sparse-intern-71089
05/08/2023, 4:58 PMdry-pilot-49577
05/08/2023, 5:01 PM{"__type":"com.amazon.coral.validate#ValidationException","message":"Model validation failed (#: required key [Code] not found)"}
pulumi's update plan
Previewing update (t/development)
View in Browser (Ctrl+O): <https://app.pulumi.com/t/infra/development/previews/zzzzz>
Type Name Plan Info
pulumi:pulumi:Stack infra-development
~ ├─ aws-native:lambda:Function dev-jakob-graphql-public update [diff: +layers]
~ ├─ aws:apigatewayv2:Integration dev-jakob-api-graphql-eb6263ba update [diff: ~integrationUri]
~ └─ aws:apigatewayv2:Integration dev-jakob-api-graphql-eb6263ba-ext update [diff: ~integrationUri]
Outputs:
~ LAMBDA_GRAPHQL_PUBLIC_ARN : "arn:aws:lambda:us-west-2:zzzzz:function:dev-jakob-graphql-public" => output<string>
Resources:
~ 3 to update
35 unchanged
debug request w/ redactions
{"ClientToken":"zzzzzz","Identifier":"dev-jakob-graphql-public","PatchDocument":"[{\"op\":\"add\",\"path\":\"/Layers\",\"value\":[\"arn:aws:lambda:us-west-2:345057560386:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:4\"]}]","TypeName":"AWS::Lambda::Function"}
dry-pilot-49577
05/08/2023, 5:08 PMcode
property of lambda updates as well even though it's on the terraform side.dry-pilot-49577
05/08/2023, 5:20 PMexport const graphqlPublic = new awsnative.lambda.Function(
lambdaName,
{
functionName: lambdaName,
role: graphqlPublicRole.arn,
memorySize: 128,
architectures: ["arm64"],
runtime: "nodejs16.x",
handler: "index.handler",
code: {
s3Bucket: lambdaStore.id,
s3Key: graphqlPublicZip.key,
s3ObjectVersion: graphqlPublicZip.versionId,
},
layers: [
// 💥 💥 💥 adding this line causes the exception on pulumi up
"arn:aws:lambda:us-west-2:345057560386:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:4",
],
},
);
dry-pilot-49577
05/08/2023, 6:16 PMlayers
to result in a replacement using the replaceOnChange
resource option. Because the lambda can be updated outside of pulumi, the replacement needs to be aware of the latest versionId
when recreating the resource.
1. get the object from s3 after creation and capture the latest versionId
const latest = pulumi
.all([graphqlPublicZip.bucket, graphqlPublicZip.key])
.apply(async ([bucket, key]) => {
const result = await aws.s3.getObject({
bucket,
key,
});
return result.versionId;
});
2. Update the awsnative lambda to replace on changes to code
and layers
export const graphqlPublic = new awsnative.lambda.Function(
lambdaName,
{
functionName: lambdaName,
role: graphqlPublicRole.arn,
memorySize: 128,
architectures: ["arm64"],
runtime: "nodejs16.x",
handler: "index.handler",
code: {
s3Bucket: lambdaStore.id,
s3Key: graphqlPublicZip.key,
s3ObjectVersion: latest,
},
layers: [
// enable KMS communication
"arn:aws:lambda:us-west-2:345057560386:layer:AWS-Parameters-and-Secrets-Lambda-Extension-Arm64:4",
],
},
{ replaceOnChanges: ["code", "layers"] }
);
I'll open a GitHub ticket for the issue, but it appears the problem is upstream with CloudControl.
Edit: https://github.com/pulumi/pulumi/issues/12844