From aa868452ef75c9e9f0bf03895762299bfc041353 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Taveira=20Ara=C3=BAjo?= Date: Wed, 13 Sep 2023 10:38:17 -0700 Subject: [PATCH] fix: address snapshot race We need to ensure we only invoke the snapshot lambda once we have the appropriate permission. Since we depend on the eventbridge target, we should ensure the target is only installed after the lambda permission has been configured. We also update the version constraint on `aws` to reflect the use of `aws_lambda_invocation` which was only introduced in 3.72.0 --- modules/snapshot/README.md | 4 ++-- modules/snapshot/main.tf | 3 ++- modules/snapshot/versions.tf | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/snapshot/README.md b/modules/snapshot/README.md index 6688273..ba9f2a4 100644 --- a/modules/snapshot/README.md +++ b/modules/snapshot/README.md @@ -94,13 +94,13 @@ module "observe_lambda_snapshot_b" { | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.1.0 | -| [aws](#requirement\_aws) | >= 2.68 | +| [aws](#requirement\_aws) | >= 3.73 | ## Providers | Name | Version | |------|---------| -| [aws](#provider\_aws) | >= 2.68 | +| [aws](#provider\_aws) | >= 3.73 | ## Modules diff --git a/modules/snapshot/main.tf b/modules/snapshot/main.tf index 8e45dd2..de3251c 100644 --- a/modules/snapshot/main.tf +++ b/modules/snapshot/main.tf @@ -51,6 +51,8 @@ resource "aws_cloudwatch_event_target" "target" { overrides = var.overrides } }) + + depends_on = [aws_lambda_permission.this] } resource "aws_lambda_permission" "this" { @@ -68,4 +70,3 @@ resource "aws_lambda_invocation" "snapshot" { input = aws_cloudwatch_event_target.target.input } - diff --git a/modules/snapshot/versions.tf b/modules/snapshot/versions.tf index f718a71..d4fa985 100644 --- a/modules/snapshot/versions.tf +++ b/modules/snapshot/versions.tf @@ -4,7 +4,7 @@ terraform { required_providers { aws = { source = "hashicorp/aws" - version = ">= 2.68" + version = ">= 3.73" } } }