Diffs don't match when using s3_bucket_object.version_id as lambda_function.s3_object_version

[dstaley]

When running terraform apply after making modifications to the my application's source, I receive an error that "diffs don't match." This occurs only after having run terraform apply at least once.

Terraform Version

Terraform v0.10.4

Affected Resource(s)

Please list the resources as a list, for example:

• s3_bucket_object
• aws_lambda_function

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
}

resource "aws_s3_bucket" "s3_deployment_packages" {
  bucket = "terraform-s3-object-version-lambda-deployment-packages"
  acl    = "private"

  versioning {
    enabled = true
  }
}

data "archive_file" "lambda" {
  type        = "zip"
  source_file = "index.js"
  output_path = "/tmp/lambda_function.zip"
}

resource "aws_s3_bucket_object" "lambda_deployment_package" {
  bucket = "${aws_s3_bucket.s3_deployment_packages.bucket}"
  key    = "lambda_function.zip"
  source = "${data.archive_file.lambda.output_path}"
  etag   = "${data.archive_file.lambda.output_md5}"
}

resource "aws_iam_role" "iam_for_lambda" {
  name = "iam_for_lambda"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": [
          "lambda.amazonaws.com"
        ]
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
EOF
}

resource "aws_lambda_function" "test_lambda" {
  s3_bucket         = "${aws_s3_bucket.s3_deployment_packages.bucket}"
  s3_key            = "lambda_function.zip"
  s3_object_version = "${aws_s3_bucket_object.lambda_deployment_package.version_id}"
  function_name     = "test_lambda_function"
  role              = "${aws_iam_role.iam_for_lambda.arn}"
  handler           = "index.handler"
  source_code_hash  = "${data.archive_file.lambda.output_base64sha256}"
  runtime           = "nodejs6.10"
  publish           = true
}

Debug Output

https://gist.github.com/dstaley/403dc0e001ea8fd3acde234dad36f4a4

Expected Behavior

The newest version of index.js is uploaded to S3, and deployed to the Lambda function.

Actual Behavior

The apply fails, resulting in diffs didn't match during apply.

Steps to Reproduce

1. Using the provided config, run terraform apply in a directory containing a file named index.js.
2. Make a change to index.js.
3. Run terraform apply again.

Important Factoids

Running terraform apply immediately after receiving the error works as intended, with the latest version being deployed.

[mdlavin]

I've started to his this problem as well, so I'm going to start working on a fix today.

[mdlavin]

If anybody is interested in testing out this feature in a patched v1.21.0 version, I've made some Alpine Linux x64 binaries available here: https://github.com/lifeomic/terraform-provider-aws/releases/tag/v1.21.0_patched_5f7d0def

[mdlavin]

@paddycarver is there anything I can do to help this get merged into an official release?

[mdlavin]

If anybody is interested in testing out this feature in a patched v1.36.0 version, I've made some Alpine Linux x64 binaries available here: https://github.com/lifeomic/terraform-provider-aws/releases/tag/v1.36.0_patched_f2d0f833c

[bflad]

The fix for this has been merged into master and will release with version 1.39.0 of the AWS provider, likely tomorrow.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!