From 7ad2b3f97064424db7bec2a70d5344e6969fcea0 Mon Sep 17 00:00:00 2001 From: Anthony Wat Date: Fri, 24 Jan 2025 22:57:51 -0500 Subject: [PATCH] docs: Clarify when the Lambda function is invoked for the aws_lambda_function data source --- website/docs/d/lambda_invocation.html.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/website/docs/d/lambda_invocation.html.markdown b/website/docs/d/lambda_invocation.html.markdown index 6266af78b47..c01e97fda4c 100644 --- a/website/docs/d/lambda_invocation.html.markdown +++ b/website/docs/d/lambda_invocation.html.markdown @@ -12,6 +12,8 @@ Use this data source to invoke custom lambda functions as data source. The lambda function is invoked with [RequestResponse](https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html#API_Invoke_RequestSyntax) invocation type. +~> **NOTE:** The `aws_lambda_invocation` data source invokes the function during the first `apply` and every subsequent `plan` when the function is known. + ~> **NOTE:** If you get a `KMSAccessDeniedException: Lambda was unable to decrypt the environment variables because KMS access was denied` error when invoking an [`aws_lambda_function`](/docs/providers/aws/r/lambda_function.html) with environment variables, the IAM role associated with the function may have been deleted and recreated _after_ the function was created. You can fix the problem two ways: 1) updating the function's role to another role and then updating it back again to the recreated role, or 2) by using Terraform to `taint` the function and `apply` your configuration again to recreate the function. (When you create a function, Lambda grants permissions on the KMS key to the function's IAM role. If the IAM role is recreated, the grant is no longer valid. Changing the function's role or recreating the function causes Lambda to update the grant.) ## Example Usage