Import of existing launch template fails

[tomer-ds]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.9 on windows_amd64

• provider registry.terraform.io/hashicorp/aws v4.13.0

Affected Resource(s)

• aws_launch_template

Terraform Configuration Files

AWS Access and Secret keys in this instance are passed using environment variables

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

provider "aws" {
  region = var.aws_region
  default_tags {
    tags = {
      Environment = local.full_environment_name
      managedBy   = "terraform"
    }
  }
}

resource "aws_launch_template" "lt_agents" {
  name = "HL-LoadTestCentral-Agents"

  default_version = 6

  disable_api_termination = false

  ebs_optimized = true

  iam_instance_profile {
    name = var.default_instance_iam_profile
  }

  image_id = var.lt_agent_ami_id

  instance_initiated_shutdown_behavior = "terminate"

  instance_type = var.lt_agent_instance_type

  key_name = var.key_windows

  metadata_options {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 1
    instance_metadata_tags      = "enabled"
  }

  network_interfaces {
    associate_public_ip_address = true
  }

  vpc_security_group_ids = [local.security_groups]

  tag_specifications {
    resource_type = "instance"

    tags = var.lt_agents_launch_template_additional_tags
  }

  user_data = filebase64("${path.module}/templates/user_data_lt_agent.ps1")
}

Debug Output

https://gist.github.com/tomer-ds/de40b167efc6cb56bfaa1104f6d8c33e

Panic Output

Expected Behavior

The existing launch template would be found and imported successfully

Actual Behavior

Import failed on non-existent remote object even though it does exist in the given account and region

Steps to Reproduce

1. terraform workspace select <relevant workspace>
2. terraform init
3. terraform import aws_launch_template.lt_agents lt-0e9390657d61a7312

Important Factoids

• AWS Credentials are set using env vars but have also tested by configuring default shell credentials as well as aws cli credentials and region.

• The output of aws ec2 describe-launch-templates with only shell and AWS cli credentials and defaults configured

  {
  "LaunchTemplateId": "lt-0e9390657d61a7312",
  "LaunchTemplateName": "HL-LoadTestCentral-Agents",
  "CreateTime": "2022-05-08T13:28:19+00:00",
  "CreatedBy": "arn:aws:iam::012345678910:user/Tomer.Salakoff",
  "DefaultVersionNumber": 6,
  "LatestVersionNumber": 6
  },

• Adding a configuration for a aws_launch_template data source and an output for the ID results in successful output of the existing LT ID

  
  data "aws_launch_template" "default" {
  id = "lt-0e9390657d61a7312"
  }

output "lt_agent_lt_id" { value = data.aws_launch_template.default.id }

- In the debug there seems to be 2 issues:
1. It is querying a version that does not exist. There is no version in format `2016-11-15`
```log
Action=DescribeLaunchTemplates&LaunchTemplateId.1=lt-0e9390657d61a7312&Version=2016-11-15

2. It is looking in the wrong region somehow

   2022-05-09T15:05:32.090+0300 [DEBUG] provider.terraform-provider-aws_v4.13.0_x5.exe: Trying to get account information via sts:GetCallerIdentity: timestamp=2022-05-09T15:05:32.090+0300
   2022-05-09T15:05:32.090+0300 [DEBUG] provider.terraform-provider-aws_v4.13.0_x5.exe: [aws-sdk-go-v2] Request
   POST / HTTP/1.1
   Host: sts.eu-west-2.amazonaws.com
   User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.1.9 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.16.3 os/windows lang/go/1.17.6 md/GOOS/windows md/GOARCH/amd64 api/sts/1.16.4
   Content-Length: 43
   Amz-Sdk-Invocation-Id: ba7d60e4-3783-48b7-8c42-8f823bbb7b0c
   Amz-Sdk-Request: attempt=1; max=25
   Authorization: AWS4-HMAC-SHA256 Credential=AKIAOBFUSCATEDVALUE/20220509/eu-west-2/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date, Signature=b5369c549750446bff9c8c3666bc40d1d14065758f18d194b033973039188296
   Content-Type: application/x-www-form-urlencoded
   X-Amz-Date: 20220509T120532Z
   Accept-Encoding: gzip

will result in the output

References

• 0000

[ewbankkit]

@tomer-ds Thanks for raising this issue 👏. The Version argument in the DescribeLaunchTemplates API call is actually the (EC2) API version, not the launch template version. It looks like the underlying problem is the incorrect AWS Region setting.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.