terraform-provider-aws
terraform-provider-aws copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
Error: Provider produced inconsistent final plan
Terraform CLI and Terraform AWS Provider Version
"version": 4, "terraform_version": "0.13.4"
Affected Resource(s)
aws_lambda_function - could not create the lambda function in the aws environment
Panic Output
Error: Provider produced inconsistent final plan
When expanding the plan for module.create-lambda.aws_lambda_function.make_lambda to include new values learned so far during apply, provider "registry.terraform.io/-/aws" produced an invalid new value for .source_code_hash: was cty.StringVal("FycrDOHF/Hd+E6e0Es3ZsuWiGPLSQdDFVw++adaBhJg="), but now cty.StringVal("huJ5Mt3CVH7A6FlGSxMotgn0Q/tygsWTJkzIBiI1rPY=").
This is a bug in the provider, which should be reported in the provider's own issue tracker.
▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ Terraform Apply ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ Failed To Run Terraform Apply!
Expected Behavior
Expecting to create the aws lambda function.
Actual Behavior
It is not creating the lambda function since the hash of terraform plan and terraform apply is different.
Steps to Reproduce
create the terraform.tfvars, variables.tf and lambda.tf
terraform.tfvars lambda_function_name = "test-lambda" lambda_handler_name = "lambda_function.lambda_handler" lambda_runtime = "python3.8" lambda_timeout = "360" lambda_package_name = "../../../../../dir-path/function.zip" lambda_role_arn = "arn:aws:iam::xxxxxxxxx:role/path/lambda_role"
variables.tf variable "lambda_function_name" { type = string } variable "lambda_handler_name" { type = string } variable "lambda_runtime" { type = string } variable "lambda_timeout" { type = string } variable "lambda_package_name" { type = string } variable "lambda_role_arn" { type = string }
lambda.tf module "create-lambda" { source = "../../../../../athena-dir/modules/" lambda_function_name = "${var.lambda_function_name}" lambda_handler_name = "${var.lambda_handler_name}" lambda_runtime = "${var.lambda_runtime}" lambda_timeout = "${var.lambda_timeout}" lambda_package_name = "${var.lambda_package_name}" lambda_role_arn = "${var.lambda_role_arn}" }
lambda.tf resource "aws_lambda_function" "make_lambda" { function_name = var.lambda_function_name handler = var.lambda_handler_name runtime = var.lambda_runtime timeout = var.lambda_timeout filename = var.lambda_package_name source_code_hash = "${filebase64sha256(var.lambda_package_name)}" role = var.lambda_role_arn }
then, run terraform plan and apply.
Hi @intechops6 👋 Thank you for reporting this and sorry you ran into trouble here. Could you please provide us with some additional information so we can look into this further?
- Terraform AWS Provider version (only Terraform CLI and state version is above)
- Is the underlying file of
var.lambda_package_namebeing updated during the same Terraform run? - Can you show the output of
terraform planbefore this occurs?
I am seeing the same issue with
Terraform v0.14.7
+ provider registry.terraform.io/hashicorp/archive v2.1.0
+ provider registry.terraform.io/hashicorp/aws v3.31.0
The underlying file
source_code_hash = fileexists(local.code_filepath) ? filebase64sha256(local.code_filepath) : 0
should not change (it's an archive). The archive content does not change, but I see the modification timestamp on the file is changed every time I run terraform apply
The archive is defined as
data "archive_file" "lambda_zip__example" {
type = "zip"
output_path = local.code_filepath
source_dir = "/mnt/terraform/code"
}
I've just bumped into the same issue at registry.terraform.io/hashicorp/aws v3.35.0
Hi @bflad, I have encountered the same issue recently.
Error: Provider produced inconsistent final plan
When expanding the plan for module.lambda_function_in_vpc.aws_lambda_function.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .source_code_hash: was cty.StringVal("07fnZ38puKEHcwPIuaGymBqATq152C/Z2aoxLMWPRH0="), but now cty.StringVal("QEc9FactlOpwYYSoFSypHewANDU30G0dhbNDfMmltFM=").
The Terraform AWS Provider version is 3.37.0 linux amd64.
Here is the output of terraform plan below.
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
# aws_db_parameter_group.example will be created
+ resource "aws_db_parameter_group" "example" {
+ arn = (known after apply)
+ description = "postgresql-aurora-db-postgres11-parameter-group"
+ family = "aurora-postgresql11"
+ id = (known after apply)
+ name = "postgresql-aurora-db-postgres11-parameter-group"
+ name_prefix = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Owner" = "user"
}
}
# aws_rds_cluster_parameter_group.example will be created
+ resource "aws_rds_cluster_parameter_group" "example" {
+ arn = (known after apply)
+ description = "postgresql-aurora-postgres11-cluster-parameter-group"
+ family = "aurora-postgresql11"
+ id = (known after apply)
+ name = "postgresql-aurora-postgres11-cluster-parameter-group"
+ name_prefix = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Owner" = "user"
}
}
# null_resource.lambda_deploy will be created
+ resource "null_resource" "lambda_deploy" {
+ id = (known after apply)
}
# module.api_gateway_v2.aws_apigatewayv2_api.this[0] will be created
+ resource "aws_apigatewayv2_api" "this" {
+ api_endpoint = (known after apply)
+ api_key_selection_expression = "$request.header.x-api-key"
+ arn = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ name = "Lambda Aurora"
+ protocol_type = "HTTP"
+ route_selection_expression = "$request.method $request.path"
+ tags = {
+ "Name" = "private-api"
}
+ cors_configuration {
+ allow_headers = [
+ "authorization",
+ "content-type",
+ "x-amz-date",
+ "x-amz-security-token",
+ "x-amz-user-agent",
+ "x-api-key",
]
+ allow_methods = [
+ "*",
]
+ allow_origins = [
+ "*",
]
}
}
# module.api_gateway_v2.aws_apigatewayv2_integration.this["$default"] will be created
+ resource "aws_apigatewayv2_integration" "this" {
+ api_id = (known after apply)
+ connection_id = (known after apply)
+ connection_type = "INTERNET"
+ id = (known after apply)
+ integration_method = "POST"
+ integration_response_selection_expression = (known after apply)
+ integration_type = (known after apply)
+ integration_uri = (known after apply)
+ payload_format_version = "1.0"
+ timeout_milliseconds = (known after apply)
}
# module.api_gateway_v2.aws_apigatewayv2_integration.this["ANY /"] will be created
+ resource "aws_apigatewayv2_integration" "this" {
+ api_id = (known after apply)
+ connection_id = (known after apply)
+ connection_type = "INTERNET"
+ id = (known after apply)
+ integration_method = "POST"
+ integration_response_selection_expression = (known after apply)
+ integration_type = (known after apply)
+ integration_uri = (known after apply)
+ payload_format_version = "2.0"
+ timeout_milliseconds = 12000
}
# module.api_gateway_v2.aws_apigatewayv2_route.this["$default"] will be created
+ resource "aws_apigatewayv2_route" "this" {
+ api_id = (known after apply)
+ api_key_required = false
+ authorization_type = "NONE"
+ id = (known after apply)
+ route_key = "$default"
+ target = (known after apply)
}
# module.api_gateway_v2.aws_apigatewayv2_route.this["ANY /"] will be created
+ resource "aws_apigatewayv2_route" "this" {
+ api_id = (known after apply)
+ api_key_required = false
+ authorization_type = "NONE"
+ id = (known after apply)
+ route_key = "ANY /"
+ target = (known after apply)
}
# module.api_gateway_v2.aws_apigatewayv2_stage.default[0] will be created
+ resource "aws_apigatewayv2_stage" "default" {
+ api_id = (known after apply)
+ arn = (known after apply)
+ auto_deploy = true
+ deployment_id = (known after apply)
+ execution_arn = (known after apply)
+ id = (known after apply)
+ invoke_url = (known after apply)
+ name = "$default"
+ tags = {
+ "Name" = "private-api"
}
}
# module.api_gateway_v2.aws_apigatewayv2_vpc_link.this["my-vpc"] will be created
+ resource "aws_apigatewayv2_vpc_link" "this" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "my-vpc"
+ security_group_ids = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Name" = "private-api"
}
}
# module.aurora.aws_rds_cluster.this[0] will be created
+ resource "aws_rds_cluster" "this" {
+ allow_major_version_upgrade = false
+ apply_immediately = true
+ arn = (known after apply)
+ availability_zones = (known after apply)
+ backtrack_window = 0
+ backup_retention_period = 7
+ cluster_identifier = "postgresql"
+ cluster_identifier_prefix = (known after apply)
+ cluster_members = (known after apply)
+ cluster_resource_id = (known after apply)
+ copy_tags_to_snapshot = false
+ database_name = (known after apply)
+ db_cluster_parameter_group_name = (known after apply)
+ db_subnet_group_name = "postgresql"
+ deletion_protection = false
+ enable_http_endpoint = false
+ enabled_cloudwatch_logs_exports = [
+ "postgresql",
]
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_mode = "provisioned"
+ engine_version = "11.9"
+ final_snapshot_identifier = (known after apply)
+ global_cluster_identifier = ""
+ hosted_zone_id = (known after apply)
+ iam_database_authentication_enabled = true
+ id = (known after apply)
+ kms_key_id = (known after apply)
+ master_password = (sensitive value)
+ master_username = (sensitive)
+ port = 5432
+ preferred_backup_window = "02:00-03:00"
+ preferred_maintenance_window = "sun:05:00-sun:06:00"
+ reader_endpoint = (known after apply)
+ replication_source_identifier = ""
+ skip_final_snapshot = true
+ source_region = ""
+ storage_encrypted = true
+ tags = {
+ "Environment" = "dev"
+ "Owner" = "user"
}
+ vpc_security_group_ids = (known after apply)
}
# module.aurora.aws_rds_cluster_instance.this[0] will be created
+ resource "aws_rds_cluster_instance" "this" {
+ apply_immediately = true
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = "rds-ca-2019"
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "postgresql"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "11.9"
+ id = (known after apply)
+ identifier = "postgresql-1"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = "sun:05:00-sun:06:00"
+ promotion_tier = 1
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Owner" = "user"
}
+ writer = (known after apply)
}
# module.aurora.aws_rds_cluster_instance.this[1] will be created
+ resource "aws_rds_cluster_instance" "this" {
+ apply_immediately = true
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ ca_cert_identifier = "rds-ca-2019"
+ cluster_identifier = (known after apply)
+ copy_tags_to_snapshot = false
+ db_parameter_group_name = (known after apply)
+ db_subnet_group_name = "postgresql"
+ dbi_resource_id = (known after apply)
+ endpoint = (known after apply)
+ engine = "aurora-postgresql"
+ engine_version = "11.9"
+ id = (known after apply)
+ identifier = "postgresql-2"
+ identifier_prefix = (known after apply)
+ instance_class = "db.t3.medium"
+ kms_key_id = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ port = (known after apply)
+ preferred_backup_window = (known after apply)
+ preferred_maintenance_window = "sun:05:00-sun:06:00"
+ promotion_tier = 2
+ publicly_accessible = false
+ storage_encrypted = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Owner" = "user"
}
+ writer = (known after apply)
}
# module.aurora.aws_security_group.this[0] will be created
+ resource "aws_security_group" "this" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = (known after apply)
+ name_prefix = "postgresql-"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Environment" = "dev"
+ "Name" = "aurora-postgresql"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.aurora.aws_security_group_rule.cidr_ingress[0] will be created
+ resource "aws_security_group_rule" "cidr_ingress" {
+ cidr_blocks = [
+ "10.99.3.0/24",
+ "10.99.4.0/24",
+ "10.99.5.0/24",
]
+ description = "From allowed CIDRs"
+ from_port = 5432
+ id = (known after apply)
+ protocol = "tcp"
+ security_group_id = (known after apply)
+ self = false
+ source_security_group_id = (known after apply)
+ to_port = 5432
+ type = "ingress"
}
# module.aurora.random_id.snapshot_identifier[0] will be created
+ resource "random_id" "snapshot_identifier" {
+ b64_std = (known after apply)
+ b64_url = (known after apply)
+ byte_length = 4
+ dec = (known after apply)
+ hex = (known after apply)
+ id = (known after apply)
+ keepers = {
+ "id" = "postgresql"
}
}
# module.lambda_function_in_vpc.data.aws_iam_policy.vpc[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy" "vpc" {
+ arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess"
+ description = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ path = (known after apply)
+ policy = (known after apply)
+ policy_id = (known after apply)
+ tags = (known after apply)
}
# module.lambda_function_in_vpc.data.aws_iam_policy_document.assume_role[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "assume_role" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRole",
]
+ effect = "Allow"
+ principals {
+ identifiers = [
+ "lambda.amazonaws.com",
]
+ type = "Service"
}
}
}
# module.lambda_function_in_vpc.data.aws_iam_policy_document.logs[0] will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "logs" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "logs:CreateLogGroup",
+ "logs:CreateLogStream",
+ "logs:PutLogEvents",
]
+ effect = "Allow"
+ resources = [
+ (known after apply),
+ (known after apply),
]
}
}
# module.lambda_function_in_vpc.aws_cloudwatch_log_group.lambda[0] will be created
+ resource "aws_cloudwatch_log_group" "lambda" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "/aws/lambda/postgras-lambda"
+ retention_in_days = 0
}
# module.lambda_function_in_vpc.aws_iam_policy.logs[0] will be created
+ resource "aws_iam_policy" "logs" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "postgras-lambda-logs"
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
}
# module.lambda_function_in_vpc.aws_iam_policy.vpc[0] will be created
+ resource "aws_iam_policy" "vpc" {
+ arn = (known after apply)
+ id = (known after apply)
+ name = "postgras-lambda-vpc"
+ path = "/"
+ policy = (known after apply)
+ policy_id = (known after apply)
}
# module.lambda_function_in_vpc.aws_iam_policy_attachment.logs[0] will be created
+ resource "aws_iam_policy_attachment" "logs" {
+ id = (known after apply)
+ name = "postgras-lambda-logs"
+ policy_arn = (known after apply)
+ roles = [
+ "postgras-lambda",
]
}
# module.lambda_function_in_vpc.aws_iam_policy_attachment.vpc[0] will be created
+ resource "aws_iam_policy_attachment" "vpc" {
+ id = (known after apply)
+ name = "postgras-lambda-vpc"
+ policy_arn = (known after apply)
+ roles = [
+ "postgras-lambda",
]
}
# module.lambda_function_in_vpc.aws_iam_role.lambda[0] will be created
+ resource "aws_iam_role" "lambda" {
+ arn = (known after apply)
+ assume_role_policy = (known after apply)
+ create_date = (known after apply)
+ force_detach_policies = true
+ id = (known after apply)
+ managed_policy_arns = (known after apply)
+ max_session_duration = 3600
+ name = "postgras-lambda"
+ path = "/"
+ unique_id = (known after apply)
+ inline_policy {
+ name = (known after apply)
+ policy = (known after apply)
}
}
# module.lambda_function_in_vpc.aws_lambda_function.this[0] will be created
+ resource "aws_lambda_function" "this" {
+ arn = (known after apply)
+ description = "Lambda function"
+ filename = "/media/jimbeam/DATA/Project/DevOps/MyAWS_Aurora/build/index.zip"
+ function_name = "postgras-lambda"
+ handler = "index.handler"
+ id = (known after apply)
+ invoke_arn = (known after apply)
+ last_modified = (known after apply)
+ memory_size = 128
+ package_type = "Zip"
+ publish = true
+ qualified_arn = (known after apply)
+ reserved_concurrent_executions = -1
+ role = (known after apply)
+ runtime = "nodejs12.x"
+ signing_job_arn = (known after apply)
+ signing_profile_version_arn = (known after apply)
+ source_code_hash = "07fnZ38puKEHcwPIuaGymBqATq152C/Z2aoxLMWPRH0="
+ source_code_size = (known after apply)
+ timeout = 3
+ version = (known after apply)
+ environment {
+ variables = (known after apply)
}
+ tracing_config {
+ mode = (known after apply)
}
+ vpc_config {
+ security_group_ids = (known after apply)
+ subnet_ids = (known after apply)
+ vpc_id = (known after apply)
}
}
# module.lambda_function_in_vpc.aws_lambda_permission.current_version_triggers["AllowExecutionFromAPIGateway"] will be created
+ resource "aws_lambda_permission" "current_version_triggers" {
+ action = "lambda:InvokeFunction"
+ function_name = "postgras-lambda"
+ id = (known after apply)
+ principal = "apigateway.amazonaws.com"
+ qualifier = (known after apply)
+ source_arn = (known after apply)
+ statement_id = "AllowExecutionFromAPIGateway"
}
# module.lambda_function_in_vpc.aws_lambda_permission.unqualified_alias_triggers["AllowExecutionFromAPIGateway"] will be created
+ resource "aws_lambda_permission" "unqualified_alias_triggers" {
+ action = "lambda:InvokeFunction"
+ function_name = "postgras-lambda"
+ id = (known after apply)
+ principal = "apigateway.amazonaws.com"
+ source_arn = (known after apply)
+ statement_id = "AllowExecutionFromAPIGateway"
}
# module.vpc.aws_db_subnet_group.database[0] will be created
+ resource "aws_db_subnet_group" "database" {
+ arn = (known after apply)
+ description = "Database subnet group for postgresql"
+ id = (known after apply)
+ name = "postgresql"
+ name_prefix = (known after apply)
+ subnet_ids = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql"
+ "Owner" = "user"
}
}
# module.vpc.aws_internet_gateway.this[0] will be created
+ resource "aws_internet_gateway" "this" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_route.public_internet_gateway[0] will be created
+ resource "aws_route" "public_internet_gateway" {
+ destination_cidr_block = "0.0.0.0/0"
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ timeouts {
+ create = "5m"
}
}
# module.vpc.aws_route_table.private[0] will be created
+ resource "aws_route_table" "private" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_route_table.public[0] will be created
+ resource "aws_route_table" "public" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_route_table_association.database[0] will be created
+ resource "aws_route_table_association" "database" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.database[1] will be created
+ resource "aws_route_table_association" "database" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.database[2] will be created
+ resource "aws_route_table_association" "database" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.private[0] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.private[1] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.private[2] will be created
+ resource "aws_route_table_association" "private" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.public[0] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.public[1] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_route_table_association.public[2] will be created
+ resource "aws_route_table_association" "public" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# module.vpc.aws_subnet.database[0] will be created
+ resource "aws_subnet" "database" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.7.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1a"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1a"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.database[1] will be created
+ resource "aws_subnet" "database" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.8.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1b"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1b"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.database[2] will be created
+ resource "aws_subnet" "database" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.9.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1c"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-db-us-east-1c"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.private[0] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.3.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1a"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1a"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.private[1] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.4.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1b"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1b"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.private[2] will be created
+ resource "aws_subnet" "private" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.5.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1c"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-private-us-east-1c"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.public[0] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.0.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1a"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1a"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.public[1] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1b"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1b"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_subnet.public[2] will be created
+ resource "aws_subnet" "public" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-east-1c"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.99.2.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1c"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql-public-us-east-1c"
+ "Owner" = "user"
}
+ vpc_id = (known after apply)
}
# module.vpc.aws_vpc.this[0] will be created
+ resource "aws_vpc" "this" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.99.0.0/18"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = false
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Environment" = "dev"
+ "Name" = "postgresql"
+ "Owner" = "user"
}
+ tags_all = {
+ "Environment" = "dev"
+ "Name" = "postgresql"
+ "Owner" = "user"
}
}
Plan: 49 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ this_rds_cluster_endpoint = (known after apply)
+ this_rds_cluster_id = (known after apply)
+ this_rds_cluster_instance_endpoints = [
+ (known after apply),
+ (known after apply),
]
+ this_rds_cluster_instance_ids = [
+ (known after apply),
+ (known after apply),
]
+ this_rds_cluster_master_password = (sensitive value)
+ this_rds_cluster_master_username = (sensitive value)
+ this_rds_cluster_port = 5432
+ this_rds_cluster_reader_endpoint = (known after apply)
+ this_rds_cluster_resource_id = (known after apply)
+ this_security_group_id = (known after apply)
Same here!
data "aws_s3_bucket_object" "create_r53_cname_hash" {
bucket = aws_s3_bucket.lambdas.bucket
key = trimprefix(yamldecode(file("/tmp/create-route53-cname.yml"))["Resources"]["Function"]["Properties"]["CodeUri"], "s3://${aws_s3_bucket.lambdas.bucket}/")
depends_on = [null_resource.upload_create_r53_lambda]
}
resource "null_resource" "upload_create_r53_lambda" {
triggers = {
function_contents = filemd5("${path.module}/../../../lambda/create-route53-cname/function.py")
}
provisioner "local-exec" {
command = <<EOF
sam package --s3-bucket ${aws_s3_bucket.lambdas.bucket} --s3-prefix CreateRoute53CNAME \
-t ${path.module}/../../../lambda/create-route53-cname/template.yml \
--debug --region ${data.aws_region.current.name} \
--output-template-file /tmp/create-route53-cname.yml
EOF
}
depends_on = [aws_s3_bucket.lambdas]
}
resource "aws_lambda_function" "create_r53_cname" {
function_name = "CreateRoute53CNAME"
role = aws_iam_role.route53_lambda.arn
s3_bucket = aws_s3_bucket.lambdas.bucket
s3_key = data.aws_s3_bucket_object.create_r53_cname_hash.key
source_code_hash = data.aws_s3_bucket_object.create_r53_cname_hash.body
handler = "function.lambda_handler"
runtime = "python3.8"
environment {
variables = {
ENV = terraform.workspace
}
}
tags = local.global_tags
depends_on = [null_resource.upload_create_r53_lambda, data.aws_s3_bucket_object.create_r53_cname_hash]
}
PLAN
❯ tf plan -target data.aws_iam_policy_document.trust_lambda -target data.aws_region.current -target data.aws_s3_bucket_object.create_r53_cname_hash -target aws_iam_role.route53_lambda -target aws_lambda_function.create_r53_cname -target aws_s3_bucket.lambdas -target null_resource.upload_create_r53_lambda -out lambda.tf.plan
aws_s3_bucket.lambdas: Refreshing state... [id=policymap-lambdas20210512022937079100000002]
aws_iam_role.route53_lambda: Refreshing state... [id=terraform-20210512022937078800000001]
null_resource.upload_create_r53_lambda: Refreshing state... [id=3423314569226036676]
aws_lambda_function.create_r53_cname: Refreshing state... [id=CreateRoute53CNAME]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
-/+ destroy and then create replacement
<= read (data resources)
Terraform will perform the following actions:
# data.aws_s3_bucket_object.create_r53_cname_hash will be read during apply
# (config refers to values not yet known)
<= data "aws_s3_bucket_object" "create_r53_cname_hash" {
+ body = (known after apply)
~ bucket_key_enabled = false -> (known after apply)
+ cache_control = (known after apply)
+ content_disposition = (known after apply)
+ content_encoding = (known after apply)
+ content_language = (known after apply)
~ content_length = 9076 -> (known after apply)
~ content_type = "binary/octet-stream" -> (known after apply)
~ etag = "0c1996e47e57b8b25003ae534b603fb5" -> (known after apply)
+ expiration = (known after apply)
+ expires = (known after apply)
~ id = "policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a" -> (known after apply)
~ last_modified = "Wed, 12 May 2021 02:47:12 UTC" -> (known after apply)
~ metadata = {} -> (known after apply)
+ object_lock_legal_hold_status = (known after apply)
+ object_lock_mode = (known after apply)
+ object_lock_retain_until_date = (known after apply)
~ server_side_encryption = "AES256" -> (known after apply)
+ sse_kms_key_id = (known after apply)
~ storage_class = "STANDARD" -> (known after apply)
~ tags = {} -> (known after apply)
+ version_id = (known after apply)
+ website_redirect_location = (known after apply)
# (2 unchanged attributes hidden)
}
# aws_lambda_function.create_r53_cname will be updated in-place
~ resource "aws_lambda_function" "create_r53_cname" {
id = "CreateRoute53CNAME"
~ last_modified = "2021-05-12T02:53:49.507+0000" -> (known after apply)
~ source_code_hash = "748Qi76r0AcDuO4raBpUGlY6D/n1ULX7NUgfO64SyOQ=" -> (known after apply)
tags = {
"Terraform" = "true"
"Terraform.Workspace" = "default"
}
# (17 unchanged attributes hidden)
# (2 unchanged blocks hidden)
}
# null_resource.upload_create_r53_lambda must be replaced
-/+ resource "null_resource" "upload_create_r53_lambda" {
~ id = "3423314569226036676" -> (known after apply)
~ triggers = { # forces replacement
~ "function_contents" = "07932e6eb48fe68ae84d74e5b9e9f246" -> "2702955807b7396a566ff4caed2e7e09"
}
}
Plan: 1 to add, 1 to change, 1 to destroy.
Changes to Outputs:
~ create_r53_cname_hash = {
~ body = null -> (known after apply)
~ bucket_key_enabled = false -> (known after apply)
~ cache_control = "" -> (known after apply)
~ content_disposition = "" -> (known after apply)
~ content_encoding = "" -> (known after apply)
~ content_language = "" -> (known after apply)
~ content_length = 9076 -> (known after apply)
~ content_type = "binary/octet-stream" -> (known after apply)
~ etag = "0c1996e47e57b8b25003ae534b603fb5" -> (known after apply)
~ expiration = "" -> (known after apply)
~ expires = "" -> (known after apply)
~ id = "policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a" -> (known after apply)
~ last_modified = "Wed, 12 May 2021 02:47:12 UTC" -> (known after apply)
~ metadata = {} -> (known after apply)
~ object_lock_legal_hold_status = "" -> (known after apply)
~ object_lock_mode = "" -> (known after apply)
~ object_lock_retain_until_date = "" -> (known after apply)
~ server_side_encryption = "AES256" -> (known after apply)
~ sse_kms_key_id = "" -> (known after apply)
~ storage_class = "STANDARD" -> (known after apply)
~ tags = {} -> (known after apply)
~ version_id = "" -> (known after apply)
~ website_redirect_location = "" -> (known after apply)
# (3 unchanged elements hidden)
}
╷
│ Warning: Resource targeting is in effect
│
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration.
│
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
╵
APPLY
❯ tf apply lambda.tf.plan
null_resource.upload_create_r53_lambda: Destroying... [id=3423314569226036676]
null_resource.upload_create_r53_lambda: Destruction complete after 0s
null_resource.upload_create_r53_lambda: Creating...
null_resource.upload_create_r53_lambda: Provisioning with 'local-exec'...
null_resource.upload_create_r53_lambda (local-exec): Executing: ["/bin/sh" "-c" "sam package --s3-bucket policymap-lambdas20210512022937079100000002 --s3-prefix CreateRoute53CNAME \\\n-t ./../../../lambda/create-route53-cname/template.yml \\\n--debug --region us-east-1 \\\n--output-template-file /tmp/create-route53-cname.yml\n"]
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,528 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,528 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,529 | Sending Telemetry: {'metrics': [{'templateWarning': {'requestId': '262ab576-5ad0-4dd8-9098-728df1af6301', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'warningName': 'CodeDeployWarning', 'warningCount': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,023 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,024 | Sending Telemetry: {'metrics': [{'templateWarning': {'requestId': 'ed1a42aa-750d-437b-95ec-a5249ab6da3c', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'warningName': 'CodeDeployConditionWarning', 'warningCount': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | Using config file: samconfig.toml, config environment: default
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | Expand command line arguments to:
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | --template_file=/Users/avalle/development/bitbucket/policymap/infrastructure/lambda/create-route53-cname/template.yml --s3_bucket=policymap-lambdas20210512022937079100000002 --s3_prefix=CreateRoute53CNAME --output_template_file=/tmp/create-route53-cname.yml
null_resource.upload_create_r53_lambda (local-exec): Uploading to CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b 9088 / 9088 (100.00%)
null_resource.upload_create_r53_lambda (local-exec): Successfully packaged artifacts and wrote output template to file /tmp/create-route53-cname.yml.
null_resource.upload_create_r53_lambda (local-exec): Execute the following command to deploy the packaged template
null_resource.upload_create_r53_lambda (local-exec): sam deploy --template-file /tmp/create-route53-cname.yml --stack-name <YOUR STACK NAME>
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:16,481 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': '44f29ed2-13b0-4235-8668-074f20743b64', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'commandName': 'sam package', 'duration': 1953, 'exitReason': 'success', 'exitCode': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:16,942 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda: Creation complete after 3s [id=6223747194174285962]
data.aws_s3_bucket_object.create_r53_cname_hash: Reading... [id=policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a]
data.aws_s3_bucket_object.create_r53_cname_hash: Read complete after 1s [id=policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b]
╷
│ Warning: Applied changes may be incomplete
│
│ The plan was created with the -target option in effect, so some changes requested in the configuration may have been ignored and the output values may not be fully updated. Run the following command to verify that
│ no other changes are pending:
│ terraform plan
│
│ Note that the -target option is not suitable for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part
│ of an error message.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_lambda_function.create_r53_cname to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .s3_key: was
│ cty.StringVal("CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a"), but now cty.StringVal("CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b").
│
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
TF Version
❯ tf version
Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.37.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
Your version of Terraform is out of date! The latest version
is 0.15.3. You can update by downloading from https://www.terraform.io/downloads.html
Hi all 👋 I believe this may have been resolved with #31887 in version 5.32.0 of the provider. It may be worth testing with that version to see if you're still experiencing this behavior.
