Correctness

When using the AWS Lambda “Image” package_type, runtime and handler are not necessary for Lambda to understand how to run the code. These are built into the container image. Including runtime or handler with an “Image” package_type will result in an error on terraform apply. Remove these redundant fields.

The source_arn field needs to end with an asterisk, like this: <log-group-arn>:* Without this, the aws_lambda_permission resource ‘$NAME' will not be created. Add the asterisk to the end of the arn. x$ARN

The aws_cloudwatch_log_subscription_filter resource “$NAME” needs a depends_on clause on the aws_lambda_permission, otherwise Terraform may try to create these out-of-order and fail.
Confidence: MEDIUM

terraform apply will fail because the environment variable “$VARIABLE" is a reserved by AWS. Use another name for "$VARIABLE”.