terraform-provider-awscc
terraform-provider-awscc copied to clipboard
Published
20 hours ago •
hashicorp
hashicorp
Bug: AWS Resource Not Found During Refresh
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
- The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.
Terraform CLI and Terraform AWS Cloud Control Provider Version
Affected Resource(s)
- awscc_apigateway_domain_name
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
resource "awscc_apigateway_domain_name" "example" {
certificate_arn = aws_acm_certificate.example.arn
domain_name = "api.example.com"
}
resource "aws_acm_certificate" "example" {
domain_name = "api.example.com"
validation_method = "DNS"
tags = {
Environment = "test"
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_route53_record" "example" {
for_each = {
for dvo in aws_acm_certificate.example.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = var.zone_id
}
resource "aws_acm_certificate_validation" "example" {
certificate_arn = aws_acm_certificate.example.arn
validation_record_fqdns = [for record in aws_route53_record.example : record.fqdn]
}
Debug Output
2024-04-29T18:05:46.371-0400 [WARN] Provider "registry.terraform.io/hashicorp/awscc" produced an unexpected new value for awscc_apigateway_domain_name.example during refresh.
- .certificate_arn: was cty.StringVal("arn:aws:acm:us-east-1:123456789012:certificate/9e387c2b-d3424-4f43-92g6-24411bca1403"), but now null
Panic Output
Expected Behavior
Expected Terraform to create the API Gateway domain and show no changes on second apply.
Actual Behavior
Terraform is showing a change for all plan/applies following the creation of the resource.
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# awscc_apigateway_domain_name.example will be created
+ resource "awscc_apigateway_domain_name" "example" {
+ certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/9e387c2b-d3424-4f43-92g6-24411bca1403"
+ distribution_domain_name = (known after apply)
+ distribution_hosted_zone_id = (known after apply)
+ domain_name = "api.example.com"
+ endpoint_configuration = (known after apply)
+ id = (known after apply)
+ mutual_tls_authentication = (known after apply)
+ ownership_verification_certificate_arn = (known after apply)
+ regional_certificate_arn = (known after apply)
+ regional_domain_name = (known after apply)
+ regional_hosted_zone_id = (known after apply)
+ security_policy = (known after apply)
+ tags = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
awscc_apigateway_domain_name.example: Creating...
awscc_apigateway_domain_name.example: Still creating... [10s elapsed]
awscc_apigateway_domain_name.example: Still creating... [20s elapsed]
awscc_apigateway_domain_name.example: Still creating... [30s elapsed]
awscc_apigateway_domain_name.example: Still creating... [40s elapsed]
awscc_apigateway_domain_name.example: Still creating... [50s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m0s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m10s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m20s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m30s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m40s elapsed]
awscc_apigateway_domain_name.example: Still creating... [1m50s elapsed]
awscc_apigateway_domain_name.example: Creation complete after 1m54s [id=api.example.com]
╷
│ Warning: AWS Resource Not Found During Refresh
│
│ with awscc_apigateway_domain_name.example,
│ on main.tf line 24, in resource "awscc_apigateway_domain_name" "example":
│ 24: resource "awscc_apigateway_domain_name" "example" {
│
│ Automatically removing from Terraform State instead of returning the error, which may trigger resource recreation. Original Error: couldn't find resource
╵
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Second plan/apply returns the following:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# awscc_apigateway_domain_name.example will be updated in-place
~ resource "awscc_apigateway_domain_name" "example" {
+ certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/9e387c2b-d3424-4f43-92g6-24411bca1403"
+ endpoint_configuration = (known after apply)
id = "api.example.com"
+ mutual_tls_authentication = (known after apply)
+ ownership_verification_certificate_arn = (known after apply)
+ regional_certificate_arn = (known after apply)
+ regional_domain_name = (known after apply)
+ regional_hosted_zone_id = (known after apply)
+ security_policy = (known after apply)
+ tags = (known after apply)
# (3 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Steps to Reproduce
-
terraform apply -
terraform planorterraform apply
Important Factoids
Cloud Control Output contains the following for the domain resource.
{
"DomainName": "api.example.com",
"DistributionHostedZoneId": "Z2FDDETETJTQYW2",
"DistributionDomainName": "d2zkhwlm02mvqa.cloudfront.net"
}
Terraform state has the following:
# awscc_apigateway_domain_name.example:
resource "awscc_apigateway_domain_name" "example" {
certificate_arn = "arn:aws:acm:us-east-1:123456789012:certificate/9e387c2b-d3424-4f43-92g6-24411bca1403"
distribution_domain_name = "d2zkhwlm02mvqa.cloudfront.net"
distribution_hosted_zone_id = "Z2FDDETETJTQYW2"
domain_name = "api.example.com"
id = "api.example.com"
}
References
- The continuous diff might be related to https://github.com/hashicorp/terraform-provider-awscc/issues/1139
I have a secondary behavior to add here as well. The resource in use is awscc_appflow_flow
Noticed the error similar to one above, but didn't have any diff on a terraform apply on subsequent attempts and hence provided No changes. Your infrastructure matches the configuration. message as usual.
│ Warning: AWS Resource Not Found During Refresh
│
│ with awscc_appflow_flow.example,
│ on main.tf line 1, in resource "awscc_appflow_flow" "example":
│ 1: resource "awscc_appflow_flow" "example" {
│
│ Automatically removing from Terraform State instead of returning the error, which may trigger
│ resource recreation. Original Error: couldn't find resource
@quixoticmonk @BondAnthony , thanks for reporting the problem.
The error Warning: AWS Resource Not Found During Refresh likely indicates that the resource ID was transformed after the apply (Further investigation required)
