Amazon web services 来自S3数据的Terraform lambda源代码散列不';不要停留在状态缓存中
我有一个用于分配AWS Lambda的地形配置。我希望它在检测到更改时自动更新代码。为此,我使用Amazon web services 来自S3数据的Terraform lambda源代码散列不';不要停留在状态缓存中,amazon-web-services,hash,terraform,devops,terraform-provider-aws,Amazon Web Services,Hash,Terraform,Devops,Terraform Provider Aws,我有一个用于分配AWS Lambda的地形配置。我希望它在检测到更改时自动更新代码。为此,我使用source\u code\u hash属性,如下所示。作为构建过程的一部分,我将所有代码压缩,然后使用openssl获取压缩文件的SHA256散列,将其粘贴到文本文件中,然后将两者上载到S3存储桶 以下是我的地形配置: data "aws_s3_bucket_object" "mylambdacode_sha256" { bucket = "myapp-builds" key = "b
source\u code\u hash
属性,如下所示。作为构建过程的一部分,我将所有代码压缩,然后使用openssl
获取压缩文件的SHA256散列,将其粘贴到文本文件中,然后将两者上载到S3存储桶
以下是我的地形配置:
data "aws_s3_bucket_object" "mylambdacode_sha256" {
bucket = "myapp-builds"
key = "build.zip.sha256"
}
resource "aws_lambda_function" "my_lambda" {
function_name = "${var.lambda_function_name}"
role = "${aws_iam_role.iam_for_lambda.arn}"
handler = "index.handler"
runtime = "nodejs10.x"
s3_bucket = "myapp-builds"
s3_key = "build.zip"
source_code_hash = "${data.aws_s3_bucket_object.mylambdacode_sha256.body}"
timeout = 900
}
我运行terraform apply
,它显示源代码散列已更改:
~ source_code_hash = <<~EOT
- c9Nl4RRfuh/Z5fJvEOT69GDTJqY9n/QTB5cBGtOniYc=
+ 73d365e1145fba1fd9e5f26f10e4faf460d326a63d9ff4130797011ad3a78987
以下是terraform state show aws\u lambda\u function.my\u lambda&&terraform apply&&terraform state show aws\u lambda\u function.my\u lambda
$ terraform state show aws_lambda_function.my_lambda && terraform apply && terraform state show aws_lambda_function.my_lambda
# aws_lambda_function.my_lambda:
resource "aws_lambda_function" "my_lambda" {
arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda"
function_name = "my_lambda"
handler = "index.handler"
id = "my_lambda"
invoke_arn = "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda/invocations"
last_modified = "2019-08-02T15:00:32.621+0000"
layers = []
memory_size = 128
publish = false
qualified_arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda:$LATEST"
reserved_concurrent_executions = -1
role = "arn:aws:iam::XXXXXXXXXX:role/my_lambda-role"
runtime = "nodejs10.x"
s3_bucket = "myapp-builds"
s3_key = "myapp/build.zip"
source_code_hash = "r5D6o1FuCug6FD4QPQ43VdUlfYP4Qe1l1DcElNsf5E0="
source_code_size = 12793672
tags = {}
timeout = 900
version = "$LATEST"
tracing_config {
mode = "PassThrough"
}
}
postgresql_database.postgres: Refreshing state... [id=postgres]
aws_iam_policy.lambda_logging: Refreshing state... [id=arn:aws:iam::XXXXXXXXXX:policy/lambda_logging]
aws_cloudwatch_log_group.my_lambda: Refreshing state... [id=/aws/lambda/my_lambda]
aws_iam_role.iam_for_lambda: Refreshing state... [id=my_lambda-role]
aws_cloudwatch_event_rule.my_lambda-rule: Refreshing state... [id=my_lambda-rule]
data.aws_s3_bucket_object.myapp_lambda_build_sha256: Refreshing state...
data.aws_s3_bucket_object.myapp_lambda_build_zip: Refreshing state...
aws_iam_role_policy_attachment.lambda_logs: Refreshing state... [id=my_lambda-role-20190801190935907200000001]
aws_lambda_function.my_lambda: Refreshing state... [id=my_lambda]
aws_lambda_permission.allow_cloudwatch_to_call_trigger_lambda: Refreshing state... [id=AllowExecutionFromCloudWatch]
aws_cloudwatch_event_target.my_lambda-rule-event-target: Refreshing state... [id=my_lambda-rule-terraform-20190801192030362600000001]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_lambda_function.my_lambda will be updated in-place
~ resource "aws_lambda_function" "my_lambda" {
arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda"
function_name = "my_lambda"
handler = "index.handler"
id = "my_lambda"
invoke_arn = "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda/invocations"
~ last_modified = "2019-08-02T15:00:32.621+0000" -> (known after apply)
layers = []
memory_size = 128
publish = false
qualified_arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda:$LATEST"
reserved_concurrent_executions = -1
role = "arn:aws:iam::XXXXXXXXXX:role/my_lambda-role"
runtime = "nodejs10.x"
s3_bucket = "myapp-builds"
s3_key = "myapp/build.zip"
~ source_code_hash = "r5D6o1FuCug6FD4QPQ43VdUlfYP4Qe1l1DcElNsf5E0=" -> "YWY5MGZhYTM1MTZlMGFlODNhMTQzZTEwM2QwZTM3NTVkNTI1N2Q4M2Y4NDFlZDY1ZDQzNzA0OTRkYjFmZTQ0ZAo="
source_code_size = 12793672
tags = {}
timeout = 900
version = "$LATEST"
tracing_config {
mode = "PassThrough"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_lambda_function.my_lambda: Modifying... [id=my_lambda]
aws_lambda_function.my_lambda: Modifications complete after 1s [id=my_lambda]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
# aws_lambda_function.my_lambda:
resource "aws_lambda_function" "my_lambda" {
arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda"
function_name = "my_lambda"
handler = "index.handler"
id = "my_lambda"
invoke_arn = "arn:aws:apigateway:us-east-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda/invocations"
last_modified = "2019-08-02T15:05:08.079+0000"
layers = []
memory_size = 128
publish = false
qualified_arn = "arn:aws:lambda:us-east-2:XXXXXXXXXX:function:my_lambda:$LATEST"
reserved_concurrent_executions = -1
role = "arn:aws:iam::XXXXXXXXXX:role/my_lambda-role"
runtime = "nodejs10.x"
s3_bucket = "myapp-builds"
s3_key = "myapp/build.zip"
source_code_hash = "r5D6o1FuCug6FD4QPQ43VdUlfYP4Qe1l1DcElNsf5E0="
source_code_size = 12793672
tags = {}
timeout = 900
version = "$LATEST"
tracing_config {
mode = "PassThrough"
}
}
在将“build.zip.sha256”上传到S3之前,我可以通过以下方式生成“build.zip.sha256”:
openssl dgst -sha256 -binary build.zip | openssl enc -base64 > build.zip.sha256
为了避免您可以显示地形状态显示aws\u lambda\u函数的输出。my\u lambda&&terraform apply&&terraform state显示aws\u lambda\u函数。my\u lambda
请?非常感谢您的回答,它为我解决了问题。这!这谢谢你让我不再浪费更多的时间。
openssl dgst -sha256 -binary build.zip | openssl enc -base64 > build.zip.sha256
source_code_hash = chomp(data.aws_s3_bucket_object.my_lambda_build_sha256.body)