[Bug]: Amplify Domain Association fails with `unexpected state AWAITING_APP_CNAME`

[kiik7r]

Terraform Core Version

v1.3.9

AWS Provider Version

v4.57.0

Affected Resource(s)

• aws_amplify_domain_association

Expected Behavior

When creating an Amplify domain association with the flag wait_for_verification set to true (default), terraform should wait for the domain to be associated.

Actual Behavior

Terraform fails with the following error:

waiting for Amplify Domain Association (<redacted>/<redacted>) to verify: unexpected state 'AWAITING_APP_CNAME', wanted target 'PENDING_DEPLOYMENT, AVAILABLE'. last error: %!s(<nil>)

Seems like AWS introduced a new state not handled by the provider.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

The default example on the resource documentation: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association

You need to change the domain used with one you own.

Steps to Reproduce

Run the example from https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/amplify_domain_association.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[robmoss2k]

We are still affected by this bug. Is it a simple fix?

[andrewsbayshann]

Note to anyone dealing with this - rerunning after a couple of minutes made it work.

[robmoss2k]

I created a draft pull request for this. If someone is able to run the Amplify domain association test, we can turn it into a proper PR. I'm on Windows. I couldn't get the tests to run in my VSCode console, and in WSL, I ran out of memory trying to run them.

[robmoss2k]

Anyone?

[robmoss2k]

Note to anyone dealing with this - rerunning after a couple of minutes made it work.

Note to anyone following this advice - if you don't untaint the resource, Terraform will destroy and recreate it and end up in the same state, unless you get lucky and Terraform checks the resource either side of AWAITING_APP_CNAME. This issue doesn't occur 100% of the time - about 90% for me, but YMMV.

[MrLightful]

There's also a IMPORTING_CUSTOM_CERTIFICATE missing.

Error: waiting for Amplify Domain Association (***/dizconto.com) create: unexpected state 
'IMPORTING_CUSTOM_CERTIFICATE', wanted target 'PENDING_VERIFICATION, PENDING_DEPLOYMENT, AVAILABLE'. 
last error: %!s(<nil>)

[PlayJok3r]

Will IMPORTING_CUSTOM_CERTIFICATE be added to wanted targets?