[Bug]: aws_cloudwatch_metric_alarm - first apply fails, second succeeds - issue with metric_query block and the period parameter

[scott-doyland-burrows]

Terraform Core Version

1.6.4

AWS Provider Version

5.16.1

Affected Resource(s)

aws_cloudwatch_metric_alarm

Expected Behavior

Apply should work first time.

Actual Behavior

First apply fails and then a second apply works.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

Note the period = line and the comments

resource "aws_cloudwatch_metric_alarm" "cw_ec2_statuscheck_nat_euw1a" {
  provider          = aws.ou
  alarm_name        = "${local.name}-EC2-StatusCheck-NAT-euw1a"
  alarm_description = "Checks status of ${local.name}-NAT-euw1a."

  dynamic "metric_query" {
    for_each = toset(data.aws_instances.nat_instance_euw1a.ids)
    content {
      id = replace(metric_query.value, "-", "")
      metric {
        namespace   = "AWS/EC2"
        metric_name = "StatusCheckFailed"
        dimensions  = { InstanceId = metric_query.value }
        stat        = "Average"
        period      = 300
      }
    }
  }

  metric_query {
    id          = "e1"
    expression  = "AVG(METRICS())"
    label       = "StatusCheck"
    return_data = "true"
    ##### period = 0 ##### tried with no period and period = 0.  Apply always fails first time and works the second time
  }

  evaluation_periods  = "1"
  comparison_operator = "GreaterThanOrEqualToThreshold"
  threshold           = var.threshold_ec2_status_check

  alarm_actions = [aws_sns_topic.sns_topic.arn]
}

Steps to Reproduce

Setup config as above, obviously needs some refactoring to work in another environment, and run an apply.

Debug Output

After the first apply the error is:

│ Error: creating CloudWatch Metric Alarm (tcccomniverse-dev-EC2-StatusCheck-NAT-euw1a): ValidationError: Period must not be null
│       status code: 400, request id: 32df7504-99bf-41e5-a0a5-0ef6afd8f0d4
│
│   with module.terraform-module-environment.aws_cloudwatch_metric_alarm.cw_ec2_statuscheck_nat_euw1a,
│   on modules/main/cloudwatch.tf line 105, in resource "aws_cloudwatch_metric_alarm" "cw_ec2_statuscheck_nat_euw1a":
│  105: resource "aws_cloudwatch_metric_alarm" "cw_ec2_statuscheck_nat_euw1a" {

On the second apply it is successful.

Panic Output

No response

Important Factoids

The period parameter when used in a metric_query block should be optional.

It seems it is optional but that on a first apply the provider is confused, and always shows the errors if the period is set to 0 or omitted.

This happens if period = 0 is set or if period is removed altogether.

I will setup a simpler example as soon as possible as the above is code taken directly from my current deployed code.

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.