Troubleshooting
Fix Terraform Kinesis Stream - ResourceInUseException
Fix AWS Kinesis stream name conflict errors in Terraform. Handle duplicate streams, import existing resources, shard count changes, and stream modes.
2 min read
Troubleshooting
Fix Terraform Lambda Function - InvalidParameterValueException
Fix AWS Lambda InvalidParameterValueException in Terraform. Covers runtime versions, handler paths, IAM role ARN, package size, VPC config, and layer ARNs.
LLuca Berton2 min read
Quick Answer
#A Lambda configuration parameter is invalid — wrong runtime, incorrect handler path, missing IAM role, oversized deployment package, or misconfigured VPC settings. Check the specific detail in the error message.
The Error
#Error: creating Lambda Function (my-function):
InvalidParameterValueException: The runtime parameter of nodejs14.x
is no longer supported.Error: creating Lambda Function:
InvalidParameterValueException: The role defined for the function
cannot be assumed by Lambda.Error: creating Lambda Function:
InvalidParameterValueException: Unzipped size must be smaller
than 262144000 bytes.What Causes This Error
#1. Deprecated Runtime
#AWS regularly deprecates Lambda runtimes. Check supported runtimes.
2. Wrong IAM Role Configuration
#The role's trust policy doesn't allow Lambda to assume it, or the role doesn't exist.
3. Handler Path Mismatch
#The handler doesn't match the file structure in the deployment package.
4. Package Too Large
#Unzipped deployment package exceeds 250 MB, or the zipped package exceeds 50 MB for direct upload.
5. VPC Configuration Issues
#Missing subnet IDs, security group IDs, or insufficient ENI permissions.
How to Fix It
#Solution 1: Use a Supported Runtime
#resource "aws_lambda_function" "main" {
function_name = "${var.project}-${var.environment}-processor"
role = aws_iam_role.lambda.arn
handler = "index.handler"
runtime = "nodejs20.x" # Use current runtime
filename = data.archive_file.lambda.output_path
source_code_hash = data.archive_file.lambda.output_base64sha256
}Current supported runtimes (2025):
| Language | Runtime |
|---|---|
| Node.js | nodejs20.x, nodejs22.x |
| Python | python3.11, python3.12, python3.13 |
| Java | java17, java21 |
| .NET | dotnet8 |
| Go | provided.al2023 (custom runtime) |
| Ruby | ruby3.3 |
Solution 2: Fix IAM Role Trust Policy
#resource "aws_iam_role" "lambda" {
name = "${var.project}-lambda-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "lambda.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
}
resource "aws_iam_role_policy_attachment" "lambda_basic" {
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
}
# For VPC-attached Lambda
resource "aws_iam_role_policy_attachment" "lambda_vpc" {
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}Solution 3: Fix Handler Path
## Handler format: filename.function_name (without extension)
# Python: app.handler → app.py → def handler(event, context)
# Node.js: index.handler → index.js → exports.handler
resource "aws_lambda_function" "main" {
handler = "src/app.handler" # File: src/app.py, Function: handler
# OR
handler = "index.handler" # File: index.js, Function: handler
}Solution 4: Fix Package Size
## For large packages, use S3 instead of direct upload
resource "aws_s3_object" "lambda_package" {
bucket = aws_s3_bucket.deploy.id
key = "lambda/${var.project}.zip"
source = data.archive_file.lambda.output_path
etag = filemd5(data.archive_file.lambda.output_path)
}
resource "aws_lambda_function" "main" {
function_name = var.project
s3_bucket = aws_s3_bucket.deploy.id
s3_key = aws_s3_object.lambda_package.key
handler = "index.handler"
runtime = "python3.12"
role = aws_iam_role.lambda.arn
# Use layers for large dependencies
layers = [aws_lambda_layer_version.dependencies.arn]
}Troubleshooting Checklist
#- ✅ Is the runtime supported? (Check AWS docs for current runtimes)
- ✅ Does the IAM role trust policy allow
lambda.amazonaws.com? - ✅ Does the handler path match the file in the ZIP?
- ✅ Is the package under 250 MB unzipped / 50 MB zipped?
- ✅ For VPC Lambda: are subnet IDs and security groups valid?
- ✅ Do Lambda layers exist and have compatible runtimes?
Prevention Tips
#- Check runtime deprecation dates — plan upgrades before cutoff
- Use S3 for deployment packages — avoids the 50 MB direct upload limit
- Use layers for dependencies — keeps the function package small
- Test handler paths locally —
sam local invokeor similar - Add VPC execution role when using
vpc_config
Related Articles
#Conclusion
#Lambda InvalidParameterValueException means a configuration value is wrong. Check the specific detail — deprecated runtime, wrong handler path, oversized package, or IAM role issues. Use current runtimes, validate handler paths, and use S3 + layers for large deployments.
#Terraform#AWS#Troubleshooting#Error Fix
Related articles
Troubleshooting
Fix Terraform MSK Cluster - TooManyRequestsException
Fix AWS MSK cluster throttling errors in Terraform. Handle API rate limits, retry configuration, reduce parallelism, and manage long cluster creation times.
2 min read
Troubleshooting
Fix Terraform Elasticache Cluster - CacheClusterAlreadyExists
Fix ElastiCache cluster name conflicts in Terraform. Import existing clusters, use unique naming conventions, and handle replication group configurations.
2 min read
Troubleshooting
Fix Terraform Step Functions - StateMachineAlreadyExists
Fix AWS Step Functions duplicate state machine errors in Terraform. Covers naming conflicts, import, definition updates, and versioning patterns.
1 min read