Open johnc1996 opened 2 years ago
justinretzolk
commented
2 years ago Hey @johnc1996 👋 Thank you for taking the time to raise this! I've attempted to reproduce this, and so far haven't been able to. So that we have all of the necessary information to look into this, can you supply (redacted as necessary) debug logs?
johnc1996
commented
2 years ago Hi @justinretzolk is this the entire DEBUG output of the Terraform being run? Do you know how I can redact all the info necessary or am I ok to send you the section of the logs that relates to the issue? Thanks
justinretzolk
commented
2 years ago Hey @johnc1996 -- I don't have an easy method for redaction (perhaps that's something we should consider, so thank you for the idea!). The section of the logs may help, or another option might be to encrypt the data using our GPG key (found here).
bbbush
commented
2 years ago have the same issue, the private_dns_name_configuration list is empty when creating the NLB resource
johnc1996
commented
2 years ago Hi @justinretzolk sorry I have been busy recently so haven't had time to send the logs. Will try to send soon
craiggenner
commented
1 year ago I've just hit this, and it appears to be a timing issue:
Initial apply:
Outputs:
service_endpoint = {
...
"private_dns_name" = "<MASKED>"
"private_dns_name_configuration" = tolist([])
...
}Then a refresh a few minutes later:
Outputs:
service_endpoint = {
...
"private_dns_name" = "<MASKED>"
"private_dns_name_configuration" = [
{
name = "<MASKED>"
state = "pendingVerification"
type = "TXT"
value = "vpce:<MASKED>"
},
]
...
}Not sure how resolve this without code changes other than to put a refresh in our pipeline :-(
craiggenner
commented
1 year ago I've just had a look through the various docs on the API for the endpoint service (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_PrivateDnsNameConfiguration.html) and nothing suggests that the information shouldn't be returned in the response from the creation request.
craiggenner
commented
1 year ago @johnc1996 I wonder, did you create the VPC endpoint service in terraform, then add in the private DNS later on?
I'm trying to get some code together to replicate this. While I have the same issue I can't produce the exact issue with some simple code. It's almost like the issue only appears in a busy code code base with a large-ish state.
ceytalis
commented
1 year ago I have run into this exact same issue. Within same terraform configuration I first configure creating the VPC endpoint service (resource "aws_vpc_endpoint_service" "..." { ..) with a private DNS name. Then next create a route53 public hosted record (resource "aws_route53_record" "..." {..) based on output from VPC endpoint service - "private_dns_name_configuration[0].
Tried both with and without using "depends on" to the VPC endpoint service resource within the route53 create and both times got following error:
"aws_vpc_endpoint_service.
Only way I could get it to successfully reference "private_dns_name_configuration" was to run a terraform plan/apply that first ceates the VPC endpoint service, then a second physical run that creates the route53.
mangilal23
commented
1 year ago Hi @justinretzolk
I am also facing same issue, even I tried using depends_on attrtibute. Error: Invalid index
on ../../../modules/github-enterprise/route53.tf line 35, in resource "aws_route53_record" "github_private_dns": 35: name = "${aws_vpc_endpoint_service.main.private_dns_name_configuration[0].name}.${var.domain_name}.example.com" |---------------- | aws_vpc_endpoint_service.main.private_dns_name_configuration is empty list of object
The given key does not identify an element in this collection value.
Error: Invalid index
on ../../../modules/github-enterprise/route53.tf line 36, in resource "aws_route53_record" "github_private_dns": 36: type = aws_vpc_endpoint_service.main.private_dns_name_configuration[0].type |---------------- | aws_vpc_endpoint_service.main.private_dns_name_configuration is empty list of object
The given key does not identify an element in this collection value.
Error: Invalid index
on ../../../modules/github-enterprise/route53.tf line 38, in resource "aws_route53_record" "github_private_dns": 38: records = [aws_vpc_endpoint_service.main.private_dns_name_configuration[0].value] |---------------- | aws_vpc_endpoint_service.main.private_dns_name_configuration is empty list of object
The given key does not identify an element in this collection value.
evilr00t
commented
12 months ago Any update on this one?
Community Note
Terraform CLI and Terraform AWS Provider Version
Terraform v1.1.7 Terraform AWS Provider 4.8.0
Affected Resource(s)
Terraform Configuration Files
Debug Output
│ Error: Invalid index │ │ on main.tf line 246, in resource "aws_route53_record" "default": │ 246: records = [aws_vpc_endpoint_service.default.private_dns_name_configuration[0].value] # Should be [aws_vpc_endpoint_service.default.private_dns_name_configuration[0].value] Terraform does not recognise that this value will be a non empty list at apply time │ ├──────────────── │ │ aws_vpc_endpoint_service.default.private_dns_name_configuration is empty list of object │ │ The given key does not identify an element in this collection value: the collection has no elements.
Expected Behavior
The route53 record should be created using the value from the vpc endpoint service private dns configuration
Actual Behavior
It fails on plan and apply due to the vpc endpoint service private dns configuration currently being an empty list even though it will be populated once the vpc endpoint services adds the private dns name
Steps to Reproduce
terraform applyImportant Factoids
records = [try(aws_vpc_endpoint_service.default.private_dns_name_configuration[0], "")]which results in the plan using""but when applying it fails due to being inconsistent with the plan because the try function now succeeds in accessing the resourceReferences