使用 Terraform 部署后,Lambda 层的内容与 S3 对象不匹配

问题描述 投票:0回答:1

我将layer.zip上传到S3存储桶,然后通过附加来自S3的layer.zip来手动创建Lambda层。当我使用 Terraform 进行部署时,S3 对象和 Lambda 层版本都会更新,但 Lambda 层的内容与 S3 中的 layer.zip 文件不匹配。但是,当我通过附加来自 S3 的 layer.zip 手动创建 Lambda 层时,它可以正常工作。您能帮我理解为什么使用 Terraform 部署后 Lambda 层的内容与 S3 对象不匹配吗?

terraform 配置和日志如下所示。

resource "aws_s3_object" "lambda_layer" {
  bucket              = "cps-request-handler-${var.environment}"
  key                 = "layers.zip"
  source              = "../../../layers.zip"
  etag                = filemd5("../../../layers.zip")
}

resource "aws_lambda_layer_version" "lambda_layer" {
  layer_name          = "cps-request-handler-python"
  s3_bucket           = "cps-request-handler-${var.environment}"
  s3_key              = "layers.zip"
  compatible_runtimes = ["python3.9"]
  description         = "cps-lambda-layer"
  source_code_hash    = filemd5("../../../layers.zip")
}

日志-

# module.cps-request-handler-kmg-platform-dev.aws_lambda_layer_version.lambda_layer must be replaced
-/+ resource "aws_lambda_layer_version" "lambda_layer" {
      ~ arn                         = "arn:aws:lambda:ap-southeast-2:24:layer:cps-request-handler-python:54" -> (known after apply)
      ~ code_sha256                 = "vanSi466wd7U=" -> (known after apply)
      - compatible_architectures    = [] -> null
      ~ created_date                = "2024-07-08T03:46:08.644+0000" -> (known after apply)
      ~ id                          = "arn:aws:lambda:ap-sou2:layer:cps-request-handler-python:54" -> (known after apply)
      ~ layer_arn                   = "arn:aws:lambda:ap-south2:layer:cps-request-handler-python" -> (known after apply)
      + signing_job_arn             = (known after apply)
      + signing_profile_version_arn = (known after apply)
      ~ source_code_hash            = "b2b5e003591a1dfa31ec684e" -> "112932d48ce97717736487" # forces replacement
      ~ source_code_size            = 61591646 -> (known after apply)
      ~ version                     = "54" -> (known after apply)
        # (7 unchanged attributes hidden)
    }

  # module.cps-confluent-request-handler-kmg-platform-dev.aws_s3_object.lambda_layer will be updated in-place
  ~ resource "aws_s3_object" "lambda_layer" {
      ~ etag                          = "e1f4a9f539372def76d5307d9" -> "112932d48ce97717736487"
        id                            = "layers.zip"
        tags                          = {}
      ~ version_id                    = "3HU.4GNHsj.iASru5O" -> (known after apply)
        # (23 unchanged attributes hidden)
    }

当我通过附加来自 S3 的 layer.zip 手动创建 Lambda 层时,它可以正常工作。我希望同样的事情也能在 terraform 中发挥作用

amazon-web-services amazon-s3 terraform
1个回答
0
投票

在您当前的配置中,Terraform 没有任何信息可以推断 

aws_s3_object.lambda_layer
必须在 
aws_lambda_layer_version.lambda_layer
之前创建或更新,因此 Terraform 可能会同时发出这两个请求,并且 Lambda 层可能会在 S3 之前创建对象已更新,导致图层捕获该对象的旧版本。

您可以通过使 

aws_lambda_layer_version
配置引用 
aws_s3_object
值来向 Terraform 解释正确的顺序:

resource "aws_s3_object" "lambda_layer" {
  bucket              = "cps-request-handler-${var.environment}"
  key                 = "layers.zip"
  source              = "../../../layers.zip"
  etag                = filemd5("../../../layers.zip")
}

resource "aws_lambda_layer_version" "lambda_layer" {
  layer_name          = "cps-request-handler-python"
  s3_bucket           = aws_s3_object.lambda_layer.bucket
  s3_key              = aws_s3_object.lambda_layer.key
  compatible_runtimes = ["python3.9"]
  description         = "cps-lambda-layer"
  source_code_hash    = aws_s3_object.lambda_layer.etag
}

Terraform 使用对象之间的引用来理解依赖关系。在此示例中,

aws_lambda_layer_version.lambda_layer
的配置引用了
aws_s3_object.lambda_layer
,因此 Terraform 将推断 S3 对象所需的任何操作必须在开始与图层版本相关的操作之前完成。

此结构还有一个优点,即您不需要在两个资源中复制相同的信息:您可以仅在将来更新 

aws_s3_object.lambda_layer
中的存储桶名称和对象密钥,并且图层版本资源将自动跟随这些更改.

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.