terraform apply resulting in empty result or couldn't fine resource errors

[psharm53]

Reported the issue for Hashicorp and they have refereed to report it here. Reference : https://github.com/hashicorp/terraform/issues/30023

Terraform Version - 1.0.11 AWS Provider - 3.67.0

We are getting intermittent errors like following when working with terraform for AWS Infrastructure Provisioning:

============== ╷ │ Error: error updating Security Group (sg-0a73d418ae947fe09): couldn't find resource │ │ with module.security_groups.aws_security_group.default["CIOPS-MS-Redis-SG"], │ on ../../modules/Stack/SecurityGroups/main.tf line 1, in resource "aws_security_group" "default": │ 1: resource "aws_security_group" "default" { │ ╵ ╷ │ Error: error updating Security Group (sg-0348f9cfa61f16235): couldn't find resource │ │ with module.security_groups.aws_security_group.default["CIOPS-MySQL-SG"], │ on ../../modules/Stack/SecurityGroups/main.tf line 1, in resource "aws_security_group" "default": │ 1: resource "aws_security_group" "default" { │ ╵ ╷ │ Error: error reading Route Table (rtb-0fc9e07acc59ca7eb): couldn't find resource │ │ with module.data_vpc.aws_route_table.public_route_table["us-east-1a"], │ on ../../modules/Stack/VPC/main.tf line 92, in resource "aws_route_table" "public_route_table": │ 92: resource "aws_route_table" "public_route_table" { │ ╵

╷ │ Error: error reading Route in Route Table (rtb-0061e7bf9ed9458d7) with destination (10.110.64.0/20): couldn't find resource │ │ with module.routing_extapp_data.aws_route.source["CIOPS-ExtApp-Private-Routing-1b"], │ on ../../modules/Stack/Routing/main.tf line 13, in resource "aws_route" "source": │ 13: resource "aws_route" "source" { │

╷ │ Error: error reading Route Table (rtb-03178c1f7809c539c): couldn't find resource │ │ with module.extapp_vpc.aws_route_table.public_route_table["us-east-1a"], │ on ../../modules/Stack/VPC/main.tf line 92, in resource "aws_route_table" "public_route_table": │ 92: resource "aws_route_table" "public_route_table" { │ ╵ ╷ │ Error: error reading Route Table Association (rtbassoc-09e721baf95da7d6f): empty result │ │ with module.extapp_vpc.aws_route_table_association.default_private["CIOPS-ExtApp-ELB-Private-Subnet-1a"], │ on ../../modules/Stack/VPC/main.tf line 266, in resource "aws_route_table_association" "default_private": │ 266: resource "aws_route_table_association" "default_private" { │ ╵

NOTE - The Errors are not static but intermittent. We got the error 3-4 times in about 100 executions done over a period of 48 hours.

==========================

Procedure to reproduce issue Pre-requisites:

Use Region us-east-1 only
IAM role attached to EC2 instance on which terraform will be executed with account administrator access.
One VPC , it's CIDR . The VPC should have 2 private route table and one public route table . Keep their route table entires , VPC ID and CIDR handy.
Second VPC , it's CIDR . The VPC should have 2 private route table and one public route table . Keep their route table entires , VPC ID and CIDR handy.
One S3 bucket with folder names State-Files and FlowLogs in us-east-1

Steps to follow

Go to Folder Path Scripts/Terraform/Reinvent/StackLdapPeering

Edit File for following fields
=> Replace AWS Account ID

ldap_vpc_access_role => Set to IAM role ARN from pre-requisutes 2.

ldap_ops_vpc_id = Set to VPC ID from pre-requisutes 3.
ldap_ops_vpc_cidr = Set to VPC CIDR from pre-requisutes 3.
<Private route table ID 1 for VPC Alpha> => Replace with one private Route Table ID from pre-requisutes 3.
<Private route table ID 2 for VPC Alpha> => Replace with second private Route Table ID from pre-requisutes 3.
=> Replace with public Route Table ID from pre-requisutes 3.

ops_vpc_id = Set to VPC ID from pre-requisutes 4.
ops_vpc_cidr = Set to VPC CIDR from pre-requisutes 4.
<Private route table ID 1 for VPC Beta> => Replace with one private Route Table ID from pre-requisutes 4.
<Private route table ID 2 for VPC Beta> => Replace with second private Route Table ID from pre-requisutes 4.

=> Replace the string with S3 bucket from pre-requisutes 5.

Execute Commands as follows:
=> export AWS_DEFAULT_REGION="us-east-1"

=> terraform init -reconfigure -input=false -backend-config="encrypt=true" -backend-config="max_retries=100" -backend-config="bucket=<Valid S3 Bucket Name from pre req 5>/State-Files/" -backend-config="region=us-east-1" -backend-config="key=CIOPS-test.tfstate"

=>terraform get

=>terraform plan -input=false -var-file=CIOPS.tfvars This will show 761 resources to be created

=> terraform apply -auto-approve -input=false -var-file=CIOPS.tfvars

Terraform Configuration : Scripts.zip

[justinretzolk]

Hey @psharm53 👋 Thank you for taking the time to report this! So that we have all of the necessary information, can you update the issue description with the rest of the information requested in the bug template?

[jasonkinsella]

We are also getting these intermittent errors. Happens about 1-2% of deployments. The deployment is a basic sandbox environment VPC with VMs.

[rudimk]

We're seeing this issue too. It happens quite randomly, when we try provisioning a VPC with subnets and associated routing tables in both us-east-1 and us-east-2. We're on Terraform 1.0.9, and we're using v3.10.0 when it comes to terraform-provider-aws.

[github-actions[bot]]

This functionality has been released in v4.0.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.