Don't set Pdeathsig when running inside aws lambda

[danieleva]

When running tfexec inside a aws lambda any command dies with a cryptic error:
fork/exec /var/task/terraform: operation not permitted: PathError.
The issue is in tfexec/cmd_linux.go, setting Pdeathsig is not allowed in the lambda runtime and the execution is blocked.
I understand running terraform inside a lambda is not a recommended pattern but I find it really handy for modules that don't take too long to apply (15 mins max runtime).
The fix itself is simple enough and doesn't affect non-lambda linux runtimes: check for lambda runtime before setting SysProcAttr

	if _, ok := os.LookupEnv("LAMBDA_TASK_ROOT"); !ok {
		cmd.SysProcAttr = &syscall.SysProcAttr{
			// kill children if parent is dead
			Pdeathsig: syscall.SIGKILL,
			// set process group ID
			Setpgid: true,
		}
	}

Would you be interested in a PR to address this?

[radeksimko]

I would be hesitant to adding such a condition specifically for Lambda based on that ENV variable as it is possible that other people may run into this in other non-Lambda environments.

You are right that we generally do not recommend running Terraform inside very resource-constrained environments such as Lambda. This is because it can leave the infrastructure in unrecoverable state if the run is killed mid-flight.

I would generally avoid it unless you can be absolutely sure that your plan/apply will only always consume fixed amount of resources - which you can rarely guarantee unless you only use your own providers and somehow strictly limit the number of resources and data sources in your configuration.

---

All that said I can't find any reference to understand why did we add this SysProcAttr in the first place, especially when this is Linux-only feature. I think we'll need to do some testing to see how this affects the execution when certain signals are received and check if it's actually necessary - if not we can consider removing it.

This was apparently introduced in #94 🤔

[bvanhou]

This is still a viable solution ? I am currently running into an issue where "Pdeathsig" is undefined in "SysProcAttr"

[ramirezag]

We are facing the same issue as well.

[yan]

+1

[SouthernMine4957]

+1