By using AWS re:Post, you agree to the AWS re:Post Terms of Use

serviceException when calling the create function operation(reached max retries: 4)

1

"I’m creating a Lambda function with boto3, but I'm encountering an issue. Here’s the code that’s failing:

lambda_client.create_function(
        FunctionName=function_name,
        Runtime='python3.10',
        Role=get_role()['Role']['Arn'],
        Handler='eva_email_handler.lambda_handler',
        Code={"ImageUri": f"{get_container_uri()}:latest"},
        Timeout=300,
        Architectures=["x86_64"]
    )

I've tried hardcoding the container URI, but it still doesn’t work. I have the necessary permissions, and the container image URI is correct (I've tested it separately). Despite this, create_function keeps failing with the following error message:

botocore.errorfactory.ServiceException: An error occurred (ServiceException) when calling the CreateFunction operation (reached max retries: 4): An error occurred, and the request cannot be processed. When I deploy the lambda using zip file works fine


lambda_client.create_function(
        FunctionName=function_name,
        Runtime='python3.10',
        Role=get_role()['Role']['Arn'],
        Handler='eva_email_handler.lambda_handler',
        Code={'S3Bucket': bucket_name, "S3Key": object_key },
        Timeout=300,
        VpcConfig={
            'SubnetIds' : [get_subnet_id()],
            'SecurityGroupIds' : [get_security_group()]
        },
        Environment=variables,
        Layers=[layer],
        Architectures=["x86_64"]
    )

What could be causing this, and are there any additional steps I should try?"

2 Answers
0

Based on the information provided, there are a few potential reasons for the ServiceException you're encountering when trying to create a Lambda function using a container image:

  1. Container Image Issues: Ensure that your container image is properly built, tagged, and pushed to Amazon ECR. The image should be compatible with Lambda's container runtime requirements.

  2. ECR Permissions: Verify that your Lambda execution role has the necessary permissions to pull the container image from ECR. This includes ecr:GetDownloadUrlForLayer, ecr:BatchGetImage, and ecr:BatchCheckLayerAvailability.

  3. Image URI Format: Double-check that the image URI is in the correct format. It should be something like "account-id.dkr.ecr.region.amazonaws.com/repository-name:tag".

  4. VPC Configuration: Since your working zip file deployment includes VPC configuration, ensure that you're also providing the necessary VPC settings when deploying with a container image. VPC-enabled functions require additional setup.

  5. Environment Variables and Layers: If your function requires specific environment variables or layers, make sure to include these in your container image deployment as well.

  6. IAM Role Permissions: Ensure that the IAM role specified has the necessary permissions to create and manage Lambda functions.

  7. Lambda Limits: Check if you've reached any Lambda service limits in your account, such as the number of functions or total code storage.

To troubleshoot further:

  1. Try creating the function using the AWS CLI or AWS Console to see if you get more detailed error messages.

  2. Verify that your container image can be pulled and run locally without issues.

  3. Check CloudTrail logs for more detailed error information about the CreateFunction API call.

  4. Ensure that your boto3 and botocore libraries are up to date.

  5. If possible, try creating the function in a different AWS region to rule out region-specific issues.

If the issue persists after checking these points, you may need to contact AWS support for further assistance, as the generic ServiceException doesn't provide much detail about the root cause.
Sources
CreateFunction - AWS Lambda
Building Lambda functions with Python - AWS Lambda
Community | Creating a Lambda Function with a Container-Based Runtime
Use CreateFunction with an AWS SDK or CLI - AWS SDK Code Examples

profile picture
answered a month ago
0

Hey, @victoryghor.

You are not alone in getting generic errors from the AWS SDK.

From a quick glance, only these differences exist between the two types of Lambda Functions you're creating:

  • Code source (we know this already; one uses a zip, the other, an image URI)
  • Environment variables (only the one using a zip has these, but this shouldn't cause an error on Function create)
  • VPC configuration (again, only the one using a zip has this, but also shouldn't cause an error on Function create)

Everything else seems to be the same between your Function powered by zip, and your Function powered from an image URI.

Step 1: Ensure Valid Image URI

This is just a quick step before going any further, in case this is the point of error. I would log the image URI you're using in your code, and attempt to use the same URI in the AWS console, when creating a Lambda Function manually. This is just to prove you're properly getting the image URI in your code. If this works, you can delete the temporary Function you just created, and move on to the next step.

Step 2: Fix boto3 Usage

I read through the documentation for creating a Lambda Function from the boto3 SDK here.

It looks like if you specify a Runtime when creating a Lambda Function using a container image, it will result in an error. This is because your Docker image should already specify the runtime from within, so this can be omitted from your lambda_client.create_function invocation when using an image. Runtime is only required as a parameter when creating a function using a zip.

Hope this helps. If you have more questions, feel free to reach out.

Cheers,

Chase https://www.linkedin.com/in/chase-grainger/

profile picture
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions