Reputation: 3216
Terraform lambda function validation exception
I am trying to set up my current infrastructure in Terraform (v 0.13.0). I am simply starting with migrating existing lambda functions. I have used the following code to try upload an existing lambda function in .net core 3.1 to AWS (provider v. 3.0). I have no issue to deploy this manually but this is obviously not the goal.
Here is the IAM role:
resource "aws_iam_role" "role_lambda" {
name = "roleLambda"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
Below the function (note I have obfuscated some values):
resource "aws_lambda_function" "lambda_tf" {
function_name = "LambdaTFTest"
role = aws_iam_role.role_lambda.arn
handler = "Lambda::Lambda.Function::FunctionHandler"
runtime = "dotnetcore3.1"
s3_bucket = "arn:aws:s3:::xxxx-xxxxxx"
s3_key = "Lambda.zip"
s3_object_version = "XxXxXxXxXxXxXxXxXxXxXxXxXxXx"
}
However I keep getting this error as an output with no more details:
Error: Error creating Lambda function: ValidationException:
status code: 400, request id: a5e89c38-d1f1-456d-93c1-41650fb45386
I already made sure that my lambda is deployed within the same region as the s3 bucket itself so this is not the issue. I thought this could be related to some invalid parameters but I have played with all of them and can't manage to find the problem. I have also double checked the correct spelling of the key, version and so on. How can I make progress on this ?
Thanks in advance for your help.
Upvotes: 14
Views: 26740
Answers (11)
Reputation: 364
As this is the top hit on Google for "Terraform Lambda ValidationException", I'll just drop here that I had a list of subnets that was too long. For what it's worth, perhaps it will help someone!
Upvotes: 0
Reputation: 113
There is a bug with allocating memory more than 4096 so if you copy the example from the terraform docs it will fail. This does not happen on all AWS account but on some
Upvotes: 0
Reputation: 730
The s3_bucket should only include the name, like xxxx-xxxxxx
The following formats are wrong:
arn:aws:s3:::xxxx-xxxxxx or
s3://xxxx-xxxxxx
Upvotes: 1
Reputation: 1216
This issue is caused by low values of timeout or using role name instead of role ARN. I changed from:
role = aws_iam_role.lambda_role.name
to
role = aws_iam_role.lambda_role.arn
And the function deployment was successful.
Upvotes: 10
Reputation: 1805
In my case it was the name of lambda function. I was using spacing and its not allowed.
Upvotes: 1
Reputation: 56
I actually got the same error when using a docker image. The fix here is to set the package_type = "Image"
Upvotes: 0
Reputation: 41
It could really be any of the parameters you pass to lambda resource. In my case I said the timeout was "900000" instead of 900. I assumed it to be in ms for some reason.
Upvotes: 1
Reputation: 1427
For those who might have run into the same issue, it might help to try formatting your main.tf file by converting all spaces to tabs.
If you're using vscode, there is a tab below to convert this, depends if spaces or tabs
Below:
Convert Indentation to Tabs:
This fixed the issue for me.
Upvotes: -1
Reputation: 238827
The aws_iam_role has a syntax error. There is missing - in front of POLICY if you want it to keep it tabbed:
resource "aws_iam_role" "role_lambda" {
name = "roleLambda"
assume_role_policy = <<-POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
POLICY
}
In aws_lambda_function, the s3_bucket should be just bucket name, not its arn:
resource "aws_lambda_function" "lambda_tf" {
function_name = "LambdaTFTest"
role = aws_iam_role.role_lambda.arn
handler = "Lambda::Lambda.Function::FunctionHandler"
runtime = "dotnetcore3.1"
s3_bucket = "xxxx-xxxxxx"
s3_key = "Lambda.zip"
s3_object_version = "XxXxXxXxXxXxXxXxXxXxXxXxXxXx"
}
Upvotes: 5
Reputation: 35258
This comes down to one of the parameters being passed in being invalid.
Ensure that the Lambda name is unique, the S3 bucket and key exist and that the IAM role has the assume role policy when it’s attached.
The runtime is correct, everything else is user defined so would need you to validate.
Try using filename property instead of S3 (this will use local disk instead of S3). Does that work? If so it might be S3 permissions.
If you verify everything and it’s still not working the best suggestion would be to raise with AWS support providing the request ID.
Upvotes: 2
Related Questions
- Getting Error : error creating Lambda Function (1): ValidationException status code: 400
- Terraform Error creating Lambda function: ResourceConflictException with the resource just created by Terraform apply
- ValidationException on aws_lambda_event_source_mapping
- Terraform Cloud apply lambda function fails with ValidationException, AWS CLI lambda create-function with same parameters succeeds
- error modifying Lambda Function configuration : ValidationException with Lambda and VPC
- error creating lambda function with terrafrom getting validation error
- Terraform data aws_lambda_function.existing throws Error: error getting Lambda Function (MyLambda): ResourceNotFoundException: Function not found
- Simple AWS Lambda Terraform plan fails with ValidationException Error 400
- Deploying simple helloworld lambda function (python) using Terraform script - error creating "test lambda"
- AWS Lambda function with terraform