https://pulumi.com logo
Title
e

enough-leather-70274

04/12/2021, 9:25 AM
Hi folks - I'm creating a lambda function by using the s3_bucket, s3_key and s3_object_version args. I can get pulumi to update the bucket object successfully with fresh code, but it doesn't recognise the lambda resource itself needs updating, so skips it altogether. Is there a way to force pulumi to always update the lambda with the latest code?
FYI, my code is
deploy_bucket = aws.s3.Bucket(
    "my-bucket",
)

deploy_object = aws.s3.BucketObject(
    "archive",
    key="app.zip",
    bucket=deploy_bucket.id,
    source=AssetArchive({"app": FileArchive(str(some_path.resolve()))}),
)

lambda_fn = aws.lambda_.Function(
    "lambda-fn",
    role=execution_role.arn,
    s3_bucket=deploy_bucket.id,
    s3_key=deploy_object.key,
    s3_object_version=deploy_object.version_id,
    handler="app.main.handler",
    runtime="python3.8",
)
Also, for clarify, preview appears to recognise the bucket object has changed and the lambda needs an update, but the actual deployment doesn't update the lambda:
(venv) % pulumi up
Previewing update (<redacted>/dev)

View Live: <redacted>

     Type                       Name                              Plan       Info
     pulumi:pulumi:Stack        <redacted>               
     ├─ aws:s3:Bucket           my-bucket                  
 ~   │  └─ aws:s3:BucketObject  archive  update     [diff: ~source]
     └─ aws:iam:Role            lambda-iam-role                    
 ~      └─ aws:lambda:Function  lambda-fn               update     [diff: +s3ObjectVersion]
 
Resources:
    ~ 2 to update
    8 unchanged

Do you want to perform this update? yes
Updating (<redacted>/dev)

View Live: <redacted>

     Type                       Name                              Status      Info
     pulumi:pulumi:Stack        <redacted>                
     └─ aws:s3:Bucket           my-bucket                   
 ~      └─ aws:s3:BucketObject  archive  updated     [diff: ~source]
 
Outputs:
    base_url: <redacted>

Resources:
    ~ 1 updated
    9 unchanged

Duration: 12s
b

brave-planet-10645

04/12/2021, 9:39 AM
Just out of question, why are you pushing the code to S3 instead of letting Pulumi push it to the lambda?
e

enough-leather-70274

04/12/2021, 9:40 AM
because it's too big
b

brave-planet-10645

04/12/2021, 9:41 AM
Ah ok. So what you'll need to do is have another lambda that listens to an event on that bucket and updates the lambda when new code is pushed. The SDK has a function for this: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html#updateFunctionCode-property
e

enough-leather-70274

04/12/2021, 9:43 AM
bugger
ok, ta
b

brave-planet-10645

04/12/2021, 9:44 AM
How come it's so large? Would it be possible to split it out? Another option could be to use a container to run your lambda instead?
e

enough-leather-70274

04/12/2021, 9:47 AM
yeah, that's defo another option worth exploring. In real life we also get both the function and the layers provided to us as a zip, hence why we're looking at s3
Why doesn't pulumi just re-up the lambda when we update the object version tho?
b

brave-planet-10645

04/12/2021, 10:15 AM
Because you haven't technically updated the lambda. You've updated the S3 bucket object
Example: if you use the "upload from" button on the lambda page, it goes off to s3, grabs the files and updates the lamdba. If you then update the code in the S3 bucket, you have to go back to lambda in the console and re-run the "upload from" process
e

enough-leather-70274

04/12/2021, 11:15 AM
Well yes - that’s what pulumi should do
And indeed the preview process indicates it will
It just doesn’t do that when you execute the change.
Pulumi knows the bucket object has been versioned, and knows about the dependency of the lambda on that version as its being passed in explicitly
I guess what I’m saying is this feels like a bug rather that working as designed
b

brave-planet-10645

04/12/2021, 12:09 PM
Let me look into this a bit further
@enough-leather-70274 I've realised what is wrong... you haven't turned on versioning on your s3 bucket. It should look like this:
deploy_bucket = aws.s3.Bucket(
    "my-bucket",
    versioning=aws.s3.BucketVersioningArgs(
        enabled=True,
    )
)
You've got the versioning set up correctly on the lambda, but the version id will never change