Closed jamescrowley closed 2 years ago
I encountered a similar issue on v2.47
I was having issues updating an error action - terraform apply
would always see the change but the rule never got updated. Eventually, I removed the rule manually and ran terraform rm [resource]
to remove it from the state.
Upon running a fresh terraform apply
, the IoT rule was successfully created with the changes I needed
Hey @jamescrowley 👋 Thank you for taking the time to file this issue. Given that there's been a number of Terraform and AWS provider releases since you initially filed it, can you confirm if you're still experiencing this behavior?
I can confirm that this bug is still occurring 👍
Yep, still get this on occasions; only to fix is to remove topic rule state or topic rule.
Error: error getting IoT Topic Rule (iot_ingester): UnauthorizedException: Access to topic rule 'iot_ingester' was denied
Hey y'all 👋 Looking at the error, the UnauthorizedException
is coming from AWS. Looking at the AWS Go SDK reference for GetTopicRule (the function that is being called when this error is logged), it calls out:
Requires permission to access the GetTopicRule (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html#awsiot-actions-as-permissions) action.
Can you verify that the credentials being used to authenticate with the AWS Provider has the necessary permissions to access GetTopicRule
?
The permission is definitely there. As @JoshM1994 already mentioned does it work eventually, but not always.
I encountered a similar issue on v2.47
I was having issues updating an error action -
terraform apply
would always see the change but the rule never got updated. Eventually, I removed the rule manually and ranterraform rm [resource]
to remove it from the state.Upon running a fresh
terraform apply
, the IoT rule was successfully created with the changes I needed
This error is caused by the fact that GetTopicRule
returns UnauthorizedException
if the rule no longer exists (rather than a useful error like ResourceNotFoundException
).
https://github.com/hashicorp/terraform-provider-aws/pull/24395 has fixed this by first listing all topic rules and only attempting to get rule details if the rule still exists.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Community Note
Terraform Version
Terraform v0.12.24
Affected Resource(s)
Terraform Configuration Files
Debug Output
2020-03-25T05:55:28.650Z [DEBUG] plugin.terraform-provider-aws_v2.54.0_x4: 2020/03/25 05:55:28 [DEBUG] [aws-sdk-go] DEBUG: Validate Response iot/GetTopicRule failed, attempt 0/25, error UnauthorizedException: Access to topic rule 'sandbox_v2_forward_state_data' was denied
Available in terraform cloud: https://app.terraform.io/app/Relectrify/workspaces/Web-Infrastructure-sandbox_v2/runs/run-KTwRTs996B3LxVif
Expected Behavior
Actual Behavior
Steps to Reproduce
This was working fine, but our most recent change to the terraform config appears to have triggered this state, and it consistently fails running
terraform plan
Running in terraform cloud: https://app.terraform.io/app/Relectrify/workspaces/Web-Infrastructure-sandbox_v2/runs/run-KTwRTs996B3LxVif
Important Factoids
References