Background: On September 4th, AWS launched a major improvement to AWS Lambda and how it works with your Amazon VPC networks. Startup performance has been enhanced and usage of elastic network interfaces or ENIs has been made more efficient. It rolled out automatically to all existing and new AWS Lambda users across all regions.

The issue: If you use HashiCorp Terraform, VPC resources, such as subnets, security groups, and VPCs, they can fail to be destroyed due to the change in how ENIs work in this new model. Companies who use Terraform to provision AWS Lambda resources are at risk of leaving costly resources behind when they attempt to de-provision that infrastructure.

How to know if you are impacted: This issue only affects you if you use HashiCorp Terraform to destroy environments. Versions of Terraform AWS Provider that are v2.30.0 or older are impacted by this issue. With these versions you may encounter errors when destroying environments that contain AWS Lambda functions, VPC subnets, security groups, and Amazon VPCs. 

The fix: Companies that provision AWS Lambda with Terraform should update their Terraform AWS Provider as per to latest upgrade or  v2.31.0 or later. For Companies that for some reason cannot upgrade the Provider, configuration changes need to be made to the Terraform configuration files as per the article, by adding explicit dependencies to the security group and subnets associated with the Lambda.

The call: Foghorn can help with any of these scenarios. Don’t hesitate to reach out if you need a hand.