Terraform aws_lambda_function Requires Docker Image In ECR

Question

I have a module that creates all the infrastructure needed for a lambda including the ECR that stores the image:

resource "aws_ecr_repository" "image_storage" {
  name                 = "${var.project}/${var.environment}/lambda"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}

resource "aws_lambda_function" "executable" {
  function_name = var.function_name
  image_uri     = "${aws_ecr_repository.image_storage.repository_url}:latest"
  package_type  = "Image"
  role          = aws_iam_role.lambda.arn
}

The problem with this of course is that it fails because when aws_lambda_function runs the repository is there but the image is not: the image is uploaded using my CI/CD.

So this is a chicken egg problem. Terraform is supposed to only be used for infrastructure so I cannot/should not use it to upload an image (even a dummy one) but I cannot instantiate the infrastructure unless the image is uploaded in between repository and lambda creation steps.

The only solution I can think of is to create ECR separately from the lambda and then somehow link it as an existing aws resource in my lambda but that seems kind of clumsy.

Any suggestions?

Answer 1

I ended up using the following solution where a dummy image is uploaded as part resource creation.

resource "aws_ecr_repository" "listing" {
  name                 = "myLambda"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }

  provisioner "local-exec" {
    command = <<-EOT
      docker pull alpine
      docker tag alpine dummy_container
      docker push dummy_container
    EOT
  }
}