aws_ssm_parameter not allowing overwrite = true

[zerosync-net]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.2.2 on darwin_amd64

• provider registry.terraform.io/hashicorp/aws v4.18.0

Affected Resource(s)

• aws_ssm_parameter

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 4.18.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
  profile = "develop"
}

variable "environment" {
  default = "develop"
}

resource "aws_ssm_parameter" "environment" {
  name = "/Global/Env"
  description = "Storage of environment variable (develop,staging,prod)"
  type = "String"
  value = var.environment
  overwrite = true
}

Debug Output

Panic Output

Expected Behavior

Overwrite any previously existing parameter store value

Actual Behavior

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ssm_parameter.environment will be created
  + resource "aws_ssm_parameter" "environment" {
      + arn         = (known after apply)
      + data_type   = (known after apply)
      + description = "Storage of environment variable (develop,staging,prod)"
      + id          = (known after apply)
      + key_id      = (known after apply)
      + name        = "/Global/Env"
      + overwrite   = true
      + tags_all    = (known after apply)
      + tier        = (known after apply)
      + type        = "String"
      + value       = (sensitive value)
      + version     = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_ssm_parameter.environment: Creating...
╷
│ Error: error creating SSM Parameter (/Global/Env): ParameterAlreadyExists: The parameter already exists. To overwrite this value, set the overwrite option in the request to true.
│ 
│   with aws_ssm_parameter.environment,
│   on main.tf line 19, in resource "aws_ssm_parameter" "environment":
│   19: resource "aws_ssm_parameter" "environment" {
│ 
╵

Steps to Reproduce

1. terraform apply

Important Factoids

Only observed the incorrect behaviour while running aws provider v4.18.0, rolling back to v4.17.0 overwrite = true seems to function normally. Once the build has overwritten in v4.17.0, switching back to v4.18.0 obviously no longer needs the overwrite value as its managing properly.

References

Nothing I could find for the current release.

[bschaatsbergen]

@gdavison, looking at https://github.com/hashicorp/terraform-provider-aws/commit/226cd4f55e572f733d8790484d8d79ba72c4ba92, was there any specific reason to remove this?

[JoergHeinicke5005]

Usually you seem to fix regressions quite quickly (e.g., 4.17.1, 4.20.1). Any intention to fix this issue soonish? Also, I don't see any workaround at the moment (other than the obvious reverting to 4.17.1).

[gdavison]

@gdavison, looking at 226cd4f, was there any specific reason to remove this?

When I was looking at the code for the Create operation, it looked like a redundant setting, since what it there to overwrite if you're creating the SSM Parameter. The ability to set overwrite = true to allow the Create operation to essentially import the Parameter wasn't clear (to me) in the documentation, nor did it have an acceptance test.

We will restore the ability.

[aavileli]

waiting for a fix. Otherwise need to pin provider version. Thanks

[kavyasam]

I pin down to 4.17.1 version and it was working fine .. waiting for the fix

[bwasjr]

Just to add more information... I had the same issue with v4.25.0.

[posquit0]

Same issue with v4.27.0.

[JoergHeinicke5005]

This issue has been confirmed to be a regression more than 2 months ago. Is there any reason why it is not being fixed?

[danballance]

I'm seeing this same issue in v4.30.0.

[bschaatsbergen]

I'll happily take a look at this regression issue in the coming few days.

[bschaatsbergen]

Fix is ready for review :+1:

[funes79]

Same issue in v4.31.0

[github-actions[bot]]

This functionality has been released in v4.33.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.