How to create lambda function terraform

TerraformHow-ToBeginner · 3 min read

How to Create AWS Lambda Function with Terraform

To create a Lambda function with Terraform, define an aws_lambda_function resource specifying the function name, runtime, handler, and source code location. You also need an aws_iam_role with proper permissions for Lambda execution.

📐

Syntax

The main Terraform resource to create a Lambda function is aws_lambda_function. You must provide:

function_name: The name of your Lambda function.
runtime: The language runtime, like python3.9 or nodejs18.x.
handler: The entry point in your code, e.g., index.handler.
role: The ARN of an IAM role that Lambda assumes to run.
filename or s3_bucket and s3_key: The location of your deployment package.

terraform

resource "aws_lambda_function" "example" {
  function_name = "my_lambda_function"
  runtime       = "python3.9"
  handler       = "index.handler"
  role          = aws_iam_role.lambda_exec.arn
  filename      = "lambda_function_payload.zip"
}

💻

Example

This example creates an IAM role for Lambda, attaches the basic execution policy, and defines a Lambda function using a local zip file.

terraform

provider "aws" {
  region = "us-east-1"
}

resource "aws_iam_role" "lambda_exec" {
  name = "lambda_exec_role"

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = "lambda.amazonaws.com"
      }
    }]
  })
}

resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
  role       = aws_iam_role.lambda_exec.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

resource "aws_lambda_function" "example" {
  function_name = "my_lambda_function"
  runtime       = "python3.9"
  handler       = "index.handler"
  role          = aws_iam_role.lambda_exec.arn
  filename      = "lambda_function_payload.zip"
  source_code_hash = filebase64sha256("lambda_function_payload.zip")
}

Output

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

⚠️

Common Pitfalls

Common mistakes include:

Not creating or attaching the correct IAM role with Lambda execution permissions.
Forgetting to update source_code_hash when the deployment package changes, causing Terraform to skip updates.
Incorrect handler name that does not match the code entry point.
Using an unsupported runtime version.

terraform

/* Wrong: Missing IAM role attachment */
resource "aws_lambda_function" "bad_example" {
  function_name = "bad_lambda"
  runtime       = "python3.9"
  handler       = "index.handler"
  role          = aws_iam_role.lambda_exec.arn
  filename      = "lambda_function_payload.zip"
}

/* Right: Attach basic execution policy */
resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
  role       = aws_iam_role.lambda_exec.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}

📊

Quick Reference

Remember these key points when creating Lambda with Terraform:

Always define an IAM role with assume_role_policy for Lambda service.
Attach AWSLambdaBasicExecutionRole policy for logging permissions.
Use source_code_hash to detect code changes.
Match handler to your code's entry function.

✅

Key Takeaways

Define an IAM role with proper trust policy for Lambda execution.

Attach AWSLambdaBasicExecutionRole policy to allow Lambda logging.

Specify runtime, handler, and deployment package in aws_lambda_function.

Use source_code_hash to trigger updates when code changes.

Ensure handler matches your code entry point exactly.