Dec 21, 2025

How to Fix Terraform Too Many Open Files on AWS Lambda

Troubleshooting: Terraform Deployed AWS Lambda Encountering “Too Many Open Files” Error

As a DevOps Engineer leveraging Terraform to manage your AWS infrastructure, encountering the dreaded “Too Many Open Files” error within an AWS Lambda function can be a frustrating roadblock. This guide will walk you through diagnosing and resolving this issue, focusing on the specific context of a Terraform-deployed Lambda.

1. The Root Cause: Why This Happens on AWS Lambda

Firstly, it’s crucial to clarify: Terraform itself does not run within your AWS Lambda function. Instead, Terraform is the infrastructure-as-code tool you use to deploy and configure your Lambda functions. The “Too Many Open Files” error originates from the runtime environment of your Lambda function hitting its operating system file descriptor limit (similar to ulimit -n on a Linux system).

AWS Lambda functions operate within a constrained execution environment. Each invocation environment has an inherent limit on the number of file descriptors (including network sockets, pipes, and actual files) that can be simultaneously open. While not directly configurable via ulimit within the Lambda runtime itself, this limit is typically around 1024 for a standard Lambda execution environment.

Common reasons your Lambda might hit this limit include:

Unclosed Resources: The most frequent culprit. Your code opens files, network connections (HTTP clients, database connections, Redis clients, S3 client connections), or other I/O streams but fails to close them properly, leading to resource leakage across invocations (especially during “warm” starts).
Excessive Dependencies: Your Lambda deployment package might include numerous libraries, and some dependencies could implicitly open many files or connections upon initialization.
Large Deployment Package / Many Files: If your .zip or container image contains an exceptionally large number of files, the runtime environment might struggle to manage the associated file handles.
Child Processes: If your Lambda spawns child processes, each of these can consume its own set of file descriptors, rapidly depleting the parent process’s allowance.
VPC Configuration Overheads: Lambdas configured within a VPC might consume more file descriptors due to network interfaces and routing setups, though this is less common as a primary cause.

2. Quick Fix (CLI)

Before diving into configuration changes, here are immediate steps you can take via the AWS CLI to potentially alleviate the issue and gather more data.

Increase Lambda Memory (Temporary Relief): Increasing a Lambda function’s memory often, though not always, correlates with an increase in other allocated resources, including file descriptor limits. This is a common first step to buy time and see if it resolves the immediate problem.
```
aws lambda update-function-configuration \
  --function-name YOUR_LAMBDA_FUNCTION_NAME \
  --memory-size 512 # Start with 256, 512, or 1024. Increase gradually.
```
Replace YOUR_LAMBDA_FUNCTION_NAME with your actual function name.
Monitor CloudWatch Logs for the Error: The fastest way to confirm the issue and see if your changes are effective is to directly query CloudWatch Logs. Look for messages containing “Too Many Open Files” or “Error: EMFILE”.
```
aws logs filter-log-events \
  --log-group-name /aws/lambda/YOUR_LAMBDA_FUNCTION_NAME \
  --filter-pattern "Too Many Open Files" \
  --start-time $(($(date +%s -d '1 hour ago') * 1000)) \
  --query 'events[*].message' --output text
```
Adjust --start-time as needed. If you want to see all logs for the last hour, this command is useful.
Check Open File Descriptors (Advanced / Custom Runtimes): While not a “fix,” if you are using a custom runtime or can inject code, you might be able to log the current number of open file descriptors to get more insight. For standard runtimes, this is difficult to achieve directly within the Lambda code. A simple Python example to count open FDs (for diagnostics, not a fix):
```
import os
try:
    num_fds = len(os.listdir('/proc/self/fd'))
    print(f"Current open file descriptors: {num_fds}")
except Exception as e:
    print(f"Could not count fds: {e}")
```
You would need to deploy this diagnostic code within your Lambda.

3. Configuration Check (Terraform HCL)

The long-term and proper solution involves reviewing both your Terraform configuration and, most importantly, your Lambda function’s code.

Adjust memory_size in aws_lambda_function: This is the primary parameter you can control in Terraform to influence the runtime environment’s resource allocation. Gradually increase it and re-deploy.

resource "aws_lambda_function" "my_problematic_lambda" {
  function_name    = "your-lambda-function-name"
  handler          = "index.handler"
  runtime          = "nodejs18.x" # Or your specific runtime
  role             = aws_iam_role.lambda_exec_role.arn
  filename         = "path/to/your/deployment_package.zip"
  source_code_hash = filebase64sha256("path/to/your/deployment_package.zip")

  # --- Key configuration for this issue ---
  memory_size = 512 # Increase from default (128MB) to 256, 512, or 1024.
  # ----------------------------------------

  timeout = 30 # Adjust as needed
  # ... other configurations ...
}

Review Lambda Deployment Package (filename, s3_key):
- Size and Content: Is your deployment package (.zip file or container image) unnecessarily large? Are you bundling many files that aren’t actually used by the Lambda? Each file bundled adds to the potential for file handle consumption.
- Lambda Layers: For shared dependencies, consider using Lambda Layers to reduce the size of your primary deployment package and manage dependencies more efficiently. This can sometimes indirectly help by making the core function smaller.
Critical: Code Review and Refactoring (Most Effective Long-Term Solution): This is where the most significant and lasting fix will come from. You need to identify resource leaks within your Lambda’s code.
- Close Resources: Ensure all file handles, network sockets, database connections, and HTTP client connections are explicitly closed after use.
  - Python: Use with open(...), with requests.Session(), or client.close() for Boto3/database clients.
  - Node.js: Ensure streams are ended, database connections are released to pools, and HTTP agents are configured for keep-alive or properly closed.
  - Java: Use try-with-resources for I/O streams and ensure connection pools are managed.
- Connection Pooling: For database connections or other persistent network connections, implement or properly configure connection pooling. Re-using connections from a pool is far more efficient than opening a new one for every invocation.
- Global/Initialization Scope: If you open connections or load large resources in the global scope (outside the handler function), ensure they are initialized once and re-used. However, be mindful that these connections might become stale over time, requiring periodic re-establishment.
- Avoid Excessive File I/O: Minimize reading and writing many temporary files, especially within the /tmp directory. If necessary, ensure they are promptly deleted.
- Third-Party Libraries: Be aware of how your libraries handle resources. Some older or less optimized libraries might be prone to leaks. Consider alternatives or ensure you’re using them correctly.
- Monitor for Uncaught Exceptions: An uncaught exception can prevent cleanup code from running, leaving resources open. Implement robust error handling.

4. Verification

After applying your Terraform changes (and ideally, code changes), follow these steps to verify the resolution:

Deploy Changes:
```
terraform apply
```
Ensure your Terraform plan reflects the memory_size adjustment and any other changes.
Invoke the Lambda Function: Trigger your Lambda function multiple times, under load if possible.
- Manually: aws lambda invoke --function-name YOUR_LAMBDA_FUNCTION_NAME --payload '{}' output.json
- Through its Trigger: If it’s invoked by API Gateway, SQS, S3, etc., trigger it via those mechanisms.
Monitor CloudWatch:
- Logs: Continuously monitor the Lambda’s CloudWatch Logs for the absence of “Too Many Open Files” errors. Pay attention to logs from the periods after your terraform apply.
- Metrics: Check the Errors metric for your Lambda function in CloudWatch. A sustained drop to zero errors (or back to your expected baseline) indicates success. Also, observe Invocations and Duration to ensure the function is behaving as expected.

If the error persists, it’s a strong indication that the issue lies deep within your Lambda’s application code, and further code-level debugging (e.g., local testing with resource monitoring, more granular logging) is required. Incrementally increasing memory_size can act as a band-aid, but it doesn’t address the underlying resource management problem in your code.

By systematically approaching the problem from configuration to code, you can effectively resolve “Too Many Open Files” errors in your Terraform-deployed AWS Lambda functions.