[Bug]: reading RAM Resource Share (YYY) Principal Association (XXXX): couldn't find resource (21 retries)

[AliAllomani]

Terraform Core Version

1.2.2

AWS Provider Version

5.21.0

Affected Resource(s)

• aws_ram_principal_association

Expected Behavior

Resource defenition of RAM principal association should be able to read and update the defined associations, even when a large number of associations exist

Terraform provider / AWS SDK should respect nextToken when provided in the response and proceed with the next request with NextToken in the request

Actual Behavior

Terraform plan fails with the error

│ Error: reading RAM Resource Share (arn:aws:ram:eu-west-3:XXXX:resource-share/XXXX) Principal Association (arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
│ 
│   with aws_ram_principal_association.dns["arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX"],
│   on resources_sharing.tf line 36, in resource "aws_ram_principal_association" "dns":
│   36: resource "aws_ram_principal_association" "dns" {

From the debug logs, it seems that the API response includes nextToken param in the first reponse while resourceShareAssociations is an empty array

The issue has been detected in Paris region (eu-west-3) only

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_ram_principal_association" "dns" {
  for_each           = toset(var.rs_principals) #long list
  principal          = each.key
  resource_share_arn = aws_ram_resource_share.dns.arn

  lifecycle {
    prevent_destroy = true
  }
}

resource "aws_ram_resource_share" "dns" {
  name                      = "NAME"
}

Steps to Reproduce

• create ram resource share and associate it with long list of principals +700
• run terraform plan

Debug Output

Behaviour from Terraform

2023-10-18T12:14:13.325+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.x_amz_date=20231018T101413Z http.request_content_length=225 rpc.method=GetResourceShareAssociations rpc.system=aws-api tf_aws.sdk=aws-sdk-go tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ReadResource http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.x_amz_security_token=***** http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.service=RAM @module=aws http.flavor=1.1 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.content_type=application/json tf_mux_provider=*schema.GRPCProviderServer tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_resource_type=aws_ram_principal_association aws.region=eu-west-3 http.method=POST net.peer.name=ram.eu-west-3.amazonaws.com @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:109 timestamp=2023-10-18T12:14:13.324+0200
2023-10-18T12:14:13.552+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: rpc.service=RAM @module=aws tf_provider_addr=registry.terraform.io/hashicorp/aws http.response.header.date="Wed, 18 Oct 2023 10:14:13 GMT" rpc.method=GetResourceShareAssociations http.response_content_length=1307 tf_mux_provider=*schema.GRPCProviderServer tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_rpc=ReadResource http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform http.response.header.x_amzn_requestid=3e0506fe-afd0-48a2-b254-3773e4f6920a rpc.system=aws-api http.response.header.x_amz_apigw_id=M_huYEDpiGYFcLw= http.response.header.access_control_allow_origin=* http.response.header.access_control_max_age=86400 http.status_code=200 tf_aws.sdk=aws-sdk-go @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:157 http.response.header.access_control_allow_methods=POST http.duration=227 http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date aws.region=eu-west-3 tf_resource_type=aws_ram_principal_association http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652faff5-43557f0a7cbdfb5d0cea95c4 timestamp=2023-10-18T12:14:13.552+0200

2023-10-18T12:14:23.556+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.x_amz_date=20231018T101423Z http.request.header.x_amz_security_token=***** http.request_content_length=225 net.peer.name=ram.eu-west-3.amazonaws.com tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_ram_principal_association aws.region=eu-west-3 http.flavor=1.1 http.method=POST http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" tf_mux_provider=*schema.GRPCProviderServer @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:109 tf_rpc=ReadResource tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.content_type=application/json http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations rpc.method=GetResourceShareAssociations rpc.service=RAM rpc.system=aws-api @module=aws tf_aws.sdk=aws-sdk-go timestamp=2023-10-18T12:14:23.554+0200

2023-10-18T12:14:23.834+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.date="Wed, 18 Oct 2023 10:14:23 GMT" rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_rpc=ReadResource aws.region=eu-west-3 http.response.header.access_control_allow_origin=* http.response.header.access_control_max_age=86400 http.response.header.x_amzn_requestid=3291c5f5-f1ff-4589-8608-3279414fc94a http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date http.status_code=200 tf_provider_addr=registry.terraform.io/hashicorp/aws http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652fafff-0f7057550d33f785011d4f25 http.response.header.access_control_allow_methods=POST http.response.header.x_amz_apigw_id=M_hv_FJXCGYF9yw= http.response_content_length=1307 tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:157 @module=aws http.duration=279 rpc.system=aws-api tf_mux_provider=*schema.GRPCProviderServer rpc.service=RAM tf_resource_type=aws_ram_principal_association timestamp=2023-10-18T12:14:23.833+0200

2023-10-18T12:14:33.837+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request_content_length=225 tf_mux_provider=*schema.GRPCProviderServer tf_resource_type=aws_ram_principal_association http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.flavor=1.1 http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.content_type=application/json http.request.header.x_amz_security_token=***** rpc.service=RAM rpc.system=aws-api @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:109 aws.region=eu-west-3 tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.method=POST http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws net.peer.name=ram.eu-west-3.amazonaws.com rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_rpc=ReadResource http.request.header.x_amz_date=20231018T101433Z timestamp=2023-10-18T12:14:33.836+0200

2023-10-18T12:14:34.115+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=278 http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform tf_mux_provider=*schema.GRPCProviderServer rpc.service=RAM tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 tf_rpc=ReadResource @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:157 http.response.header.x_amzn_requestid=d29f5ea1-f09d-4ebc-b6d7-8995b7608d6b http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date rpc.system=aws-api http.response.header.x_amz_apigw_id=M_hxmFJMiGYFvMw= tf_resource_type=aws_ram_principal_association http.response.header.access_control_allow_origin=* http.response.header.date="Wed, 18 Oct 2023 10:14:34 GMT" http.response.header.content_type=application/json http.response.header.x_amzn_trace_id=Root=1-652fb009-10326003756367fc0603f1ea @module=aws http.status_code=200 tf_aws.sdk=aws-sdk-go http.response.header.access_control_allow_methods=POST http.response_content_length=1307 http.response.header.access_control_max_age=86400 rpc.method=GetResourceShareAssociations aws.region=eu-west-3 http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" timestamp=2023-10-18T12:14:34.115+0200

2023-10-18T12:14:44.118+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.method=POST http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************6AJB/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.x_amz_date=20231018T101444Z http.url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:109 aws.region=eu-west-3 http.flavor=1.1 tf_resource_type=aws_ram_principal_association http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.method=GetResourceShareAssociations tf_aws.sdk=aws-sdk-go tf_mux_provider=*schema.GRPCProviderServer http.request_content_length=225 rpc.service=RAM rpc.system=aws-api tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}
" http.request.header.x_amz_security_token=***** tf_rpc=ReadResource http.request.header.content_type=application/json net.peer.name=ram.eu-west-3.amazonaws.com tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 timestamp=2023-10-18T12:14:44.118+0200
2023-10-18T12:14:44.371+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=251 http.response.header.x_amz_apigw_id=M_hzMFecCGYFy9g= tf_aws.sdk=aws-sdk-go http.response.header.access_control_max_age=86400 http.response.header.content_type=application/json @module=aws http.response_content_length=1307 rpc.method=GetResourceShareAssociations tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ReadResource aws.region=eu-west-3 http.response.header.access_control_allow_origin=* http.response.header.x_amzn_requestid=459bec37-ad4a-4db2-b3a6-ba78b7eb93a5 http.status_code=200 http.response.header.date="Wed, 18 Oct 2023 10:14:44 GMT" rpc.system=aws-api tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}
" http.response.header.access_control_allow_headers=Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:157 http.response.header.access_control_allow_methods=POST http.response.header.access_control_expose_headers=x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date http.response.header.x_amzn_trace_id=Root=1-652fb014-1adc3f3955eb82f453660090 rpc.service=RAM tf_resource_type=aws_ram_principal_association timestamp=2023-10-18T12:14:44.370+0200
2023-10-18T12:14:44.371+0200 [ERROR] provider.terraform-provider-aws_v5.21.0_x5: Response contains error diagnostic: @caller=github.com/hashicorp/terraform-plugin-go@v0.19.0/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_summary="reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)" tf_rpc=ReadResource tf_resource_type=aws_ram_principal_association @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_proto_version=5.4 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=4a035d57-f3d9-46f0-0ef3-7464e4e76f36 timestamp=2023-10-18T12:14:44.370+0200
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns[\"arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX\"]" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.373+0200 [ERROR] vertex "aws_ram_principal_association.dns (expand)" error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
2023-10-18T12:14:44.459+0200 [INFO]  backend/local: plan operation completed
╷
│ Error: reading RAM Resource Share (arn:aws:ram:eu-west-3:12345678912:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c) Principal Association (arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX): couldn't find resource (21 retries)
│ 
│   with aws_ram_principal_association.dns["arn:aws:organizations::123456789000:ou/o-XXXX/ou-XXXX"],
│   on resources_sharing.tf line 36, in resource "aws_ram_principal_association" "dns":
│   36: resource "aws_ram_principal_association" "dns" {
│ 

Behaviour from AWS CLI

# aws --version                                                         
aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off

# aws ram get-resource-share-associations --association-type PRINCIPAL --resource-share-arns arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c --principal arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXX-XXX --region eu-west-3 --debug

...

2023-10-18 13:02:08,822 - MainThread - botocore.hooks - DEBUG - Event needs-retry.sso.GetRoleCredentials: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26927d400>>
2023-10-18 13:02:08,822 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:08,822 - MainThread - botocore.hooks - DEBUG - Event after-call.sso.GetRoleCredentials: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff278965f10>>
2023-10-18 13:02:08,826 - MainThread - botocore.credentials - DEBUG - Retrieved credentials will expire at: 2023-10-18 12:02:07+00:00
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/getresourceshareassociations

content-type:application/json
host:ram.eu-west-3.amazonaws.com
x-amz-date:20231018T110208Z
x-amz-security-token: <TRUNCATED>

content-type;host;x-amz-date;x-amz-security-token
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20231018T110208Z
20231018/eu-west-3/ram/aws4_request
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.auth - DEBUG - Signature:
<TRUNCATED>
2023-10-18 13:02:08,827 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations, headers={'Content-Type': b'application/json', 'User-Agent': b'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations', 'X-Amz-Date': b'20231018T110208Z', 'X-Amz-Security-Token': b'<TRUNCATED>', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIA4E2MDD56OGZZXKWL/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=<TRUNCATED>', 'Content-Length': '230'}>
2023-10-18 13:02:08,828 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-10-18 13:02:08,828 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): ram.eu-west-3.amazonaws.com:443
2023-10-18 13:02:09,208 - MainThread - urllib3.connectionpool - DEBUG - https://ram.eu-west-3.amazonaws.com:443 "POST /getresourceshareassociations HTTP/1.1" 200 1307
2023-10-18 13:02:09,208 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Wed, 18 Oct 2023 11:02:09 GMT', 'Content-Type': 'application/json', 'Content-Length': '1307', 'Connection': 'keep-alive', 'x-amzn-RequestId': 'f631f5cb-ab66-4637-a369-8fb26e6533aa', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform', 'x-amz-apigw-id': 'M_ovtG3kiGYFdSA=', 'Access-Control-Allow-Methods': 'POST', 'Access-Control-Expose-Headers': 'x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date', 'X-Amzn-Trace-Id': 'Root=1-652fbb31-4f9b53ef6b41e88a27a2a379', 'Access-Control-Max-Age': '86400'}
2023-10-18 13:02:09,209 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"nextToken":"<TRUNCATED>","resourceShareAssociations":[]}'

2023-10-18 13:02:09,209 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ram.GetResourceShareAssociations: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26923b610>>
2023-10-18 13:02:09,209 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:09,209 - MainThread - botocore.hooks - DEBUG - Event after-call.ram.GetResourceShareAssociations: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff26923b160>>
2023-10-18 13:02:09,210 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Region': 'eu-west-3', 'UseDualStack': False, 'UseFIPS': False}
2023-10-18 13:02:09,210 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://ram.eu-west-3.amazonaws.com
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.ram.GetResourceShareAssociations: calling handler <function base64_decode_input_blobs at 0x7ff2690faca0>
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.ram.GetResourceShareAssociations: calling handler <function generate_idempotent_uuid at 0x7ff2783bd0d0>
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event before-call.ram.GetResourceShareAssociations: calling handler <function inject_api_version_header_if_needed at 0x7ff2783bf940>
2023-10-18 13:02:09,210 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=GetResourceShareAssociations) with params: {'url_path': '/getresourceshareassociations', 'query_string': {}, 'method': 'POST', 'headers': {'Content-Type': 'application/json', 'User-Agent': 'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations'}, 'body': b'{"associationType": "PRINCIPAL", "resourceShareArns": ["arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"], "principal": "arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX", "nextToken": "<TRUNCATED>"}', 'url': 'https://ram.eu-west-3.amazonaws.com/getresourceshareassociations', 'context': {'client_region': 'eu-west-3', 'client_config': <botocore.config.Config object at 0x7ff248010f40>, 'has_streaming_input': False, 'auth_type': None}}
2023-10-18 13:02:09,210 - MainThread - botocore.hooks - DEBUG - Event request-created.ram.GetResourceShareAssociations: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7ff248010fa0>>
2023-10-18 13:02:09,211 - MainThread - botocore.hooks - DEBUG - Event choose-signer.ram.GetResourceShareAssociations: calling handler <function set_operation_specific_signer at 0x7ff2783b9f70>
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
POST
/getresourceshareassociations

content-type:application/json
host:ram.eu-west-3.amazonaws.com
x-amz-date:20231018T110209Z
x-amz-security-token:<TRUNCATED>

content-type;host;x-amz-date;x-amz-security-token
<TRUNCATED>
2023-10-18 13:02:09,211 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20231018T110209Z
20231018/eu-west-3/ram/aws4_request
<TRUNCATED>
2023-10-18 13:02:09,212 - MainThread - botocore.auth - DEBUG - Signature:
<TRUNCATED>
2023-10-18 13:02:09,212 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=POST, url=https://ram.eu-west-3.amazonaws.com/getresourceshareassociations, headers={'Content-Type': b'application/json', 'User-Agent': b'aws-cli/2.9.20 Python/3.9.11 Darwin/22.6.0 exe/x86_64 prompt/off command/ram.get-resource-share-associations', 'X-Amz-Date': b'20231018T110209Z', 'X-Amz-Security-Token': b'<TRUNCATED>', 'Authorization': b'AWS4-HMAC-SHA256 Credential=ASIA4E2MDD56OGZZXKWL/20231018/eu-west-3/ram/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=0e30118005a0e874d6e047ab5b9782fc9b9eaf1dc7b51cbbeb07fc94ce58179b', 'Content-Length': '1507'}>
2023-10-18 13:02:09,212 - MainThread - botocore.httpsession - DEBUG - Certificate path: /usr/local/aws-cli/awscli/botocore/cacert.pem
2023-10-18 13:02:09,473 - MainThread - urllib3.connectionpool - DEBUG - https://ram.eu-west-3.amazonaws.com:443 "POST /getresourceshareassociations HTTP/1.1" 200 422
2023-10-18 13:02:09,474 - MainThread - botocore.parsers - DEBUG - Response headers: {'Date': 'Wed, 18 Oct 2023 11:02:09 GMT', 'Content-Type': 'application/json', 'Content-Length': '422', 'Connection': 'keep-alive', 'x-amzn-RequestId': '037b7340-50cb-488d-ab98-0e76d02f54de', 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Headers': 'Content-Type,X-Amz-Date,Authorization,Date,X-Amz-Target,x-amzn-platform-id,x-amzn-trace-id,X-Api-Key,X-Amz-Security-Token,X-Amz-Content-Sha256,X-Amz-User-Agent,Amz-Sdk-Invocation-Id,Amz-Sdk-Request,Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Platform', 'x-amz-apigw-id': 'M_ovvGhUiGYFcHw=', 'Access-Control-Allow-Methods': 'POST', 'Access-Control-Expose-Headers': 'x-amzn-errortype,x-amzn-requestid,x-amzn-errormessage,x-amzn-trace-id,x-amz-apigw-id,date', 'X-Amzn-Trace-Id': 'Root=1-652fbb31-5985d9da20d4cbbc5cb52ed8', 'Access-Control-Max-Age': '86400'}
2023-10-18 13:02:09,475 - MainThread - botocore.parsers - DEBUG - Response body:
b'{"resourceShareAssociations":[{"associatedEntity":"arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX","associationType":"PRINCIPAL","creationTime":1.686139318672E9,"external":false,"lastUpdatedTime":1.686139339385E9,"resourceShareArn":"arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c","resourceShareName":"r53r_share_infra_ew3_prod_ram_01","status":"ASSOCIATED"}]}'
2023-10-18 13:02:09,475 - MainThread - botocore.hooks - DEBUG - Event needs-retry.ram.GetResourceShareAssociations: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x7ff26923b610>>
2023-10-18 13:02:09,476 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2023-10-18 13:02:09,476 - MainThread - botocore.hooks - DEBUG - Event after-call.ram.GetResourceShareAssociations: calling handler <bound method RetryQuotaChecker.release_retry_quota of <botocore.retries.standard.RetryQuotaChecker object at 0x7ff26923b160>>
{
    "resourceShareAssociations": [
        {
            "resourceShareArn": "arn:aws:ram:eu-west-3:123456789000:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c",
            "resourceShareName": "r53r_share_infra_ew3_prod_ram_01",
            "associatedEntity": "arn:aws:organizations::123456789111:ou/o-XXX/ou-XXX",
            "associationType": "PRINCIPAL",
            "status": "ASSOCIATED",
            "creationTime": "2023-06-07T14:01:58.672000+02:00",
            "lastUpdatedTime": "2023-06-07T14:02:19.385000+02:00",
            "external": false
        }
    ]
}

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[AliAllomani]

Other tests show AWS API returns value for resourceShareAssociations in the response in addition to nextToken, in this case the error doesn't occur

2023-10-19T15:33:19.550+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Request Sent: http.request.header.content_type=application/json tf_aws.sdk=aws-sdk-go tf_resource_type=aws_ram_principal_association tf_req_id=9bb55ae1-d2f9-9907-1ae3-e0bfd2bcd8fb tf_rpc=ReadResource @module=aws http.request.header.x_amz_date=20231019T133319Z http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.2.2 (+https://www.terraform.io) terraform-provider-aws/5.21.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.45.24 (go1.20.8; darwin; arm64)" rpc.system=aws-api tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.38/logger.go:109 http.flavor=1.1 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=XXXXX/20231019/eu-west-3/ram/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.x_amz_security_token=***** http.request_content_length=225 rpc.method=GetResourceShareAssociations rpc.service=RAM tf_mux_provider=*schema.GRPCProviderServer aws.region=eu-west-3 http.method=POST http.request.body="{"associationType":"PRINCIPAL","principal":"arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX","resourceShareArns":["arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c"]}

2023-10-19T15:33:19.903+0200 [DEBUG] provider.terraform-provider-aws_v5.21.0_x5: HTTP Response Received: http.duration=350 http.response.header.access_control_allow_methods=POST http.response.header.access_control_max_age=86400 rpc.method=GetResourceShareAssociations http.response.header.x_amzn_trace_id=Root=1-6531301f-48dac16a335322af7afe8de3 tf_req_id=9bb55ae1-d2f9-9907-1ae3-e0bfd2bcd8fb tf_resource_type=aws_ram_principal_association tf_rpc=ReadResource http.response.body="{"nextToken":"<TRUNCATED>","resourceShareAssociations":[{"associatedEntity":"arn:aws:organizations::XXXX:ou/o-XXXX/ou-XXXX","associationType":"PRINCIPAL","creationTime":1.686139318672E9,"external":false,"lastUpdatedTime":1.686139339385E9,"resourceShareArn":"arn:aws:ram:eu-west-3:XXXX:resource-share/1e6dd8c4-7979-4d13-80d2-6f2a417a1e0c","resourceShareName":"r53r_share_infra_ew3_prod_ram_01","status":"ASSOCIATED"}]}

[github-actions[bot]]

This functionality has been released in v5.32.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.