(To Discuss) aws_lambda invoke action

[partamonov]

Hello All,

How do you think, is that possible to add aws_lambda invoke action.
For me it's looks very similar to null.resource + trigger

My case:
I create AWS infrastructure with terraform, but to create DNS records I need to do this in different account and I do not have access to or I do not want to give to many people. Now we are doing this with lambda, which has rights, but in my case I need to trigger lambda after ELB creation.

Now I'm using local command
aws lambda invoke --function-name ManageDNS --invocation-type "Event" --payload file://dns_input.json --profile some

But this will be nice if I can do that in terraform.

[radeksimko]

So essentially what you're looking for is Lambda provisioner? Something like this?

resource "aws_instance" "web" {
    ...
    provisioner "lambda"  {
        function_name = "ManageDNS"
        invocation_type = "Event"
        payload = "${file("dns_input.json")}"
    }
}

I personally don't have objections against this, but I don't intend to work on such provisioner any time soon, maybe someone else will pick it up or you can send a pull request.

[partamonov]

I will take a look.

[jonapich]

I have a similar need, after creating my lambda function I must invoke it with some info about the current environment (first time setup).

I worked around it using a template, but it could be doable with a null_resource or directly into the aws_lambda using a local-exec provisioner. Of course having this OOTB would be nice ;)

resource "template_file" "lambda-config" {
  template = "${region} ${lambda_name} ${some_uri} ${some_other_uri} \"${some_password}\""

  vars {
    region = "us-east-1"
    lambda_name = "${aws_lambda_function.some-lambda.arn}"
    (...)
  }

  provisioner "local-exec" {
    command = "python ./lambda_init.py setconfig ${template_file.lambda-config.rendered}"
  }
}

I used the template_file because the command line was getting really long :)

[141984]

any updates on this?
Is there a way which i can use to invoke a lambda from within terraform ?

[apparentlymart]

I think an architectural challenge here is the idea discussed in #2756; currently we don't have a way to make a provisioner that belongs to a provider, and so implementing this would require replicating all of the (pretty complex at this point) AWS provider authentication arguments within the provisioner itself. I'd rather not go down that road without an architectural solution to deal with that, because that code is complex and difficult to robustly test, and we already have similar troubles with keeping the S3 backend and the AWS provider in sync with one another in this regard.

I think the best answer we have for now is to use the local-exec provisioner to run the AWS CLI to invoke a Lambda function, as @partamonov is already doing. This still requires the user to ensure that all of the necessary credentials are available to that command, but if you are using environment variables or the standard credentials file then that isn't too hard to achieve.

In the long run I agree it'd be useful to have a way to run Lambda functions natively within Terraform, but for the moment our efforts are focused elsewhere and so something like #2756 (or, perhaps, #6810) will not be possible in the short term. For now, I'm going to close this just to consolidate discussion in #2756, because this feels like another great use-case for a feature like that. (AWS Lambda didn't exist when I opened that issue, but you can see a similar idea there for AWS OpsWorks lifecycle events.)

[4dz]

I've discovered that it is actually possible to execute a Lambda 'on apply' and get its result by using a CloudFormation stack, and a "CustomResource". I've put together some examples here. https://registry.terraform.io/modules/connect-group/lambda-exec/

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.