Knowledge Base

Upgrading terraform-aws-lambda past version v0.21.0

View full discussion in GitHub

Answer

I'm trying to upgrade our Lambda edge code that uses terraform-aws-lambda to v0.21.0 but I'm having issues with the new requirements for `log_regions`. The [example code](https://github.com/gruntwork-io/terraform-aws-lambda/blob/main/examples/lambda-edge/main.tf) shows all of the log regions enabled. ``` locals { log_regions = [ "us-east-1", "us-east-2", "us-west-1", "us-west-2", "ap-south-1", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "eu-central-1", "eu-west-1", "eu-west-2", "sa-east-1" ] } ``` However, when I do that I get errors deploying stating that ` Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists.`. Here is the full output of the error. ``` module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_west_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_west_2.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_west_2.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_sa_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_northeast_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_southeast_2.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_south_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_southeast_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creation complete after 1s [id=/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request] module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_west_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_2.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_central_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_northeast_2.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_sa_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creation complete after 2s [id=/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request] module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_southeast_2.aws_cloudwatch_log_group.log_aggregation[0]: Creation complete after 2s [id=/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request] ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_west_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_west_2.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_west_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_south_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_northeast_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_northeast_2.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_west_2.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_ap_southeast_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_eu_central_1.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_2.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ Releasing state lock. This may take a few moments... ERRO[0090] Terraform invocation failed in /Users/erictompkins/Sites/BranchCMS/AWS/Infrastructure-Live/dev/us-east-1/dev/cms-public-site-files/lambda-cloudfront-origin-request/.terragrunt-cache/PduoGpqUSJbQMFTXvMvjBTZeEG8/KDSNrMH_m9Kj00IaSiBgDwGf9Fk prefix=[/Users/erictompkins/Sites/BranchCMS/AWS/Infrastructure-Live/dev/us-east-1/dev/cms-public-site-files/lambda-cloudfront-origin-request] ERRO[0090] 1 error occurred: * exit status 1 ``` Previously I had my own log group that was created. I removed that with Terraform even though it had a different name. I also comment out all of the `log_region` values to destroy those log groups before trying to create them again. I looked in [modules/lambda-edge-multi-region-log-groups/main.tf](https://github.com/gruntwork-io/terraform-aws-lambda/blob/main/modules/lambda-edge-multi-region-log-groups/main.tf) and it looks like all of the log groups have the same name. If I comment out all but one of the log group regions it still fails. Below is my module code. I also created a `providers.tf` file just like https://github.com/gruntwork-io/terraform-aws-lambda/blob/v0.21.0/examples/lambda-edge/providers.tf. ``` module "lambda_s3" { source = "git::git@github.com:gruntwork-io/terraform-aws-lambda.git//modules/lambda-edge?ref=v0.21.7" name = var.name description = var.description s3_bucket = data.terraform_remote_state.s3_lambda_bucket.outputs.bucket_name s3_key = "cloudfront-site-files-origin-request/${var.app_version}/source.zip" runtime = "nodejs16.x" handler = "index.handler" timeout = var.timeout memory_size = var.memory_size providers = { # Regions that have Regional Edge Caches aws.ap_northeast_1 = aws.ap_northeast_1 aws.ap_northeast_2 = aws.ap_northeast_2 aws.ap_south_1 = aws.ap_south_1 aws.ap_southeast_1 = aws.ap_southeast_1 aws.ap_southeast_2 = aws.ap_southeast_2 aws.eu_central_1 = aws.eu_central_1 aws.eu_west_1 = aws.eu_west_1 aws.eu_west_2 = aws.eu_west_2 aws.sa_east_1 = aws.sa_east_1 aws.us_east_1 = aws.us_east_1 aws.us_east_2 = aws.us_east_2 aws.us_west_1 = aws.us_west_1 aws.us_west_2 = aws.us_west_2 } cloudwatch_log_group_retention_in_days = var.cloudwatch_log_group_retention # Regions that have Regional Edge Caches log_regions = local.log_regions } # Regions that have Regional Edge Caches # If you completely disabled one of these regions in your AWS account, you can remove them # here, but their respective providers still need to be passed to the lambda-edge module. locals { log_regions = [ "us-east-1", # "us-east-2", # "us-west-1", # "us-west-2", # "ap-south-1", # "ap-northeast-2", # "ap-southeast-1", # "ap-southeast-2", # "ap-northeast-1", # "eu-central-1", # "eu-west-1", # "eu-west-2", # "sa-east-1" ] } ``` This ends up with this Terraform plan: ``` Terraform will perform the following actions: # module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1.aws_cloudwatch_log_group.log_aggregation[0] will be created + resource "aws_cloudwatch_log_group" "log_aggregation" { + arn = (known after apply) + id = (known after apply) + name = "/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request" + retention_in_days = 14 + tags_all = (known after apply) } # module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0] will be created + resource "aws_cloudwatch_log_group" "log_aggregation" { + arn = (known after apply) + id = (known after apply) + name = "/aws/lambda/BranchCMS-CloudFront-Origin-Request" + retention_in_days = 14 + tags_all = (known after apply) } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes ``` But I still get the following errors: ``` module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0]: Creating... module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1.aws_cloudwatch_log_group.log_aggregation[0]: Creation complete after 1s [id=/aws/lambda/us-east-1.BranchCMS-CloudFront-Origin-Request] ╷ │ Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/lambda/BranchCMS-CloudFront-Origin-Request' already exists. │ │ with module.lambda_s3.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0], │ on .terraform/modules/lambda_s3/modules/lambda-edge-log-group/main.tf line 23, in resource "aws_cloudwatch_log_group" "log_aggregation": │ 23: resource "aws_cloudwatch_log_group" "log_aggregation" { │ ╵ Releasing state lock. This may take a few moments... ERRO[0088] Terraform invocation failed in /Users/erictompkins/Sites/BranchCMS/AWS/Infrastructure-Live/dev/us-east-1/dev/cms-public-site-files/lambda-cloudfront-origin-request/.terragrunt-cache/PduoGpqUSJbQMFTXvMvjBTZeEG8/KDSNrMH_m9Kj00IaSiBgDwGf9Fk prefix=[/Users/erictompkins/Sites/BranchCMS/AWS/Infrastructure-Live/dev/us-east-1/dev/cms-public-site-files/lambda-cloudfront-origin-request] ERRO[0088] 1 error occurred: * exit status 1 ``` --- <ins datetime="2023-03-17T23:04:48Z"> <p><a href="https://support.gruntwork.io/hc/requests/109999">Tracked in ticket #109999</a></p> </ins>

Hi @erictompkins, could you try this and let me know if it will apply without errors? Replace YOUR_FUNCTION_NAME below. You might also have to replace `module.lambda_edge` according to how your module is named. If you have more "log group already exists" errors, you can follow this pattern to import the remaining log groups according to the error message you get. ``` terraform import 'module.lambda_edge.module.log_groups.module.lambda_edge_log_group_us_east_1_direct.aws_cloudwatch_log_group.log_aggregation[0]' /aws/lambda/YOUR_FUNCTION_NAME ```