terraform-provider-aws: Unable to run `terraform apply` successfully after creating provisioned concurrency config for a lambda alias

Community Note

  • Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.14 aws provider version 2.58.0

Affected Resource(s)

aws_provisioned_concurrency_config aws_lambda_alias

Terraform Configuration Files

resource "aws_lambda_alias" "my-alias" {
  name = "alias-one"
  description = "The current version of the lambda"
  function_name = "${aws_lambda_function.my-function.arn}"
  function_version = "${aws_lambda_function.my-function.version}"
}

resource "aws_lambda_provisioned_concurrency_config" "my_concurrency_config" {
  function_name = "${aws_lambda_alias.my-alias.function_name}"
  provisioned_concurrent_executions = 1
  qualifier = "${aws_lambda_alias.my-alias.name}"
}

Expected Behavior

After running Terraform once to create the alias, and the provisioned concurrency config associated with the alias, running the same Terraform again runs without error

Actual Behavior

The second run fails with:

Error: Error applying plan:
1 error occurred:
    * module.my-terraform-module.aws_lambda_provisioned_concurrency_config.my_api_concurrency_config: 1 error occurred:
    * aws_lambda_provisioned_concurrency_config.my_api_concurrency_config: error getting Lambda Provisioned Concurrency Config (arn:aws:lambda:REGION:AWS_ACCOUNT_ID:function:my-function:alias-one): ValidationException: 
    status code: 400, request id: $REQUEST_ID

Steps to Reproduce

  1. Create a lambda, with an alias and provisioned concurrency associated with the alias
  2. Run terraform apply
  3. Run terraform apply again.

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 45
  • Comments: 19

Commits related to this issue

Most upvoted comments

I have my concurrency config connected to an alias and I ran into this issue.

My concurrency config references the alias for both function_name and qualifier.

I removed the concurrency config from state and imported it. It wants to change the function_name field to an ARN no matter what I set function_name to in the alias.

Workaround for my case: reference the function itself for the function_name attribute in the concurrency config (this is probably what you’re doing @MarkusKramer, but it’s not clear where you’re getting qualifier from - I’m still getting mine from the alias). I think the issue must be with aws_lambda_alias’s function_name attribute always being an ARN.

+5
jeffcasavant on Mar 17, 2021

This confiugration looks to be working for me

resource "aws_lambda_provisioned_concurrency_config" "test_concurrency" {
  function_name                     = var.rta-lambda-function-name
  provisioned_concurrent_executions = 3
  qualifier                         = aws_lambda_alias.test_alias.function_version
}

var.rta-lambda-function-name is a local variable hard-coding the function name in plain text (just the name, no ARNs)

Hope it can help!

+2
MrMavin on Jun 29, 2022

I believe the short answer here is everyone needs to update to the current Terraform version and Provider versions. we had this problem in 0.12x - 0.14.x before the 4.x provider was released. moving to the latest Terraform or at least 1.x or newer with the 4.x provider - we have not seen this issue in months.

+1
tburow on Feb 24, 2023

This is still an issue for me. I followed the documentation at https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_provisioned_concurrency_config

On the first run, the TF Plan step succeeds but the Apply steps fails with the following:

module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [50s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m0s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m10s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m20s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m30s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m40s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [1m50s elapsed] module.myLambda.aws_lambda_provisioned_concurrency_config.myLambda: Still creating… [2m0s elapsed]

│ Error: error getting Lambda Provisioned Concurrency Config (arn:aws:lambda:*****): ValidationException: │ status code: 400, request id: da0e…

What’s interesting is that the concurrency is actually provisioned successfully. Here’s a screenshot from the console.

Screen Shot 2022-12-27 at 7 35 46 PM

If I make no changes and run the TF apply again, I get the the same error but this time during the plan stage.

│ Error: error getting Lambda Provisioned Concurrency Config (arn:aws:lambda:*****): ValidationException: │ status code: 400, request id: d07e…

I’ve tried to remove the provisioned concurrency from my TF code but the TF apply process always fails with the message above. The only thing I can do is manually delete the provisioned concurrency and modify the TF state in order to restore my ability to push changes.

I’ve also tried to customize the timeouts but the deployment still fails after 2 minutes of attempting to create the concurrency.

+1
krikork on Dec 27, 2022
Read more comments on GitHub
← terraform-provider-aws: Unable to remove forwarded_values on aws_cloudfront_distribution and instead use cache policy
terraform-provider-aws: Unable to use network_interface_id within aws_route_table without incurring a diff everytime →