Terraform Validation Exception and role definitions with AWS

Introduction

Terraform.io is a great scripting system for building systems as Code to provision and manage any cloud, infrastructure, or service

It has a number of great features though while working with some Terraform script trying to get an AWS Lambda function uploaded I was receiving a very unhelpful Validation Exception error message…

Error: Error creating Lambda function: ValidationException: status code: 400, request id: a6df0378-63eb-4b7f-92c5-7a8217b5eaea

Here is a focus on the AWS Lambda declaration block in Terraform code…

resource "aws_lambda_function" "MyFunction" {
  filename      = "lambda_MyFunction.zip"
  function_name = "MyFunction"
  role          = "aws_iam_role.MyRole.arn"
  handler       = "exports.handler"
  runtime = "nodejs12.x"
}

After debugging this and reviewing the many Terraform script samples available turns out the issue was with quotes on the role line…

resource "aws_lambda_function" "MyFunction" {
  filename      = "lambda_MyFunction.zip"
  function_name = "MyFunction"
  role          = aws_iam_role.MyRole.arn <<< Remove quotes
  handler       = "index.handler"
  runtime       = "nodejs12.x"
}

No amount of logging (using TF_LOG) and debugging seemed to indicate this! After correcting the quote issue all was well.