Writing a AWS Lambda function to process S3 events. I'm using AWS Lambda Layers for code deployment. When the zip files associated with the layers are updated however, they get deployed to their S3 location but the associated layer resources are not picking up this change. So the lambda function is not getting the latest updated zip files. My workaround at the moment is to delete the layer resources by commenting the resource out of my pulumi script ... running

pulumi up

... then uncommenting to add the layer resources back ... and running

pulumi up

again. Is there a better way of handling this? Thx!

I haven’t worked with Layers myself yet, but i suspect that you need to force the Layer to be replaced so that it picks up the latest code. You should be able to do that by changing its

name

or

description

to be dependent on something tied to the version you are trying to deploy (like a hash of the contents?). If you are deploying the code to S3 outside of Pulumi, do you then want every Pulumi deployment to update the layer, or only based on some signal? Because coordinating these is often difficult and clumsy, we typically recommend patterns where the code itself is deployed as part of the Pulumi program, so that the lifecycle of all the updates can be managed.

Thanks @white-balloon-205! When I create the aws.lambda.LayerVersion in my pulumi script, I set the sourceCodeHash field to the

crypto sha256 base64

checksum of the associated zip file archive. So I believe the correct Pulumi behavior is to check for changes in the

sourceCodeHash

value. If it has changed, then Pulumi will need to update the LayerVersion resource. This update will produce a new aws layer arn (ie. the layer version autoincrements on each

aws lambda publish-layer-version

command). Because the layer arn has changed, the

aws.lambda.Function

will pick up the new layer arns in the

layers

field, and thus the function gets updated. I hope this makes sense.