Closed luarx closed 5 months ago
Voting for Prioritization
Volunteering to Work on This Issue
Hey @luarx 👋 Thank you for taking the time to raise this! Can you supply a sample Terraform configuration that can be used to reproduce this issue?
Hi @justinretzolk ! Thanks for answering 🙏 I have added more information to the issue so that it is easier to follow and to reproduce!
The resource that I have shared has been created from scratch and modified in the same way that I have explained, to check that it is reproducible, and it breaks :( Hope that this error is not affecting a lot of people.
Let me know if you need more details!
This error is happening to me too! Oddly enough there is no error in our CI flow which runs on standard ubuntu-latest
github actions runner (amd64) but fails locally on my M1 Laptop
Hi @justinretzolk , I also encountered this issue today. The only addition I made was adding the "ip_set_forwarded_ip_config" block to an existing dynamic block.
Old "dynamic" block - works fine:
dynamic "rule" {
for_each = (var.bypass_ipv4_cidr_list != null) ? ["bypass_rule"] : []
content {
name = local.bypass_v4_rule_name
priority = local.bypass_v4_rule_priority
statement {
ip_set_reference_statement {
arn = aws_wafv2_ip_set.bypass_ipv4_ip_set["bypass_set"].arn
}
}
action {
allow {}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "${var.name}_${local.bypass_v4_rule_name}"
sampled_requests_enabled = true
}
}
}
"New" dynamic block, throws error:
dynamic "rule" {
for_each = (var.bypass_ipv4_cidr_list != null) ? ["bypass_rule"] : []
content {
name = local.bypass_v4_rule_name
priority = local.bypass_v4_rule_priority
statement {
ip_set_reference_statement {
arn = aws_wafv2_ip_set.bypass_ipv4_ip_set["bypass_set"].arn
ip_set_forwarded_ip_config {
fallback_behavior = "MATCH"
header_name = "X-Forwarded-For"
position = "FIRST"
}
}
}
action {
allow {}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "${var.name}_${local.bypass_v4_rule_name}"
sampled_requests_enabled = true
}
}
}
The error:
Error: Provider produced inconsistent final plan
│
│ When expanding the plan for module.environment.module.waf_v2_external.aws_wafv2_web_acl.web_acl to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .rule
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.
Are there have any updates? 👀
We got the same issue
I had a similar issue with terraform v1.3.0 and aws provider v5.19.0. Upgrading my terraform version to 1.6.0 resolved for me.
I had a similar issue with terraform v1.3.0 and aws provider v5.19.0. Upgrading my terraform version to 1.6.0 resolved for me.
this also resolved my issue :slightly_smiling_face: thanks for the suggestion @jslatterycnvrtr
Upgrading my terraform version to 1.6.0 resolved for me
This also helped me, so I would consider it is the right answer and close the issue, thanks a lot @jslatterycnvrtr! 🙌
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Core Version
1.2.5
AWS Provider Version
4.56.0, 5.14.0
Affected Resource(s)
aws_wafv2_web_acl
Expected Behavior
I want to modified a rate-limit rule value from 1500 to 1600 of a
aws_wafv2_web_acl
that is already created. When I apply it, it has to modify the rate-limit rule.Note: Terraform says that it has to modify also the rule "
AWS-AWSManagedRulesAmazonIpReputationList
" , but it has not any change from my side, so it is weird, I suppose that is because of internal reasons...Actual Behavior
It breaks showing a critical error output located in the section
Debug Output
Relevant Error/Panic Output Snippet
Located in the section
Debug Output
Terraform Configuration Files
Steps to Reproduce
Create the previous terraform resource (
terraform apply
)Modify the resource setting a different rate-limit value and apply (
terraform apply
). I changed 1500 -> 1600 as this:The previous modification shows this terraform plan:
After accepting the previous plan saying yes, IT BREAKS (see part of the output in the following section)
Debug Output
It is not complete because Github has a length limit:
Panic Output
In the
Debug Output
sectionImportant Factoids
I have seen this error todoy for the first time. I have been modified that waf_resource sometime ago without upgrading the version and it was working as expected. After seeing that error ouput, I decided to upgrade my Terraform AWS provider from
4.56.0
->5.14.0
, just in case it could fix this issue, but SAME RESULT, it breaks.I have deleted, created the resource again and modified it, and SAME RESULT, it breaks.
I suspect if the problem could be from the AWS side as I received an email today where they say:
References
No response
Would you like to implement a fix?
No