Incorrect assume_role policy when enabling lambda_at_edge

[robgonnella]

Describe the Bug

Using the following config:

data "archive_file" "lambda_zip_inline" {
  type        = "zip"
  output_path = "/tmp/lambda_zip_inline.zip"
  source {
    content  = <<EOF
module.exports.handler = async (event, context, callback) => {
  console.log('event:', event);
};
EOF
    filename = "index.js"
  }
}

module "test_lambda" {
  source           = "cloudposse/lambda-function/aws"
  version          = "0.3.2"
  lambda_at_edge   = true
  filename         = data.archive_file.lambda_zip_inline.output_path
  function_name    = "my-function"
  handler          = "index.handler"
  runtime          = "nodejs14.x"
  source_code_hash = data.archive_file.lambda_zip_inline.output_base64sha256
}

The deployment fails with the following error:

 Error: error creating Lambda Function (1): InvalidParameterValueException: The role defined for the function cannot be assumed by Lambda.
 {
   RespMetadata: {
     StatusCode: 400,
     RequestID: "333ee194-41b9-4dc4-80f9-dd2ae80f92d8"
   },
   Message_: "The role defined for the function cannot be assumed by Lambda.",
   Type: "User"
 }

   with module.test_lambda.aws_lambda_function.this[0],
   on .terraform/modules/test_lambda/main.tf line 12, in resource "aws_lambda_function" "this":
   12: resource "aws_lambda_function" "this" {

However if change this line in this module from

identifiers = var.lambda_at_edge ? ["edgelambda.amazonaws.com"] : ["lambda.amazonaws.com"]

to

identifiers = var.lambda_at_edge ? ["edgelambda.amazonaws.com", "lambda.amazonaws.com"] : ["lambda.amazonaws.com"]

The deployment works as expected

Expected Behavior

Deployment should succeed when setting lambda_at_edge = true

Environment:

• OS: OSX v12.3.1
• Terraform Version: v1.0.6
• AWS Provider Version: 4.13.0
• Archive Version: v2.2.0