Open
Description
Is there an existing issue for this?
- I have searched the existing issues
Current Behavior
After creating a lambda and attaching it to an EventBridge cron schedule, changing an SSM Parameter will trigger the lambda function with the even for changing the SSM Parameter
Expected Behavior
Scheduled Lambdas should not get triggered by SSM Put Parameter actions
How are you starting LocalStack?
With a docker-compose file
Steps To Reproduce
How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)
version: "3.5"
services:
localstack:
container_name: "localstack-testing"
image: localstack/localstack-pro:4.4.0
network_mode: bridge
ports:
- "4566:4566"
- "4510-4559:4510-4559"
- "127.0.0.1:53:53"
- "127.0.0.1:53:53/udp"
- "4571:4571"
environment:
- DEBUG=1
- DOCKER_HOST=unix:///var/run/docker.sock
- TEST_AWS_ACCOUNT_ID=000000000000
- LOCALSTACK_AUTH_TOKEN=${LOCALSTACK_AUTH_TOKEN}
- NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
- CURL_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
- REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "/etc/ssl/certs/:/etc/ssl/certs/"import { Stack, StackProps } from "aws-cdk-lib";
import { Construct } from "constructs";
import { Code, Function, Runtime } from "aws-cdk-lib/aws-lambda";
import { Rule, Schedule } from "aws-cdk-lib/aws-events";
import * as targets from "aws-cdk-lib/aws-events-targets";
import { StringParameter } from "aws-cdk-lib/aws-ssm";
export class TestStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const lambda = new Function(this, "test", {
functionName: "my-function",
runtime: Runtime.NODEJS_20_X,
handler: "index.handler",
code: Code.fromInline(
"exports.handler = async (event) => { console.log('========= THIS SHOULD NOT RUN ===========')}",
),
});
new Rule(this, "ScheduleRule", {
schedule: Schedule.cron({ hour: "5", minute: "0" }),
targets: [new targets.LambdaFunction(lambda)],
});
new StringParameter(this, "Parameter", {
parameterName: "my-ssm",
stringValue: "test1",
});
}
}Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)
awslocal ssm put-parameter --name my-ssm --value test2 --overwrite
sleep 5
LOGS_OUTPUT=$(docker-compose logs | grep "SHOULD NOT RUN")
if [[ -n "$LOGS_OUTPUT" ]]; then
echo "Scheduled function was executed"
echo $LOGS_OUTPUT
exit 1;
fiLogs
localstack-testing | 2025-06-04T16:44:40.318 INFO --- [et.reactor-0] localstack.request.aws : AWS logs.FilterLogEvents => 400 (ResourceNotFoundException)
localstack-testing | 2025-06-04T16:44:42.465 DEBUG --- [functhread11] l.services.sqs.models : de-queued message SqsMessage(id=56d11cd3-f06d-4649-9cd1-4c56bfa6c61f,group=None) from arn:aws:sqs:us-east-1:949334387222:my-function-4c8721d5dc9821676e8b3ee19ec1e408
localstack-testing | 2025-06-04T16:44:42.466 DEBUG --- [functhread11] l.s.l.i.event_manager : [my-function-4c8721d5dc9821676e8b3ee19ec1e408] Got 1 messages
localstack-testing | 2025-06-04T16:44:42.468 DEBUG --- [on:$LATEST_0] l.s.l.i.version_manager : Got an invocation for function arn:aws:lambda:eu-west-2:000000000000:function:my-function:$LATEST with request_id ecddeb77-a22c-45ef-8fe4-fe6e05c036d1
localstack-testing | 2025-06-04T16:44:42.469 DEBUG --- [on:$LATEST_0] l.s.l.i.assignment : Starting new environment
localstack-testing | 2025-06-04T16:44:42.471 INFO --- [et.reactor-2] localstack.request.aws : AWS ssm.PutParameter => 200
localstack-testing | 2025-06-04T16:44:42.473 DEBUG --- [on:$LATEST_0] l.s.l.i.docker_runtime_exe : Assigning container name of localstack-testing-lambda-my-function-9a5763af39a370c02390372b77ee6483 to executor 9a5763af39a370c02390372b77ee6483
localstack-testing | 2025-06-04T16:44:42.482 DEBUG --- [on:$LATEST_0] l.u.c.container_client : Getting networks for container: localstack-testing
localstack-testing | 2025-06-04T16:44:42.486 INFO --- [on:$LATEST_0] l.u.container_networking : Determined main container network: bridge
localstack-testing | 2025-06-04T16:44:42.486 DEBUG --- [on:$LATEST_0] l.u.c.container_client : Getting ipv4 address for container localstack-testing in network bridge.
localstack-testing | 2025-06-04T16:44:42.492 INFO --- [on:$LATEST_0] l.u.container_networking : Determined main container target IP: 172.26.0.2
localstack-testing | 2025-06-04T16:44:42.518 DEBUG --- [on:$LATEST_0] l.p.c.s.l.i.docker_runtime : Executing start docker executor pro-hook for function arn:aws:lambda:eu-west-2:000000000000:function:my-function:$LATEST
localstack-testing | 2025-06-04T16:44:42.518 DEBUG --- [on:$LATEST_0] l.u.c.docker_sdk_client : Creating container with attributes: {'self': <localstack.utils.container_utils.docker_sdk_client.SdkDockerClient object at 0x7feae682eb10>, 'image_name': 'public.ecr.aws/lambda/nodejs:20', 'name': 'localstack-testing-lambda-my-function-9a5763af39a370c02390372b77ee6483', 'entrypoint': '/var/rapid/init', 'remove': False, 'interactive': False, 'tty': False, 'detach': False, 'command': None, 'volumes': [], 'ports': <PortMappings: {}>, 'exposed_ports': [], 'env_vars': {'AWS_DEFAULT_REGION': 'eu-west-2', 'AWS_REGION': 'eu-west-2', 'AWS_LAMBDA_FUNCTION_NAME': 'my-function', 'AWS_LAMBDA_FUNCTION_MEMORY_SIZE': 128, 'AWS_LAMBDA_FUNCTION_VERSION': '$LATEST', 'AWS_LAMBDA_INITIALIZATION_TYPE': 'on-demand', 'AWS_LAMBDA_LOG_GROUP_NAME': '/aws/lambda/my-function', 'AWS_LAMBDA_LOG_STREAM_NAME': '2025/06/04/[$LATEST]9a5763af39a370c02390372b77ee6483', 'AWS_ACCESS_KEY_ID': 'LSIAQAAAAAAAAOTX5IYB', 'AWS_SECRET_ACCESS_KEY': 'bhjXJRcLpKG+jZwq/SEFFg+7O+1j4t78UjDLBiQ9', 'AWS_SESSION_TOKEN': 'FQoGZXIvYXdzEBYaDPaCAGxITtk1BZIvLrEpirpLTKivEO1+hMb0pd08P6u+dXIrQafuYsurtzI6b0YLpIKqD3WkBQxEXdZZphd83l0H0Y8pAg82jrYPvtLlDuPX554U1ATaRwUljYyPjDkZg7hEA60VSi1cd6QkKyxrW5ai5XOSfvAZMEaUazo8DB0Up3hJ/zBQaeMbeggi0Lka6/U4GOVDdAlcBhjCFLI0phhYY70JeC4y0oaKmMtPCPDt+DpdcV7IHW9OHja6/WBuk4NbBCqKjOFH9LNJKed0FqSb0hJKPI8V2mmC+6N3rL
6728
O8jqeDAd/QFg5L2RYRr9jiVjIwal3QDkfUpM2/W/o=', 'LAMBDA_TASK_ROOT': '/var/task', 'LAMBDA_RUNTIME_DIR': '/var/runtime', 'AWS_XRAY_CONTEXT_MISSING': 'LOG_ERROR', 'AWS_XRAY_DAEMON_ADDRESS': '127.0.0.1:2000', '_AWS_XRAY_DAEMON_PORT': '2000', '_AWS_XRAY_DAEMON_ADDRESS': '127.0.0.1', 'TZ': ':UTC', 'AWS_LAMBDA_FUNCTION_TIMEOUT': 3, 'LOCALSTACK_HOSTNAME': '172.26.0.2', 'EDGE_PORT': '4566', 'LOCALSTACK_RUNTIME_ID': '9a5763af39a370c02390372b77ee6483', 'LOCALSTACK_RUNTIME_ENDPOINT': 'http://172.26.0.2:4566/_localstack_lambda/9a5763af39a370c02390372b77ee6483', 'LOCALSTACK_FUNCTION_ACCOUNT_ID': '000000000000', 'AWS_ENDPOINT_URL': 'http://172.26.0.2:4566', '_HANDLER': 'index.handler', 'AWS_EXECUTION_ENV': 'AWS_Lambda_rapid', 'LOCALSTACK_MAX_PAYLOAD_SIZE': 6291556, 'NODE_TLS_REJECT_UNAUTHORIZED': '0', 'LOCALSTACK_CHMOD_PATHS': '[{"path": "/tmp", "mode": "0700"}]'}, 'user': None, 'cap_add': None, 'cap_drop': None, 'security_opt': None, 'network': 'bridge', 'dns': '172.26.0.2', 'additional_flags': '', 'workdir': None, 'privileged': False, 'labels': None, 'platform': 'linux/amd64', 'ulimits': None, 'init': None, 'log_config': None}
localstack-testing | 2025-06-04T16:44:42.666 DEBUG --- [on:$LATEST_0] l.u.c.docker_sdk_client : Copying file /usr/lib/localstack/lambda-runtime/v0.1.30-pre/x86_64/. into localstack-testing-lambda-my-function-9a5763af39a370c02390372b77ee6483:/
Environment
- OS: Ubuntu 20.04.6 LTS
- LocalStack:
LocalStack version: 4.4.0
LocalStack Docker image sha: sha256:4cd6739c278473748391fd32d9eae0ddc8c7477b47155fec99f02e45d9cbd2fe
LocalStack build date: 2025-05-08
LocalStack build git hash: b0d9b9da1Anything else?
I've reproduced the issue here: https://github.com/Garethp/localstack-testing/tree/scheduled-lambda-ssm.
When I clone down the branch scheduled-lambda-ssm, run yarn install, and then ./start.sh I see the logs from the lambda function that should not appear.
As far as I can see, this bug goes back to 4.0.0. My testing indicates that this bug is not present in 3.8.1. The logs for this also look really strange, there's a message in the logs saying that it's de-queueing a message from an sqs queue that doesn't exist, in a region that I didn't deploy into, with an Account ID that I've never seen. Perhaps this is how LocalStack's EventBridge works under the hood? I'm not sure.