[Bug]: Error: creating Auto Scaling Launch Configuration (REDACTEDRESOURCENAMEXXXXXXXXXXXXXX): empty result

[callum-spencer]

Terraform Core Version

1.2.0

AWS Provider Version

5.10.0

Affected Resource(s)

aws_launch_configuration, asg

Expected Behavior

Launch configuration should be created so we can create ASG

Actual Behavior

Resource fails to create, "empty result" error message despite using the same code in several other environments within the same region.

Relevant Error/Panic Output Snippet

`│ Error: creating Auto Scaling Launch Configuration (REDACTEDRESOURCENAMEXXXXXXXXXXXXXX): empty result
│ 
│   with aws_launch_configuration.lc,
│   on main.tf line 24, in resource "aws_launch_configuration" "lc":
│   24: resource "aws_launch_configuration" "lc" {`

Terraform Configuration Files

resource "aws_launch_configuration" "lc" {
    name_prefix = "${var.project_name}-${var.environment}-"
    image_id = var.ami_id
    instance_type = var.instance_type
    iam_instance_profile = aws_iam_instance_profile.profile.name
    security_groups = [aws_security_group.name_of_ec2_secgrp.id]
    key_name = var.ssh_key_name
    lifecycle {
        create_before_destroy = true
    }
    root_block_device {
        volume_type = "gp2"
        volume_size = "20"
    }
    user_data = base64encode(data.template_file.user_data_ec2.rendered)
    associate_public_ip_address = true

Steps to Reproduce

terraform apply

Debug Output

  <RequestId>1b33f216-035a-4ab3-91d3-2bf42921168b</RequestId>
  </Res*********data>
</Get******************onse>
" http.response.header.content_type=text/xml http.status_code=200 tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ConfigureProvider @module=aws.aws-base aws.service=STS http.response.header.date="Wed, 02 Aug 2023 15:12:24 GMT" tf_req_id=485f0f91-9d01-17e3-3827-b8bacdd077b6 aws.sdk=aws-sdk-go-v2 http.duration=12 tf_provider_addr=registry.terraform.io/hashicorp/aws aws.region=eu-west-2 http.response.header.x_amzn_requestid=1b33f216-035a-4ab3-91d3-2bf42921168b http.response_content_length=475 @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.32/logging/logger.go:41 timestamp=2023-08-02T16:12:25.095+0100
2023-08-02T16:12:25.095+0100 [INFO]  provider.terraform-provider-aws_v5.10.0_x5: Retrieved caller identity from STS: @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.32/logging/logger.go:33 tf_mux_provider=*schema.GRPCProviderServer @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=485f0f91-9d01-17e3-3827-b8bacdd077b6 tf_rpc=ConfigureProvider timestamp=2023-08-02T16:12:25.095+0100
2023-08-02T16:12:25.096+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: Calling provider defined Provider Configure: tf_mux_provider=*proto5server.Server tf_req_id=485f0f91-9d01-17e3-3827-b8bacdd077b6 tf_rpc=ConfigureProvider tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/terraform-plugin-framework@v1.3.3/internal/fwserver/server_configureprovider.go:15 @module=sdk.framework timestamp=2023-08-02T16:12:25.096+0100
2023-08-02T16:12:25.096+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: Called provider defined Provider Configure: @caller=github.com/hashicorp/terraform-plugin-framework@v1.3.3/internal/fwserver/server_configureprovider.go:23 @module=sdk.framework tf_mux_provider=*proto5server.Server tf_rpc=ConfigureProvider tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=485f0f91-9d01-17e3-3827-b8bacdd077b6 timestamp=2023-08-02T16:12:25.096+0100
2023-08-02T16:12:25.099+0100 [WARN]  provider.terraform-provider-aws_v5.10.0_x5: Response contains warning diagnostic: tf_proto_version=5.3 tf_resource_type=aws_eip @module=sdk.proto diagnostic_attribute=AttributeName("vpc") diagnostic_summary="Argument is deprecated" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ValidateResourceTypeConfig @caller=github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov5/internal/diag/diagnostics.go:60 tf_req_id=33ad0f31-3380-4e1c-274e-e8cbf85e0849 diagnostic_detail="use domain attribute instead" diagnostic_severity=WARNING timestamp=2023-08-02T16:12:25.099+0100
2023-08-02T16:12:25.101+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_iam_policy.policy, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .path: planned value cty.StringVal("/") for a non-computed attribute
      - .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
2023-08-02T16:12:25.102+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_iam_role.role, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .description: planned value cty.StringVal("") for a non-computed attribute
      - .force_detach_policies: planned value cty.False for a non-computed attribute
      - .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
      - .max_session_duration: planned value cty.NumberIntVal(3600) for a non-computed attribute
      - .path: planned value cty.StringVal("/") for a non-computed attribute
2023-08-02T16:12:25.103+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_eip.gw, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .customer_owned_ipv4_pool: planned value cty.StringVal("") for a non-computed attribute
2023-08-02T16:12:25.103+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_efs_file_system.wgvpn-efs-persistant-algo, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .provisioned_throughput_in_mibps: planned value cty.NumberIntVal(0) for a non-computed attribute
      - .throughput_mode: planned value cty.StringVal("bursting") for a non-computed attribute
2023-08-02T16:12:25.108+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_iam_policy_attachment.policy_attach, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .users: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
      - .groups: planned value cty.SetValEmpty(cty.String) for a non-computed attribute
2023-08-02T16:12:25.108+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_iam_instance_profile.profile, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .path: planned value cty.StringVal("/") for a non-computed attribute
      - .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
2023-08-02T16:12:25.109+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_security_group.wireguard_vpn_ec2_secgrp, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .tags: planned value cty.MapValEmpty(cty.String) for a non-computed attribute
      - .revoke_rules_on_delete: planned value cty.False for a non-computed attribute
2023-08-02T16:12:25.124+0100 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an invalid plan for aws_launch_configuration.lc, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .user_data: planned value cty.StringVal("7acde0a9a4b51e843435382a6f20c23e8fd522f4") does not match config value cty.StringVal("IyEvYmluL2Jhc2ggLXhlCnNlZCAtaSAtZSAncy9cI01heEF1dGhUcmllc1wgNi9NYXhBdXRoVHJpZXNcIDE1L2cnIC9ldGMvc3NoL3NzaGRfY29uZmlnCnNlcnZpY2Ugc3NoZCByZXN0YXJ0CnNlcnZpY2Ugc3lzdGVtZC1yZXNvbHZlZCByZXN0YXJ0CmFwdC1nZXQgdXBkYXRlCmFwdC1nZXQgaW5zdGFsbCAteSBkb2NrZXIuaW8gYXdzY2xpIG5mcy1jb21tb24gbWFrZSBiaW51dGlscyBqcSBwb3N0Z3Jlc3FsLWNsaWVudApjZCAvdG1wLwpybSAtcmYgZWZzLXV0aWxzCmdpdCBjbG9uZSBodHRwczovL2dpdGh1Yi5jb20vYXdzL2Vmcy11dGlscwpjZCBlZnMtdXRpbHMKLi9idWlsZC1kZWIuc2gKYXB0LWdldCAteSBpbnN0YWxsIC4vYnVpbGQvYW1hem9uLWVmcy11dGlscypkZWIKbWtkaXIgLXAgL3Zhci9hbGdvCm1vdW50IC10IG5mczQgLW8gbmZzdmVycz00LjEscnNpemU9MTA0ODU3Nix3c2l6ZT0xMDQ4NTc2LHNvZnQsdGltZW89NjAwLHJldHJhbnM9MiBmcy0wYjExODljNmQ5MjA1NWFlOC5lZnMuZXUtd2VzdC0yLmFtYXpvbmF3cy5jb206LyAvdmFyL2FsZ28KZWNobyAiZnMtMGIxMTg5YzZkOTIwNTVhZTguZWZzLmV1LXdlc3QtMi5hbWF6b25hd3MuY29tOi8gL3Zhci9hbGdvIG5mcyBuZnN2ZXJzPTQuMSxyc2l6ZT0xMDQ4NTc2LHdzaXplPTEwNDg1NzYsc29mdCx0aW1lbz02MDAscmV0cmFucz0yIDAgMiIgfCB0ZWUgLWEgL2V0Yy9mc3RhYgovdmFyL2FsZ28vZWlwLWluaXQuc2gK")
      - .enable_monitoring: planned value cty.True for a non-computed attribute
      - .root_block_device[0].delete_on_termination: planned value cty.True for a non-computed attribute
      - .ebs_block_device: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
      - .metadata_options: attribute representing nested block must not be unknown itself; set nested attribute values to unknown instead
aws_launch_configuration.lc: Creating...
2023-08-02T16:12:25.124+0100 [INFO]  Starting apply for aws_launch_configuration.lc
2023-08-02T16:12:25.125+0100 [DEBUG] aws_launch_configuration.lc: applying the planned Create change
2023-08-02T16:12:25.127+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: [DEBUG] setting computed for "metadata_options" from ComputedKeys
2023-08-02T16:12:25.127+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: [DEBUG] setting computed for "ebs_block_device" from ComputedKeys
2023-08-02T16:12:25.128+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: HTTP Request Sent: aws.region=eu-west-2 aws.service=EC2 http.request.header.x_amz_security_token=***** tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.33/logger.go:96 http.request.body="Acti*************ages&ImageId.1=ami-0094*********9169&Version=2016-11-15
" http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************O7WP********2/eu-west-2/ec2/aws4_request, Sign*************tent-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" tf_req_id=253a927b-df6f-b4ea-02ce-5dd5ed7de7a1 aws.operation=DescribeImages http.flavor=1.1 http.request.header.x_amz_date=20230802T151225Z http.request_content_length=72 http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.3.0 (+https://www.terraform.io) terraform-provider-aws/5.10.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.305 (go1.20.6; darwin; amd64)" tf_rpc=ApplyResourceChange aws.sdk=aws-sdk-go http.request.header.content_type="application/x-www-form-urlencoded; charset=utf-8" http.method=POST http.url=https://ec2.eu-west-2.amazonaws.com/ net.peer.name=ec2.eu-west-2.amazonaws.com tf_mux_provider=*schema.GRPCProviderServer tf_resource_type=aws_launch_configuration @module=aws timestamp=2023-08-02T16:12:25.128+0100
2023-08-02T16:12:25.282+0100 [DEBUG] provider.terraform-provider-aws_v5.10.0_x5: HTTP Response Received: tf_req_id=253a927b-df6f-b4ea-02ce-5dd5ed7de7a1 aws.region=eu-west-2 http.response.header.cache_control="no-cache, no-store" tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_launch_configuration aws.operation=DescribeImages aws.sdk=aws-sdk-go http.response.body="<?xml version="1.0" encoding="UTF-8"?>
<Desc**************onse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
    <requestId>fd2b6405-9982-4ef3-9ec1-21a8db89eec8</requestId>
    <imagesSet/>
</Des***************onse>
" http.response.header.strict_transport_security="max-age=31536000; includeSubDomains" http.response_content_length=219 tf_rpc=ApplyResourceChange http.duration=153 http.response.header.server=AmazonEC2 aws.service=EC2 http.response.header.content_type=text/xml;charset=UTF-8 http.response.header.date="Wed, 02 Aug 2023 15:12:24 GMT" http.response.header.x_amzn_requestid=fd2b6405-9982-4ef3-9ec1-21a8db89eec8 @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.33/logger.go:144 @module=aws http.status_code=200 timestamp=2023-08-02T16:12:25.282+0100
2023-08-02T16:12:25.282+0100 [ERROR] provider.terraform-provider-aws_v5.10.0_x5: Response contains error diagnostic: @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=253a927b-df6f-b4ea-02ce-5dd5ed7de7a1 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.18.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="creating Auto Scaling Launch Configuration (wireguard-vpn-kitprep-staging-default-20230802151225127800000001): empty result" tf_resource_type=aws_launch_configuration timestamp=2023-08-02T16:12:25.282+0100
2023-08-02T16:12:25.282+0100 [ERROR] vertex "aws_launch_configuration.lc" error: creating Auto Scaling Launch Configuration (wireguard-vpn-kitprep-staging-default-20230802151225127800000001): empty result

Important Factoids

We have several other environments that match the exact configuration of this environment (GEO location etc), so not sure why this would fail unless provider requirements have changed but the Error doesn't give too much away to advise of that.

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @callum-spencer 👋 Thank you for taking the time to raise this! So that we have the information needed in order to look into this, can you supply debug logs (redacted as needed) as well?

[callum-spencer]

Hey @justinretzolk apologies, just added the debug output

[camclay]

Also seeing this issue using Terraform v1.5.5 and aws v5.9.0. Also attempted with aws v5.5.0 and still failed, wondering if there's an upstream api change.

[bassettDev]

Also fails on v1.1.2 and aws 4.67.0

[vkulov]

This sometimes happens if the account you run terraform in doesn't have access to the AMI you are trying to provision. I guess terraform tries to get AMI details but receives an empty list because it can't see that AMI. Sharing the AMI with the target account solved this for us.

[jfxdev]

This sometimes happens if the account you run terraform in doesn't have access to the AMI you are trying to provision. I guess terraform tries to get AMI details but receives an empty list because it can't see that AMI. Sharing the AMI with the target account solved this for us.

vkulov response about missing AMI worked for me