Error on terraform apply for a 7.5MB AWS lambda but OK when 5MB: ResourceConflictException

[ghost]

This issue was originally opened by @frediana as hashicorp/terraform#23887. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Hello,

I have a this very simple use case I'm trying to make work for hours now without any success.

I have a simple lambda (written in Go) that is zipped 7.5MB big. A lambda is eventually created into my account (and works). But terraform is somehow try to re-create the same lambda again, and fails (because the lambda already exists)

It seems to be related to the size of this archive somehow. When I try with a smaller archive (around 5MB) everything works fine.

Is there any workaround, limitation or any clue about this issue?

Thanks

Adrien

Terraform Version

Terraform v0.12.19
+ provider.archive v1.3.0
+ provider.aws v2.45.0
+ provider.null v2.1.2

Terraform Configuration Files

variable "aws_region" {
  default = "eu-west-1"
}

provider "aws" {
  region = var.aws_region
}

resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_lambda_function" "foo" {
  function_name = "foooooo"

  filename         = "function.zip"

  handler = "main"
  runtime = "go1.x"

  role = aws_iam_role.iam_for_lambda.arn
}

Debug Output

https://gist.github.com/frediana/606331547ca66d41e658449032e63ad4

Crash Output

https://gist.github.com/frediana/24e0c3454271afa88588b95cf7d99372

Expected Behavior

A lambda should be created successfully and terraform apply should not end up with an error.

Actual Behavior

Lambda is created/uploaded to AWS because but terraform crash.

Error: Error creating Lambda function: ResourceConflictException: Function already exist: foooooo
{
  Message_: "Function already exist: foooooo",
  Type: "User"
}

Steps to Reproduce

1. terraform init
2. terraform apply

Additional Context

The function I try to create is a 7.5MB zip, Golang binary.

[bennycornelissen]

I experienced a similar issue, but it disappeared when switching to a more reliable network connection.

[patrickherrera]

I've had the exact same issue (TF 0.12.9 and 0.12.24, AWS Provider 2.61.0) with an 8MB lambda zip: it deploys successfully to AWS, but Terraform fails by saying that it already exists during the request to create it in the first place. At that point it is invisible to TF and I have to delete it from the AWS console.

I tried with a much, much smaller zip and it created fine, and then did an apply again, this time with the original 8MB zip and it uploaded successfully. So it only seems to be creation that is at fault.

This was repeated a couple of times with the same result

[meustrus]

I am having exactly the same issue!

It looks like the debug output above got truncated. Here's mine, with identifiers and large base64 blobs obfuscated: https://gist.github.com/meustrus/8d78e6f6fd4124413ae8531febaf68e2

Looking at the logs, for some reason it starts a second seemingly identical call to CreateFunction exactly 90 seconds after starting the first call. The first call comes back OK after about 3 minutes, then the second call comes back with ResourceConflictException 90 seconds later.

This is my resource (real names obfuscated):

provider "aws" {
  region  = "us-east-1"
  version = "~> 2.31"
}

resource "aws_lambda_function" "alb_request_handler" {
  function_name = "reproduce-terraform-error"
  handler       = "main"
  role          = "APPLICATION_ROLE_ARN_HERE"
  runtime       = "go1.x"
  filename      = "${path.module}/function.zip"
  tags          = { /*TAGS_HERE*/ }

  source_code_hash = filebase64sha256("${path.module}/function.zip")
}

${path.module}/function.zip is 7.3mb. I also tried with a 5.1mb file and the function creation succeeded.

[maxannear]

I've had the exact same issue, my file was 11mb.

For anyone looking for a workaround this worked for me.

I used the aws_s3_bucket_object resource from here https://www.terraform.io/docs/providers/aws/r/s3_bucket_object.html#server-side-encryption-with-aws-managed-key
and uploaded the source to S3 before hand. Not ideal but it works for now

resource "aws_s3_bucket" "examplebucket" {
  bucket = "examplebuckettftest"
  acl    = "private"
}

resource "aws_s3_bucket_object" "examplebucket_object" {
  key                    = "someobject"
  bucket                 = "${aws_s3_bucket.examplebucket.id}"
  source                 = "index.html"
  server_side_encryption = "AES256"
}

resource "aws_lambda_function" "example" {
  # ...
  s3_bucket = aws_s3_bucket.examplebucket.id
  s3_key    = aws_s3_bucket_object.examplebucket_object.key
  # ...
}

[meustrus]

I am still experiencing this issue, but only on a slower connection. It seems to create the lambda successfully as long as it finishes uploading within 90 seconds.

Could this be a strange regression of #4516?

[vyatsun]

Also having this issue on a slower connection. Lambda function is created, but getting an error "Function already exist"

[justinretzolk]

Hey y'all 👋 Thank you for taking the time to file this issue, and for the continued discussion around it. Given that there's been a number of AWS provider releases since the last update, can anyone confirm whether you're still experiencing this behavior?