Validation Constraint error for s3bucket and s3Key for aws_lambda resource but not using s3

wcorbett36 · April 3, 2023, 9:19pm

Hi!

I have a layered lambda module for a SQS notification use case. I am able to pass validation and plan steps but throwing a validation error at execution time

│ Error: creating Lambda Function (vmdlambdas3listener): operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: 648c956e-3a5e-4998-abb2-bde685408b54, api error ValidationException: 2 validation errors detected: Value '' at 'code.s3Key' failed to satisfy constraint: Member must have length greater than or equal to 1; Value '' at 'code.s3Bucket' failed to satisfy constraint: Member must have length greater than or equal to 3
│ 
│   with module.lambda_listener.module.lambda_function.aws_lambda_function.vmd_lambda_func,
│   on .terraform/modules/lambda_listener.lambda_function/lambda/main.tf line 3, in resource "aws_lambda_function" "vmd_lambda_func":
│    3: resource "aws_lambda_function" "vmd_lambda_func" {
│ 
╵

The lambda func is straightforward but it’s not even using s3:

resource "aws_lambda_function" "vmd_lambda_func" {
  function_name = var.function_name
  handler       = var.handler
  runtime       = var.runtime
  role          = var.role_arn
  timeout       = var.timeout
  publish       = var.publish

  image_uri = var.image_uri

  # Define any environment variables required by the Lambda function
  environment {
    variables = var.environment_variables
  }

  # Define any VPC settings required by the Lambda function
  vpc_config {
    subnet_ids         = var.subnet_ids
    security_group_ids = var.security_group_ids
  }
}

I am using permission and bucket notification resources:

resource "aws_lambda_permission" "aws_s3_lambda_permission" {
  statement_id  = "AllowExecutionFromS3Bucket"
  action        = "lambda:InvokeFunction"
  function_name = module.lambda_function.lambda_function_name
  principal     = "s3.amazonaws.com"

  source_arn = format("arn:aws:s3:::%s", var.bucket_name)
}

resource "aws_s3_bucket_notification" "bucket_notif" {
  bucket = var.bucket_name

  lambda_function {
    lambda_function_arn = module.lambda_function.lambda_function_arn
    events              = ["s3:ObjectCreated:*"]
  }
}

I’m not sure where these validation errors are being thrown from especially since my lambda resource is using image uri. Any input welcome.

Thanks

macmiranda · April 3, 2023, 9:41pm

You may need to set package_type to Image since the default is Zip

wcorbett36 · April 6, 2023, 4:09pm

Sorry had to do some other stuff but am back to this I set the package type to image and still error persists

wcorbett36 · April 6, 2023, 4:21pm

I went and looked at the source code for the provider and I think it is in a conditional loop checking for the success of the image being there otherwise it’s looking for the s3 location. I currently am passing blank string as my image uri because this is all part of a package but ill point it elsewhere see if it works