search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.85k stars 9.19k forks source link

Creation of aws_glue_connection fails on AWS side if tags/default_tags are used #22089

Open XnS opened 2 years ago

XnS commented 2 years ago

Hi,

Versions

Issue

Creation of aws_glue_connection fails on AWS side if tags or tags_all are set.

According to AWS Glue Developer Guide and the AWS support Glue connections do not support tags. If AWS provider is configured with default_tags these are also applied to aws_glue_connection which then fails with an InternalFailure on AWS side.

When removing all tagsrelated stuff from internal/service(glue/connection.go its possible to apply and create the aws_glue_connections (really dirty workaround, thus not posted here / added as PR).

How to reproduce:

providers.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "3.67"
    }
}

provider "aws" {
  profile = "default"
  region  = "eu-central-1"

  default_tags {
    tags = {
      Environment = "dev"
    }
  }
}

glue.tf

resource "aws_glue_connection" "my-db" {
  connection_properties = {
    JDBC_CONNECTION_URL = "jdbc:postgresql://my-db.${aws_route53_zone.stage.name}:5432/MyDB"
    PASSWORD            = [...]
    USERNAME            = [...]
  }

  physical_connection_requirements {
    availability_zone      = [...]
    security_group_id_list = [...]
    subnet_id              = [...]
  }

  name                  = "MyDB"
}

plan:

# module.compute.aws_glue_connection.my-db will be created
 + resource "aws_glue_connection" "my-db" {
     + arn                   = (known after apply)
     + catalog_id            = (known after apply)
     + connection_properties = (sensitive value)
     + connection_type       = "JDBC"
     + id                    = (known after apply)
     + name                  = "MyDB"
     + tags_all              = {
         + "Environment" = "dev"
       }

     + physical_connection_requirements {
         + availability_zone      = "..."
         + security_group_id_list = [
             + "...",
             + "...",
           ]
         + subnet_id              = "..."
       }
   }

Possible solution(s):###

ewbankkit commented 2 years ago

@XnS Thanks for raising this issue. Which AWS Region are you running in?

XnS commented 2 years ago

Hi @ewbankkit, region is eu-central-1 (Frankfurt)

tmobile-praven commented 2 years ago

is this bug confirmed? i seem to be hacing a similar issue in us-west-2

devforbes commented 1 year ago

I was able to reproduce this in ca-central-1 using default_tags on the AWS provider object. I have my terraform version set to latest, so the current version as of 2023/05/04. If you attempt to create aws_glue_connection with a provider that includes default_tags, it either fails or sits in "Still creating..." state until cancelled. (edit: This occurs with almost all glue resources)

Workaround: 

provider "aws" {                    
  region = var.region
  alias  = "aws-no-defaults"
}

Then on the aws_glue_connection resource provider = aws.aws-no-defaults