[Bug]: Error in the vpc_endpoint module when adding a new subnet via the vpc module

[SimonEdwardsMQA]

Terraform Core Version

1.3.1

AWS Provider Version

4.0

Affected Resource(s)

I tried to add a second public and private subnet, but got an error back which suggested this was an issue with the provider.

Expected Behavior

Create new subnets and populate them through the infrastructure

Actual Behavior

Error on the run

Relevant Error/Panic Output Snippet

Error: Provider produced inconsistent final plan

When expanding the plan for module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" changed the planned action from NoOp to Update.

This is a bug in the provider, which should be reported in the provider's own issue tracker.
Error: Provider produced inconsistent final plan

When expanding the plan for module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .subnet_ids: actual set element cty.StringVal("subnet-09c04a2f*********") does not correlate with any element in plan.

This is a bug in the provider, which should be reported in the provider's own issue tracker.
Error: Provider produced inconsistent final plan

When expanding the plan for module.vpc_endpoints.aws_vpc_endpoint.this["ecs"] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .subnet_ids: length changed from 1 to 2.

This is a bug in the provider, which should be reported in the provider's own issue tracker.

Terraform Configuration Files

################################################################################

VPC Module

################################################################################

module "vpc" { source = "terraform-aws-modules/vpc/aws"

name = local.vpc_name cidr = "10.150.0.0/16"

azs = ["${local.region}a", "${local.region}b"] private_subnets = ["10.150.1.0/24", "10.150.2.0/24"] # added the 10.150.2.0/24 subnet public_subnets = ["10.150.101.0/24", "10.150.102.0/24"] # added the 10.150.102.0/24 subnet database_subnets = ["10.150.10.0/25", "10.150.10.128/25"]

create_database_subnet_group = true create_database_subnet_route_table = true create_database_internet_gateway_route = false

enable_nat_gateway = false enable_vpn_gateway = false create_igw = true

manage_default_network_acl = true default_network_acl_tags = { Name = "${local.vpc_name}-defaultACL" }

manage_default_route_table = true default_route_table_tags = { Name = "${local.vpc_name}-defaultRT" }

manage_default_security_group = true default_security_group_tags = { Name = "${local.vpc_name}-defaultSG" }

tags = local.common_tags }

################################################################################

VPC Endpoints Module

################################################################################

module "vpc_endpoints" { source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"

vpc_id = module.vpc.vpc_id security_group_ids = [data.aws_security_group.default.id]

endpoints = { s3 = { service = "s3" service_type = "Gateway" tags = { Name = "s3-vpc-endpoint" } subnet_ids = module.vpc.private_subnets route_table_ids = flatten([module.vpc.private_route_table_ids]) }, dynamodb = { service = "dynamodb" service_type = "Gateway" route_table_ids = flatten([module.vpc.private_route_table_ids]) policy = data.aws_iam_policy_document.dynamodb_endpoint_policy.json tags = { Name = "dynamodb-vpc-endpoint" } }, ecs = { service = "ecs" private_dns_enabled = false subnet_ids = module.vpc.private_subnets route_table_ids = flatten([module.vpc.private_route_table_ids])

},
ecs_telemetry = {
  create              = false
  service             = "ecs-telemetry"
  private_dns_enabled = false
  subnet_ids          = module.vpc.private_subnets
  route_table_ids     = flatten([module.vpc.private_route_table_ids])

},

} } module "vpc_endpoints_nocreate" { source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"

create = false }

Steps to Reproduce

Happened on the first instance of making the change, the second time I attempted this update it worked OK.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No response

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[tbugfinder]

Any workaround for this?