使用 terraform 创建 lambda 函数时出错获取验证错误

Posted 2023-03-28

【中文标题】使用 terraform 创建 lambda 函数时出错获取验证错误

【英文标题】：error creating lambda function with terrafrom getting validation error

【发布时间】：2021-12-19 16:07:08

【问题描述】：

我正在使用 teraform-aws-lambda 模块和 terraform-aws-iam 模块，遵循这些示例，但是我遇到了验证异常错误（输出如下）

https://github.com/terraform-aws-modules/terraform-aws-lambda/tree/master/examples/simple https://github.com/terraform-aws-modules/terraform-aws-iam/tree/master/examples/iam-assumable-role

resource "random_pet" "this" 
    length = 2


module "lambda_function" 
    source = "../../modules/terraform-aws-lambda"

    publish = true

    # function_name = "$random_pet.this.id-copyAMI"
    function_name = "Test-copyAMI"
    handler       = "index.lambda_handler"
    runtime       = "python3.8"

    create_role = false
    lambda_role = module.iam_assumable_role_custom.iam_role_name

    attach_policy = true
    policy = module.iam_policy.arn

    timeout = 600
    

    source_path = [
        "$path.module/../../src/copy_ami.py",
    ]

provider "aws" 
  region = "eu-west-1"



module "iam_assumable_role_custom" 
  source = "../../modules/iam-assumable-role"


  trusted_role_services = [
    "lambda.amazonaws.com"
  ]

  create_role = true

  role_name         = "LambdaFunction-1"
  role_requires_mfa = false

  custom_role_policy_arns = [
    module.iam_policy.arn
  ]

  role_permissions_boundary_arn = "arn:aws:iam::xxxxxxxxx:policy/BasePolicy"



module "iam_policy" 
  source = "../../modules/iam-policy"

  name        = "LambdaFunction-1"
  path        = "/"
  description = "AMI Copy IAM Policy"

  policy = <<EOF

    "Version": "2012-10-17",
    "Statement": [
        
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:Describe*",
                "ec2:ModifySnapshotAttribute",
                "sts:*",
                "ec2:CopyImage",
                "ec2:ModifyImageAttribute"
            ],
            "Resource": "*"
        
    ]

EOF

module.lambda_function.aws_lambda_function.this[0]: Creating...
╷
│ Error: error creating Lambda Function (1): ValidationException: 
│   status code: 400, request id: ecf44929-bfa5-4058-89aa-f6ecdacf359e
│ 
│   with module.lambda_function.aws_lambda_function.this[0],
│   on ../../modules/terraform-aws-lambda/main.tf line 19, in resource "aws_lambda_function" "this":
│   19: resource "aws_lambda_function" "this" 
│ 

【参考方案1】：

lambda_role 是 IAM 角色 ARN，而不是名称。所以应该是：

lambda_role = module.iam_assumable_role_custom.iam_role_arn