I wanna use a container as deplyment package of lambda function. When executing terraform apply, this error message returns:
"Source image xxxxxx.dkr.ecr.us-east-1.amazonaws.com/lambda_image is not valid. Provide a valid source image."
By console, i created a image, push to ecr repository and use to create a function. Nothing wrong happened. i think there is something wrong in lambda.tf
I have the following files
# main.tf
terraform {
required_providers {
aws = {
source = "aws"
version = "3.34.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
# ecr.tf
resource "aws_ecr_repository" "repo" {
name = var.image_name
}
resource "aws_ecr_lifecycle_policy" "repo-policy" {
repository = aws_ecr_repository.repo.name
policy = <<EOF
{
"rules": [
{
"rulePriority": 1,
"description": "Keep image deployed with tag '${var.tag}''",
"selection": {
"tagStatus": "tagged",
"tagPrefixList": ["${var.tag}"],
"countType": "imageCountMoreThan",
"countNumber": 1
},
"action": {
"type": "expire"
}
},
{
"rulePriority": 2,
"description": "Keep last 2 any images",
"selection": {
"tagStatus": "any",
"countType": "imageCountMoreThan",
"countNumber": 2
},
"action": {
"type": "expire"
}
}
]
}
EOF
}
# ------ Push image ------------------------------
# Calculate hash of the Docker image source contents
# Calculate hash of the Docker image source contents
data "external" "hash" {
program = [coalesce(var.hash_script, "${path.module}/hash_image.sh"), var.source_path]
}
# Build and push the Docker image whenever the hash changes
resource "null_resource" "push" {
triggers = {
hash = data.external.hash.result["hash"]
}
provisioner "local-exec" {
command = "${coalesce(var.push_script, "${path.module}/push_image.sh")} ${var.source_path} ${aws_ecr_repository.repo.repository_url} ${var.tag}"
interpreter = ["bash", "-c"]
}
}
# ---------- Output ---------------------------------------
output "repository_url" {
description = "ECR repository URL of Docker image"
value = aws_ecr_repository.repo.repository_url
}
output "tag" {
description = "Docker image tag"
value = var.tag
}
output "hash" {
description = "Docker image source hash"
value = data.external.hash.result["hash"]
}
# lambda.tf
resource "aws_iam_role" "iam_for_lambda" {
name = "iam_for_lambda"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_lambda_function" "test_lambda" {
function_name = "lambda_function_name"
role = aws_iam_role.iam_for_lambda.arn
handler = "sgs-extract.lambda_handler"
runtime = "python3.8"
image_uri = aws_ecr_repository.repo.repository_url
package_type = "Image"
image_config {
command = ["sgs-extract.lambda_handler"]
}
depends_on = [aws_ecr_repository.repo]
}