AWS Lambda VPC on Terraform

Question

When creating an AWS Lambda Function with terraform 0.9.3, I'm failing to make it join my selected VPC. 

This is how my function looks like:

resource "aws_lambda_function" "lambda_function" {

   s3_bucket        = "${var.s3_bucket}"

   s3_key           = "${var.s3_key}"

   function_name    = "${var.function_name}"

   role             = "${var.role_arn}"

   handler          = "${var.handler}"

 

   runtime          = "${var.runtime}"

   timeout          = "30"

   memory_size      = 256

   publish          = true

 

   vpc_config {

       subnet_ids = ["${var.subnet_ids}"]

       security_group_ids = ["${var.security_group_ids}"]

   }

 }

The policy I'm using for the role is

 data "aws_iam_policy_document" "lambda-policy_policy_document" {

       statement {

            effect = "Allow"

            actions = [

            "ec2:DescribeSecurityGroups",

            "ec2:DescribeSubnets",

            "ec2:DescribeVpcs",

            "logs:CreateLogGroup",

            "logs:CreateLogStream",

            "logs:PutLogEvents",

            "ec2:CreateNetworkInterface",

            "ec2:DescribeNetworkInterfaces",

            "ec2:DeleteNetworkInterface"

        ]

        resources = ["*"]

     }

 }

The resources are created just fine if I try to add the VPC and the subnets via the AWS console it all works out.

creation plan:

module.******.aws_lambda_function.lambda_function

arn:                                 "<computed>"

environment.#:                       "1"

environment.0.variables.%:           "1"

environment.0.variables.environment: "******"

function_name:                       "******"

handler:                             "******"

last_modified:                       "<computed>"

memory_size:                         "256"

publish:                             "true"

qualified_arn:                       "<computed>"

role:                                "******"

runtime:                             "******"

s3_bucket:                           "******"

s3_key:                              "******"

source_code_hash:                    "<computed>"

timeout:                             "30"

version:                             "<computed>"

vpc_config.#:                        "1"

vpc_config.0.vpc_id:                 "<computed>"

Though, if I run the terraform plan again, the VPC config is always changed.

vpc_config.#: "0" => "1" (forces new resource)

Answer 1

Fix the missing mapping to the lambda module. It should look like this:

vpc_config.#:                              "1"

vpc_config.0.security_group_ids.#:         "1"

vpc_config.0.security_group_ids.571116572: "******"

vpc_config.0.subnet_ids.#:                 "3"

vpc_config.0.subnet_ids.1396457994:        "****"

vpc_config.0.subnet_ids.1722519307:        "****"

vpc_config.0.subnet_ids.830820656:         "****"

vpc_config.0.vpc_id:                       "<computed>"