fix: use null_resource to create Lambda ZIP file before Lambda functi…

[omerdemirok]

…on creation

[github-actions]

Open in Overmind ↗

---

🟢 Change Signals

Routine 🟢 ▁ AWS resources across CloudWatch alarms, Lambda event source mappings, and Lambda functions are maintaining typical patterns with 2 events/day for the last day.

View signals ↗

---

🔥 Risks

Potential Processing Delays Due to Lambda Event Source Mapping Configuration ❗Medium Open Risk ↗
The configuration of the Lambda event source mapping for the SQS queue 'image-processing-terraform-example' may lead to processing delays or failures. The batch size is set to 10, and the maximum batching window is 5 seconds. If the queue receives a high volume of messages, these settings might cause processing bottlenecks or increased latency. The Lambda function 'image-processor-terraform-example' has a memory size of 1024 MB and a timeout of 180 seconds, which may not be sufficient to handle large volumes efficiently. The CloudWatch alarm is set to trigger on Lambda errors with a threshold of 5 errors, which could lead to frequent alerts if processing delays occur.

Potential Performance Issues with Lambda Function Configuration ❗Medium Open Risk ↗
The 'image-processor-terraform-example' Lambda function is configured with 1024 MB of memory and a 180-second timeout. If these settings do not align with the function's actual resource needs, it could lead to performance issues such as timeouts or increased execution costs. Additionally, the IAM role 'image-processor-lambda-role-terraform-example' must have the necessary permissions to perform all required operations. Without verification of these permissions, there is a risk of operational failures. The CloudWatch alarm 'lambda-errors-terraform-example' is set to monitor errors, which will help identify performance issues if they occur.

Potential Misconfiguration of CloudWatch Alarm Due to Lack of Historical Data Low Open Risk ↗
The CloudWatch alarm for the 'image-processor-terraform-example' Lambda function is set to trigger on errors exceeding a threshold of 5 within two evaluation periods. Without historical error data, there's a risk of misconfiguration, potentially leading to false positives or missed alerts. However, this is a speculative risk due to the absence of historical data, which is typical for newly created functions.

---

🟣 Expected Changes

Note

No expected changes found.

---

🟠 Unmapped Changes

+ cloudwatch-alarm › module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors

--- current
+++ proposed
@@ -0,0 +1,36 @@
+type: cloudwatch-alarm
+id: github.com/overmindtech/terraform-example.cloudwatch-alarm.module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+attributes:
+  actions_enabled: true
+  alarm_actions: null
+  alarm_description: This alarm monitors Lambda function errors
+  alarm_name: lambda-errors-terraform-example
+  arn: (known after apply)
+  comparison_operator: GreaterThanThreshold
+  datapoints_to_alarm: null
+  dimensions:
+    FunctionName: image-processor-terraform-example
+  evaluate_low_sample_count_percentiles: (known after apply)
+  evaluation_periods: 2
+  extended_statistic: null
+  id: (known after apply)
+  insufficient_data_actions: null
+  metric_name: Errors
+  namespace: AWS/Lambda
+  ok_actions: null
+  period: 60
+  statistic: Sum
+  tags:
+    Environment: terraform-example
+    Name: Lambda Errors Alarm
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Lambda Errors Alarm
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_cloudwatch_metric_alarm.lambda_errors
+  threshold: 5
+  threshold_metric_id: null
+  treat_missing_data: missing
+  unit: null

+ aws_lambda_event_source_mapping › module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger

--- current
+++ proposed
@@ -0,0 +1,33 @@
+type: aws_lambda_event_source_mapping
+id: github.com/overmindtech/terraform-example.aws_lambda_event_source_mapping.module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+attributes:
+  amazon_managed_kafka_event_source_config: (known after apply)
+  arn: (known after apply)
+  batch_size: 10
+  bisect_batch_on_function_error: null
+  enabled: true
+  event_source_arn: arn:aws:sqs:eu-west-2:540044833068:image-processing-terraform-example
+  function_arn: (known after apply)
+  function_name: (known after apply)
+  function_response_types: null
+  id: (known after apply)
+  kms_key_arn: null
+  last_modified: (known after apply)
+  last_processing_result: (known after apply)
+  maximum_batching_window_in_seconds: 5
+  maximum_record_age_in_seconds: (known after apply)
+  maximum_retry_attempts: 3
+  parallelization_factor: (known after apply)
+  queues: null
+  self_managed_kafka_event_source_config: (known after apply)
+  starting_position: null
+  starting_position_timestamp: null
+  state: (known after apply)
+  state_transition_reason: (known after apply)
+  tags: null
+  tags_all: (known after apply)
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_lambda_event_source_mapping.sqs_trigger
+  topics: null
+  tumbling_window_in_seconds: null
+  uuid: (known after apply)

+ aws_lambda_function › module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor

--- current
+++ proposed
@@ -0,0 +1,51 @@
+type: aws_lambda_function
+id: github.com/overmindtech/terraform-example.aws_lambda_function.module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+attributes:
+  architectures: (known after apply)
+  arn: (known after apply)
+  code_sha256: (known after apply)
+  code_signing_config_arn: null
+  description: null
+  ephemeral_storage: (known after apply)
+  filename: modules/scenarios/message-size-breach/lambda_function.zip
+  function_name: image-processor-terraform-example
+  handler: lambda_function.lambda_handler
+  id: (known after apply)
+  image_uri: null
+  invoke_arn: (known after apply)
+  kms_key_arn: null
+  last_modified: (known after apply)
+  layers: null
+  logging_config: (known after apply)
+  memory_size: 1024
+  package_type: Zip
+  publish: false
+  qualified_arn: (known after apply)
+  qualified_invoke_arn: (known after apply)
+  replace_security_groups_on_destroy: null
+  replacement_security_group_ids: null
+  reserved_concurrent_executions: -1
+  role: arn:aws:iam::540044833068:role/image-processor-lambda-role-terraform-example
+  runtime: python3.9
+  s3_bucket: null
+  s3_key: null
+  s3_object_version: null
+  signing_job_arn: (known after apply)
+  signing_profile_version_arn: (known after apply)
+  skip_destroy: false
+  source_code_hash: rrn+1CWcexaae0keBGoEcCpBmkcaNmgEH2ENhWA4OMM=
+  source_code_size: (known after apply)
+  tags:
+    Environment: terraform-example
+    Name: Image Processor
+    Scenario: Message Size Breach
+  tags_all:
+    Environment: terraform-example
+    Name: Image Processor
+    Scenario: Message Size Breach
+  terraform_address: module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+  terraform_name: module.scenarios[0].module.message_size_breach[0].aws_lambda_function.image_processor
+  timeout: 180
+  timeouts: null
+  tracing_config: (known after apply)
+  version: (known after apply)

---

💥 Blast Radius

Items 0

Edges 0