Why are Lambda zip names sometimes random strings in CloudFormation?

CloudFormation & the need to redeploy new versions of Lambdas

Table Of Contents

Today I Explained

While reviewing an AWS S3 bucket you may have comes across files named similar to 87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7. This being a file, sometimes a zip archive, with a named composed of what appears to be a random set of numbers and letters. These files aren’t actually published into S3 with a random name, but rather are published with their checksum as their name.

A checksum is a the result of a hashing algorithm running over the entire contents of the file. If the hashing algorithm is stable, meaning it produces the same result for the same input, then you’ll receive the same checksum when passing the file to the algorithm. The above string was generated using echo "a" | sha256sum, but you are able to create these checksums from files as well.

Why do this with AWS S3 though? The most common reason this is done is for AWS Lambda, as CloudFormation will not attempt to deploy a new version of a lambda if you edit in-place an existing zip file. The easiest way to get around this limitation, is to generate the lambdas with a different name each time. Re-deploying something that is exactly the same though would be rather wasteful, so the use of a checksum gets around this by allowing you to only attempt a new deployment when the contents of the zip (the lambda) actually change.