aws_lambda_function and aws_lambda_function_event_invoke_config

Question

I'm using Terraform 0.14 and trying to deploy an AWS function. I want to set the event_age and retry_attempts to a specific value (1 minute event_age, 0 retry attempts) before I publish a new version of the lambda. I have the code below and it appears the event age and retry attempts are set with the $LATEST version of the lambda. However when the new version is published (as part of the terraform build) the retry_attempts and event_age are defaulting to the 6 hour event_age and 2 max retry attempts.

Below is my tf file that implements the logic.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
  required_version = ">= 0.14"

  backend "s3" {
      region = "us-east-1"
      bucket = "s3bucket"
  }
}

provider "aws" {
  assume_role {
    role_arn     = "arn:aws:iam::${var.accountID}:role/Jenkins-CC"
    session_name = "AssumingJenkins-CC"
  }

  region = var.region
}

resource "aws_lambda_function" "lambda-deploy" {
  filename      = var.filename
  function_name = var.functionname
  role          = "arn:aws:iam::${var.accountID}:role/${var.iam_role}"
  handler       = var.handler
  runtime       = var.runtime
  memory_size   = var.memory_size
  timeout       = var.timeout
  description   = var.description
  publish       = var.publish
  source_code_hash = filebase64sha256(var.filename)

  layers = var.layers

  environment {
    variables = var.envVars
  }

  tags = {
    PLATFORM        = var.tag_PLATFORM
    BUSINESS_UNIT   = var.tag_BUSINESS_UNIT
    CLIENT          = var.tag_CLIENT
    BUSINESS_REGION = var.tag_BUSINESS_REGION
  }

  vpc_config {
    subnet_ids         = var.subnet_ids
    security_group_ids = var.security_group_ids
  }
}

resource "aws_lambda_function_event_invoke_config" "event-lambda" {
  function_name = aws_lambda_function.lambda-deploy.function_name
  maximum_event_age_in_seconds = var.event_age //6 hours
  maximum_retry_attempts = var.retry //set to 0 to avoid lambda retry attempts

  depends_on = [
    aws_lambda_function.lambda-deploy
  ]
}

When my Jenkins job runs the apply step, I see the below output where the event_invoke_config is called as part of the build steps.

However when the job runs, and I check the new version in the AWS console, I see that the event_age and max_retry attempts are defaulting to 6 hours (event_age) and 2 (max_retry attempts).

Is there something I'm doing wrong within the Terraform logic that isn't configuring the max_retry and event_age values correctly when the new version is published?

Answer 1

You don't appear to be setting the qualifier parameter on aws_lambda_function_event_invoke_config.

If you are publishing a new version, either use an alias or set qualifier = aws_lambda_function.lambda-deploy.version. If you don't intend to use a published version, set the qualifier = "$LATEST" or use the default.