Confused by function_name in aws_lambda_permission #10810
Comments
|
Hi @hanks Apologies for the confusion here - this has since been updated in the documentation to be: Hope this helps Paul |
|
For any soul that may find themselves here, wondering WTF when you think you've followed all the docs. There is still moar to do. First of all, the AWS docs do not talk about no permissions, so you'll need that. Secondly, terraform cannot create a subscription to a function name, that's wrong in da docs. Finally, an SNS subscription cannot go to If you've lost three days dev and come here, give me a 🎉 resource "aws_sns_topic" "cloudwatch_notifications" {
name = "aws-${var.service_name}-${var.stage}-alarm"
}
data "aws_lambda_function" "cloudwatch_lambda" {
function_name = "sls-${var.service_name}-${var.stage}-cloudwatch-alarms"
}
resource "aws_lambda_permission" "with_sns" {
statement_id = "AllowExecutionFromSNS"
action = "lambda:InvokeFunction"
function_name = "${replace(data.aws_lambda_function.cloudwatch_lambda.arn, ":$LATEST", "")}"
principal = "sns.amazonaws.com"
source_arn = "${aws_sns_topic.cloudwatch_notifications.arn}"
}
resource "aws_sns_topic_subscription" "cloudwatch_subscription" {
topic_arn = "${aws_sns_topic.cloudwatch_notifications.arn}"
protocol = "lambda"
endpoint = "${replace(data.aws_lambda_function.cloudwatch_lambda.arn, ":$LATEST", "")}"
} |
|
The automatically appended If there are other issues you would like to raise, I would recommend opening a new issue in the Terraform AWS Provider (https://github.com/terraform-providers/terraform-provider-aws/issues) so we can appropriately triage them as well. 👍 |
…nd refactor testing to check data source state values against the resource state values References: * #5812 * hashicorp/terraform#10810 (comment) * #6966 Previously, the `aws_lambda_function` data source was utilizing the Read function from the `aws_lambda_function` resource. This legacy practice has longterm maintenance issues with missing schema and documentation updates. Here we implement a fresh new Read function for the data source that includes the following changes: * Properly error when Lambda Function is not found * Always return the `arn` attribute as unqualified (e.g. without a qualifier or version suffix) * Always return the `qualified_arn` attribute as qualified (e.g. with the qualifier or version suffix) * Always return the `tags` attribute The acceptance testing changes modernize and simplify the testing: * Utilize `resource.TestCheckResourceAttrPair()` where possible to ensure data source state values match appropriate resource state values * Consolidate random naming to single variable * Only provision VPC resources in VPC specific test Output from acceptance testing: ``` --- PASS: TestAccDataSourceAWSLambdaFunction_version (20.89s) --- PASS: TestAccDataSourceAWSLambdaFunction_environment (22.75s) --- PASS: TestAccDataSourceAWSLambdaFunction_alias (23.68s) --- PASS: TestAccDataSourceAWSLambdaFunction_basic (23.76s) --- PASS: TestAccDataSourceAWSLambdaFunction_layers (28.82s) --- PASS: TestAccDataSourceAWSLambdaFunction_vpc (36.48s) ```
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Terraform Version
Terraform v0.8.1
Affected Resource(s)
In the docs https://www.terraform.io/docs/providers/aws/r/lambda_permission.html#function_name, it says:
But in the sample code:
Maybe rename
function_nameargument toarnwill be betterThe text was updated successfully, but these errors were encountered: