The aws_lambda_function resource requires mutually exclusive code deployment options. You cannot use both filename and image_uri in the same Lambda function—choose one based on whether you're deploying from a local file, S3, or container image.
Terraform's aws_lambda_function resource supports multiple ways to specify your Lambda function's deployment package, but these options are mutually exclusive. The filename parameter (for local zip files) conflicts with image_uri (for ECR container images), as well as with s3_bucket and s3_key parameters (for S3-hosted packages). Terraform validates that only one deployment method is specified per function resource. This error means you've accidentally configured more than one of these conflicting parameters, which is invalid in Terraform's provider schema.
Choose one of the three valid deployment methods for your Lambda function:
1. Zip file from local path: Use filename parameter
- Best for: Simple functions, quick local testing
- Example: filename = "lambda.zip"
2. Container image from ECR: Use image_uri parameter
- Best for: Complex dependencies, Docker-based deployments
- Example: image_uri = "123456789.dkr.ecr.us-east-1.amazonaws.com/my-function:latest"
- Requires: package_type = "Image"
3. Zip file from S3: Use s3_bucket, s3_key, and optionally s3_object_version
- Best for: CI/CD pipelines, shared artifact storage
- Example: s3_bucket = "my-bucket" s3_key = "lambda.zip"
Decide which one matches your deployment workflow.
Delete all parameters except the one you chose. Search your aws_lambda_function resource for:
- filename
- image_uri
- s3_bucket
- s3_key
- s3_object_version
Keep only the deployment method you selected in step 1, and delete the others:
Bad (conflicting):
resource "aws_lambda_function" "example" {
function_name = "my-function"
filename = "lambda.zip" # DELETE THIS
image_uri = "123456...latest" # or DELETE THIS
role = aws_iam_role.lambda.arn
}Good (using filename):
resource "aws_lambda_function" "example" {
function_name = "my-function"
filename = "lambda.zip"
role = aws_iam_role.lambda.arn
}Good (using image_uri):
resource "aws_lambda_function" "example" {
function_name = "my-function"
image_uri = "123456789.dkr.ecr.us-east-1.amazonaws.com/my-function:latest"
package_type = "Image"
role = aws_iam_role.lambda.arn
}Run Terraform validate to check for any remaining issues:
terraform validateIf there are no errors, move to the next step. If you still see conflicting arguments errors, ensure you removed all instances of the conflicting parameters.
Depending on your chosen method, add the required companion parameters:
For filename (Zip):
resource "aws_lambda_function" "example" {
function_name = "my-function"
filename = "lambda.zip"
handler = "index.handler" # Required for Zip
runtime = "nodejs18.x" # Required for Zip
role = aws_iam_role.lambda.arn
}For image_uri (Container):
resource "aws_lambda_function" "example" {
function_name = "my-function"
image_uri = "123456789.dkr.ecr.us-east-1.amazonaws.com/my-function:latest"
package_type = "Image" # REQUIRED for image_uri
role = aws_iam_role.lambda.arn
}For S3 (Zip):
resource "aws_lambda_function" "example" {
function_name = "my-function"
s3_bucket = "my-artifact-bucket"
s3_key = "lambda.zip"
handler = "index.handler" # Required for Zip
runtime = "nodejs18.x" # Required for Zip
role = aws_iam_role.lambda.arn
}Now that you've selected a single deployment method, test and apply your changes:
terraform plan
terraform applyThe error should no longer appear. If you still see it, double-check that you removed all conflicting parameters from your resource.
For reusable modules supporting multiple deployment methods:
If you're building a Terraform module that needs to support both container images and zip files, you cannot use a single aws_lambda_function resource with conditional parameters. Instead, use separate resources with count or for_each:
# Module variables
variable "deployment_type" {
type = string
validation {
condition = contains(["zip", "image"], var.deployment_type)
}
}
# Zip-based Lambda
resource "aws_lambda_function" "zip" {
count = var.deployment_type == "zip" ? 1 : 0
function_name = var.function_name
filename = var.filename
handler = var.handler
runtime = var.runtime
role = aws_iam_role.lambda.arn
}
# Container-based Lambda
resource "aws_lambda_function" "image" {
count = var.deployment_type == "image" ? 1 : 0
function_name = var.function_name
image_uri = var.image_uri
package_type = "Image"
role = aws_iam_role.lambda.arn
}This pattern separates the conflicting configurations into distinct resource blocks, avoiding the validation error entirely.
Managing image updates with Terraform:
When deploying container images via Terraform, you may want Lambda to auto-update when the image is pushed to ECR. To avoid drift detection issues, consider using lifecycle rules or the ignore_source_code_hash equivalent for images, though these require careful state management.
Error: Error rendering template: template not found
How to fix "template not found" error in Terraform
Error: Error generating private key
How to fix 'Error generating private key' in Terraform
Error creating Kubernetes Service: field is immutable
How to fix "field is immutable" errors in Terraform
Error: Error creating local file: open: permission denied
How to fix "Error creating local file: permission denied" in Terraform
Error: line endings have changed from CRLF to LF
Line endings have changed from CRLF to LF in Terraform