Skip to content

Lambda aft_customizations_identify_targets fails to import aft_common module from layer #597

New issue
New issue
Open
Open
Lambda aft_customizations_identify_targets fails to import aft_common module from layer#597
Labels
bugSomething isn't workingpending investigationIssue needs further investigation
@asri-badlah

Description

@asri-badlah
asri-badlah
opened on Dec 3, 2025

Terraform Version & Prov:
1.9.0

AFT Version:
1.17.0

Terraform Version & Provider Versions
Please provide the outputs of terraform version and terraform providers from within your AFT environment

terraform version

Terraform v1.9.0
on windows_amd64
+ provider registry.terraform.io/hashicorp/archive v2.7.1
+ provider registry.terraform.io/hashicorp/aws v5.100.0
+ provider registry.terraform.io/hashicorp/local v2.6.1
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1

Your version of Terraform is out of date! The latest version

terraform providers

Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
└── module.aft
    ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    ├── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_feature_options
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
    ├── module.aft_account_request_framework
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 4.9.0
    │   └── provider[registry.terraform.io/hashicorp/time]
    ├── module.aft_backend
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
    ├── module.aft_ssm_parameters
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── provider[registry.terraform.io/hashicorp/random]
    ├── module.aft_account_provisioning_framework
    │   └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    ├── module.aft_customizations
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── provider[registry.terraform.io/hashicorp/time]
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_iam_roles
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 4.27.0
    │   ├── module.log_archive_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.log_archive_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.aft_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.aft_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.audit_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.audit_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── module.ct_management_exec_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   └── module.ct_management_service_role
    │       └── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    ├── module.aft_lambda_layer
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.11.0, < 6.0.0
    │   ├── provider[registry.terraform.io/hashicorp/random]
    │   └── provider[registry.terraform.io/hashicorp/local]
    ├── module.aft_code_repositories
    │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.84.0, < 6.0.0
    │   ├── provider[registry.terraform.io/hashicorp/time]
    │   └── provider[registry.terraform.io/hashicorp/local]
    └── module.packaging
        └── provider[registry.terraform.io/hashicorp/archive]

Providers required by state:

    provider[registry.terraform.io/hashicorp/archive]

    provider[registry.terraform.io/hashicorp/local]

    provider[registry.terraform.io/hashicorp/aws]

    provider[registry.terraform.io/hashicorp/random]

    provider[registry.terraform.io/hashicorp/time]

Bug Description
The Lambda function aft-customizations-identify-targets fails to deploy because it cannot import the aft_common module. The error occurs even though the aft-common-1-17-0 Lambda layer exists and is attached to the function.

Error message:

{
  "cause": "{\"errorMessage\": \"Unable to import module 'aft_customizations_identify_targets': No module named 'aft_common'\", \"errorType\": \"Runtime.ImportModuleError\", \"requestId\": \"\", \"stackTrace\": []}",
  "error": "Runtime.ImportModuleError"
}

To Reproduce
Steps to reproduce the behavior:

1- Deploy terraform-aws-control_tower_account_factory with AFT in the management account.
2- Go to Step Function > aft-invoke-customizations > New execution to update existing account
3- In event you see LambdaFunctionFailed

Expected behavior
The Lambda function aft-customizations-identify-targets should successfully import the aft_common module from the attached layer and execute without errors.

Related Logs
Runtime.ImportModuleError: Unable to import module 'aft_customizations_identify_targets': No module named 'aft_common'

Additional context
The layer aft-common-1-17-0 is attached to the Lambda function.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingpending investigationIssue needs further investigation

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions