search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.72k stars 9.08k forks source link

append aws_ssm_document resource and terraform apply failed, and but the resource is created with baseline configuration #26594

Open yu-tomori opened 2 years ago

yu-tomori commented 2 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v1.1.7
on darwin_arm64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v4.13.0
+ provider registry.terraform.io/hashicorp/random v3.1.3

Your version of Terraform is out of date! The latest version
is 1.2.8. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_ssm_document" "bastion" {
  name = "SSM-SessionManagerRunShell"
  document_type   = "Session"
  document_format = "JSON"
  content = jsonencode({
    schemaVersion = "1.0"
    description   = "Document to hold regional settings for Session Manager"
    sessionType   = "Standard_Stream"
    inputs = {
      cloudWatchLogGroupName      = aws_cloudwatch_log_group.sessions_in_bastion.name
      cloudWatchEncryptionEnabled = false
      cloudWatchStreamingEnabled  = true
      idleSessionTimeout          = 20
      maxSessionDuration          = 60
      runAsEnabled                = false
      s3BucketName                = ""
    }
  })
}

Debug Output

$ terraform import aws_ssm_document.bastion SSM-SessionManagerRunShell
aws_ssm_document.bastion: Importing from ID "SSM-SessionManagerRunShell"...
aws_ssm_document.bastion: Import prepared!
  Prepared aws_ssm_document for import
aws_ssm_document.bastion: Refreshing state... [id=SSM-SessionManagerRunShell]
β•·
β”‚ Error: Cannot import non-existent remote object
β”‚
β”‚ While attempting to import an existing object to "aws_ssm_document.bastion", the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's configured
β”‚ region or endpoint, or use "terraform apply" to create a new remote object for this resource.
β•΅

$ terraform apply

Refreshing state...
...

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply":

...other resources to be created or updated

# aws_ssm_document.bastion will be created
  + resource "aws_ssm_document" "bastion" {
      + arn              = (known after apply)
      + content          = jsonencode(
            {
              + description   = "Document to hold regional settings for Session Manager"
              + inputs        = {
                  + cloudWatchEncryptionEnabled = false
                  + cloudWatchLogGroupName      = "sessions_in_bastion"
                  + cloudWatchStreamingEnabled  = true
                  + idleSessionTimeout          = 20
                  + maxSessionDuration          = 60
                  + runAsEnabled                = false
                  + s3BucketName                = ""
                }
              + schemaVersion = "1.0"
              + sessionType   = "Standard_Stream"
            }
        )
      + created_date     = (known after apply)
      + default_version  = (known after apply)
      + description      = (known after apply)
      + document_format  = "JSON"
      + document_type    = "Session"
      + document_version = (known after apply)
      + hash             = (known after apply)
      + hash_type        = (known after apply)
      + id               = (known after apply)
      + latest_version   = (known after apply)
      + name             = "SSM-SessionManagerRunShell"
      + owner            = (known after apply)
      + parameter        = (known after apply)
      + platform_types   = (known after apply)
      + schema_version   = (known after apply)
      + status           = (known after apply)
      + tags_all         = (known after apply)
    }

Plan: 2 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_cloudwatch_log_group.sessions_in_bastion: Creating...
aws_iam_role_policy.bastion: Modifying... [id=bastion_role:bastion]
aws_cloudwatch_log_group.sessions_in_bastion: Creation complete after 1s [id=sessions_in_bastion]
aws_ssm_document.bastion: Creating...
aws_iam_role_policy.bastion: Modifications complete after 1s [id=bastion_role:bastion]
β•·
β”‚ Error: Error creating SSM document: DocumentAlreadyExists: Document with same name SSM-SessionManagerRunShell already exists
β”‚
β”‚   with aws_ssm_document.bastion,
β”‚   on compute.tf line 24, in resource "aws_ssm_document" "bastion":
β”‚   24: resource "aws_ssm_document" "bastion" {
β”‚
β•΅

$ terraform import aws_ssm_document.bastion SSM-SessionManagerRunShell
aws_ssm_document.bastion: Importing from ID "SSM-SessionManagerRunShell"...
aws_ssm_document.bastion: Import prepared!
  Prepared aws_ssm_document for import
aws_ssm_document.bastion: Refreshing state... [id=SSM-SessionManagerRunShell]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Expected Behavior

Actual Behavior

Steps to Reproduce

  1. append resource aws_ssm_document to your .tf file.
  2. terraform import aws_ssm_document
  3. terraform apply
justinretzolk commented 1 year ago

Hey @yugaraxy πŸ‘‹ Thank you for taking the time to raise this! So that we have all of the necessary information in order to look into this, is it possible to supply debug logs (redacted as needed) as well?