Redundant ignore_changes element: in resource "aws_lambda_function" "this"

[natemccurdy]

Describe the Bug

When running terraform plan (or apply), a declaration of this module throws the following warning:

│ Warning: Redundant ignore_changes element
│
│   on .terraform/modules/foo.lambda_changes/main.tf line 21, in resource "aws_lambda_function" "this":
│   21: resource "aws_lambda_function" "this" {
│
│ Adding an attribute name to ignore_changes tells Terraform to ignore future changes to the argument in configuration after the object has been created, retaining the value originally configured.
│
│ The attribute last_modified is decided by the provider alone and therefore there can be no configured value to compare with. Including this attribute in ignore_changes has no effect. Remove the attribute from ignore_changes to quiet this
│ warning.
│
│ (and one more similar warning elsewhere)

The error is coming from the lifecycle block at https://github.com/cloudposse/terraform-aws-lambda-function/blob/0.5.1/main.tf#L93-L95

lifecycle {
  ignore_changes = [last_modified]
}

Expected Behavior

When running terraform plan (or apply), a declaration of this module does not throw a "Redundant ignore_changes element" warning

Steps to Reproduce

In my case, I declared this module with s3_bucket and s3_key:

module "lambda_responses" {
  source  = "cloudposse/lambda-function/aws"
  version = "0.5.1"

  function_name = "${module.lambda_label.id}-test"
  attributes    = concat(module.lambda_label.attributes, ["test"])
  description   = "Yay lambdas"
  s3_bucket     = var.responses_lambda_s3_bucket
  s3_key        = var.responses_lambda_s3_key
  runtime       = var.responses_lambda_runtime
  handler       = var.responses_lambda_handler
  architectures = ["x86_64"]
  context       = module.lambda_label.context
}

Then ran terraform apply from the root module shown above.
The Lambda and related resources were created just fine, but the Terraform run ended with the "ignore_changes" warning.

Environment

Versions:

• Terraform v1.5.6
• module cloudposse/lambda-function/aws 0.5.1
• provider registry.terraform.io/hashicorp/aws v5.19.0
• provider registry.terraform.io/hashicorp/time v0.9.1

Additional Context

Root cause and the reason for the lifecycle block in the first place: hashicorp/terraform-provider-aws#29085

[natemccurdy]

Looks like this is actually related to hashicorp/terraform-provider-aws#29085

The last_modified value changes on each Terraform run for unknown reasons, which is why most modules that wrap aws_lambda_function ignore that with a lifecycle block.

I tested removing the filename attribute from this module, only leaving s3_key and s3_object (as that's what I need for my use case), and I removed the lifecycle block. The result is that Terraform detected drift on each run for unknown reasons. The last_modified changes every time Terraform runs.

# module.foo.module.lambda_changes.aws_lambda_function.this[0] will be updated in-place
  ~ resource "aws_lambda_function" "this" {
        id                             = "test"
      ~ last_modified                  = "2023-10-05T21:55:22.433+0000" -> (known after apply)
        tags                           = {}
        # (23 unchanged attributes hidden)

        # (2 unchanged blocks hidden)
    }

So, because of the bug I linked above, it's good that this module ignores last_modified. But an unfortunate side-effect of that on modern Terraform versions is the Warning seen in this bug post.

[thakurchander]

Is there any workaround to get rid of this warning message ?