Ref Arch - Specified ReservedConcurrentExecutions for function decreases account's UnreservedConcurrentExecution below its minimum value of [50]
A customer asked: > When attempting to run `terragrunt run-all apply` on the Ref Arch, I'm getting the following error message. What does it mean and how can I fix it? ``` ╷ │ Error: error setting Lambda Function (cleanup-expired-iam-certs) concurrency: InvalidParameterValueException: Specified ReservedConcurrentExecutions for function decreases account's Unreser vedConcurrentExecution below its minimum value of [50]. │ { │ RespMetadata: { │ StatusCode: 400, │ RequestID: "c9f4bdee-fd4e-461f-a20a-38ce05bf6862" │ }, │ Message_: "Specified ReservedConcurrentExecutions for function decreases account's UnreservedConcurrentExecution below its minimum value of [50]." │ } │ │ with module.cleanup_expired_iam_certs.module.cleanup_expired_iam_certs.aws_lambda_function.function[0], │ on .terraform/modules/cleanup_expired_iam_certs.cleanup_expired_iam_certs/modules/lambda/main.tf line 35, in resource "aws_lambda_function" "function": │ 35: resource "aws_lambda_function" "function" { │ ```
This error message is stating that the target AWS account's reserved concurrency setting is currently `50`, which is quite low. The[ default value for `Concurrent executions` is usually 1,000](https://docs.aws.amazon.com/lambda/latest/dg/gettingstarted-limits.html), but for new AWS accounts, such as the ones we require for a Gruntwork Reference Architecture deployment, AWS will often throttle this down to `50`. Unfortunately, this is too low of a value to allow the lambda function we include in CIS Reference Architectures, which is tasked with cleaning up expired IAM certificates. In order to fix this error and unblock your `terragrunt run-all apply`, you'll need to request a service quota increase from AWS, within the account that is returning this error message. You can find the quotas console by logging into the AWS console and searching for "Service quotas". Next look for Lambda quotas and then finally find the `Concurrent executions` quota and request that its value be raised to 1,000. Note that, if you are receiving this error message need to do this in all AWS accounts you provisioned for the Gruntwork Reference Architecture. Note that the amount of time it takes AWS to see and (hopefully) grant your quota increase request can vary from a few hours to several days, and Gruntwork unfortunately has no ability to influence or speed up this process, as it's a limit imposed at the AWS account level.