Source image xxxxxx.dkr.ecr.us-east-1.amazonaws.com/lambda_image is not valid. Provide a valid source image

I wanna use a container as deplyment package of lambda function. When executing terraform apply, this error message returns:

"Source image xxxxxx.dkr.ecr.us-east-1.amazonaws.com/lambda_image is not valid. Provide a valid source image." 

By console, i created a image, push to ecr repository and use to create a function. Nothing wrong happened. i think there is something wrong in lambda.tf

I have the following files

# main.tf
terraform {
  required_providers {
    aws = {
      source  = "aws"
      version = "3.34.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}
# ecr.tf
resource "aws_ecr_repository" "repo" {
  name = var.image_name
}

resource "aws_ecr_lifecycle_policy" "repo-policy" {
  repository = aws_ecr_repository.repo.name

  policy = <<EOF
{
  "rules": [
    {
      "rulePriority": 1,
      "description": "Keep image deployed with tag '${var.tag}''",
      "selection": {
        "tagStatus": "tagged",
        "tagPrefixList": ["${var.tag}"],
        "countType": "imageCountMoreThan",
        "countNumber": 1
      },
      "action": {
        "type": "expire"
      }
    },
    {
      "rulePriority": 2,
      "description": "Keep last 2 any images",
      "selection": {
        "tagStatus": "any",
        "countType": "imageCountMoreThan",
        "countNumber": 2
      },
      "action": {
        "type": "expire"
      }
    }
  ]
}
EOF

}

# ------ Push image ------------------------------
# Calculate hash of the Docker image source contents
# Calculate hash of the Docker image source contents
data "external" "hash" {
  program = [coalesce(var.hash_script, "${path.module}/hash_image.sh"), var.source_path]
}

# Build and push the Docker image whenever the hash changes
resource "null_resource" "push" {
  triggers = {
    hash = data.external.hash.result["hash"]
  }

  provisioner "local-exec" {
    command     = "${coalesce(var.push_script, "${path.module}/push_image.sh")} ${var.source_path} ${aws_ecr_repository.repo.repository_url} ${var.tag}"
    interpreter = ["bash", "-c"]
  }
}


# ---------- Output ---------------------------------------

output "repository_url" {
  description = "ECR repository URL of Docker image"
  value       = aws_ecr_repository.repo.repository_url
}

output "tag" {
  description = "Docker image tag"
  value       = var.tag
}

output "hash" {
  description = "Docker image source hash"
  value       = data.external.hash.result["hash"]
}
# lambda.tf

resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_lambda_function" "test_lambda" {
  function_name = "lambda_function_name"
  role          = aws_iam_role.iam_for_lambda.arn
  handler       = "sgs-extract.lambda_handler"
  runtime       = "python3.8"
  image_uri     = aws_ecr_repository.repo.repository_url
  package_type = "Image"

  image_config {
    command = ["sgs-extract.lambda_handler"]
  }
  depends_on = [aws_ecr_repository.repo]
}

1 Like

I think you need image_uri = "${aws_ecr_repository.repo.repository_url}:latest"