layer version :2
- aws lambda update-function-code: updates the code without affecting the locked version :1 of the lambda
- aws lambda publish-version: Creates a version from the current code and configuration of a function.
Any hint would be appreciated.
