aws_lambda_layer_version ALWAYS forcing new resource when referencing S3 data resource

[icarusmiles]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.13

Affected Resource(s)

aws_lambda_layer_version

Terraform Configuration Files

data "aws_s3_bucket_object" "layer" {
  bucket      = "${var.artifact_bucket}"
  key         = "layers/${var.layer_name}.zip"
}

resource "aws_lambda_layer_version" "layer" {
  depends_on          = ["data.aws_s3_bucket_object.layer"]

  layer_name          = "${var.prefix}-${var.layer_name}-layer"
  s3_bucket           = "${var.artifact_bucket}"
  s3_key              = "layers/${var.layer_name}.zip"
  s3_object_version   = "${data.aws_s3_bucket_object.layer.version_id}"
  compatible_runtimes = ["nodejs8.10"]
} 

Debug Output

Panic Output

-/+ module.layer_authorizer.aws_lambda_layer_version.layer (new resource required)
      id:                             "arn:aws:lambda:us-east-1:x-dev-authorizer-layer:17" => <computed> (forces new resource)
      arn:                            "arn:aws:lambda:us-east-1:x-dev-authorizer-layer:17" => <computed>
      compatible_runtimes.#:          "1" => "1"
      compatible_runtimes.3898948262: "nodejs8.10" => "nodejs8.10"
      created_date:                   "2019-04-22T05:45:24.106+0000" => <computed>
      layer_arn:                      "arn:aws:lambda:us-east-1:x:x-dev-authorizer-layer" => <computed>
      layer_name:                     "x-dev-authorizer-layer" => "x-dev-authorizer-layer"
      s3_bucket:                      "x-dev-artifacts" => "x-dev-artifacts"
      s3_key:                         "layers/authorizer.zip" => "layers/authorizer.zip"
      s3_object_version:              "x" => "${data.aws_s3_bucket_object.layer.version_id}" (forces new resource)
      source_code_hash:               "x" => <computed>
      source_code_size:               "x" => <computed>
      version:                        "x" => <computed>

s3_object_version: "x" --> Same as previous

Expected Behavior

The computed "${data.aws_s3_bucket_object.layer.version_id}" version_id should see the same value and not force a new resource.

Actual Behavior

Even though the previous s3_object_version is the same, the layer is recreated and versioned.

Steps to Reproduce

Configuration above, having a data lookup on an existing S3 object and grabbing the version_id... then attaching that to the s3_object_version argument in aws_lambda_layer_version.

Important Factoids

Versioning is enabled, I've confirmed the output of the S3 object data matches the layer object reference.

References

Similar, but not the same issue: #7552

My issue will ALWAYS recompute and force a new resource, unlike that above issue which

If nothing has changed in the code, it does not do anything which is correct

[icarusmiles]

Appears this is due to a depends_on with a null_resource outside of this... Seems a data resource doesn't compute if the attached null resource doesn't trigger, ugh

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!