terraform: Update a Lambda function when the code changes
2 min read | by Jordi Prats
If we are using the archive_file datasource to zip some Lambda function to be able to push it to AWS, we need to se the source_code_hash with it's hash to make sure the function gets updated when it changes:
If we try to use the filebase64sha256 function like this:
data "archive_file" "demo_lambda_zip" {
type = "zip"
source_dir = "${path.module}/src/demo_lambda"
output_path = "${path.module}/zip/demo_lambda.zip"
}
resource "aws_lambda_function" "demo_lambda" {
filename = data.archive_file.demo_lambda_zip.output_path
source_code_hash = filebase64sha256(data.archive_file.demo_lambda_zip.output_path)
role = aws_iam_role.demo_lambda.arn
function_name = "demo_lambda"
handler = "handler.lambda_handler"
runtime = "python3.8"
}
For the first run, when the actual zip file is not yet created, it will fail with the following message:
$ terraform plan
(...)
Error: Error in function call
│
│ on main.tf line 94, in module "lambda_function":
│ 94: source_code_hash = filebase64sha256(data.archive_file.demo_lambda_zip.output_path)
│ ├────────────────
│ │ data.archive_file.lambda_function.output_path is "./zip/demo_lambda.zip"
│
│ Call to function "filebase64sha256" failed: open files/demo_lambda.zip: no such file or directory.
╵
To avoid this kind of situations, the archive_file datasource already provides it's hash as one of it's outputs: output_base64sha256: We just need to update the aws_lambda_function to use it as follows:
data "archive_file" "demo_lambda_zip" {
type = "zip"
source_dir = "${path.module}/src/demo_lambda"
output_path = "${path.module}/zip/demo_lambda.zip"
}
resource "aws_lambda_function" "demo_lambda" {
filename = data.archive_file.demo_lambda_zip.output_path
source_code_hash = data.archive_file.demo_lambda_zip.output_base64sha256
role = aws_iam_role.demo_lambda.arn
function_name = "demo_lambda"
handler = "handler.lambda_handler"
runtime = "python3.8"
}
Posted on 01/04/2022