[Bug]: `aws_emr_cluster` `core_instace_fleet` with multiple `ebs_config` blocks get size set to default 32

Terraform Core Version

1.4.6

AWS Provider Version

5.28.0

Affected Resource(s)

aws_emr_cluster

Expected Behavior

For a cluster with a core_instance_fleet config with 2 ebs_config I would expect the 2 volumes to be created with the specified sizes (128 and 512GB).

Actual Behavior

The CORE instance fleet is created with the default EBS config (32 GB) instead of the specified sizes

It works as expected if I only provide one ebs_config block.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

terraform {
  required_version = ">= 0.15.0"
  required_providers {
    aws = {
      source = "hashicorp/aws"
    }
  }
}

resource "aws_key_pair" "ssh" {
  key_name   = "Test-dev-test-unique"
  public_key = file("test.pub")
}

resource "aws_iam_role" "emr" {
  name               = "TestEMR-devtest"
  assume_role_policy = <<EOF
{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF

}

resource "aws_iam_role" "emr_default_role" {
  name               = "TestEMR_DefaultRole-devtest"
  assume_role_policy = <<EOF
{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "elasticmapreduce.amazonaws.com"
            },
            "Action": "sts:AssumeRole",
            "Condition": {
                "StringEquals": {
                    "aws:SourceAccount": "<redacted>"
                },
                "ArnLike": {
                    "aws:SourceArn": "arn:aws:elasticmapreduce:us-east-1:<redacted>:*"
                }
            }
        }
    ]
}
EOF
}

resource "aws_iam_policy" "emr_profile_policy" {
  name   = "TestEMRProfilePolicy-devtest"
  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [{
        "Effect": "Allow",
        "Resource": "*",
        "Action": [
            "cloudwatch:*",
            "ec2:Describe*",
            "elasticmapreduce:Describe*",
            "elasticmapreduce:ListBootstrapActions",
            "elasticmapreduce:ListClusters",
            "elasticmapreduce:ListInstanceFleets",
            "elasticmapreduce:ListInstances",
            "elasticmapreduce:ListSteps",
            "rds:Describe*",
            "s3:GetObject",
            "s3:ListBucket",
            "s3:PutObject",
            "s3:DeleteObject",
            "ec2:CreateVolume",
            "ec2:AttachVolume",
            "ec2:ModifyInstanceAttribute",
            "ec2:DeleteVolume",
            "ec2:CreateTags"
        ]
    }]
}
EOF

}

resource "aws_iam_policy" "emr_default_allow_pass_role" {
  name = "TestEMRDefaultAllowPassRole"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {  
      "Sid": "PassRoleForEC2",  
      "Effect": "Allow",  
      "Action": "iam:PassRole",  
      "Resource": "${aws_iam_role.emr_default_role.arn}",  
      "Condition": {  
          "StringLike": {  
              "iam:PassedToService": "ec2.amazonaws.com*"  
          }  
    }
    },
    {  
      "Sid": "AllowCreateLaunchTemplate",  
      "Effect": "Allow",  
      "Action": "ec2:CreateLaunchTemplateVersion",  
      "Resource": "*" 
    }]
}  
EOF
}

resource "aws_iam_role_policy_attachment" "emr_profile_policy" {
  role       = aws_iam_role.emr.name
  policy_arn = aws_iam_policy.emr_profile_policy.arn
}

resource "aws_iam_role_policy_attachment" "emr_default_service_policy" {
  role       = aws_iam_role.emr_default_role.name
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
}

resource "aws_iam_role_policy_attachment" "emr_default_pass_role" {
  role       = aws_iam_role.emr_default_role.name
  policy_arn = aws_iam_policy.emr_default_allow_pass_role.arn
}

resource "aws_iam_instance_profile" "emr_profile" {
  name = "TestEMRProfile-devtest"
  role = aws_iam_role.emr.name
}

resource "aws_security_group" "emr" {
  name        = "Test EMR test"
  description = "Test EMR Security Group"
  vpc_id      = "<redacted>"

  tags = {
    Name = "Test EMR"
  }
}

resource "aws_security_group_rule" "emr-egress" {
  type              = "egress"
  from_port         = 0
  to_port           = 65535
  protocol          = "tcp"
  security_group_id = aws_security_group.emr.id
  cidr_blocks       = ["0.0.0.0/0"]
}

resource "aws_security_group_rule" "emr-to-emr" {
  type                     = "ingress"
  from_port                = 0
  to_port                  = 65535
  protocol                 = "tcp"
  security_group_id        = aws_security_group.emr.id
  source_security_group_id = aws_security_group.emr.id
}

resource "aws_security_group" "emr-master-managed" {
  name                   = "EMR Master Managed test"
  description            = "Rules managed by EMR for EMR master"
  vpc_id                 = "<redacted>"
  revoke_rules_on_delete = true

  tags = {
    Name = "Test EMR Master (managed by EMR)"
  }
}

resource "aws_security_group_rule" "emr-master-managed-egress" {
  type              = "egress"
  from_port         = 0
  to_port           = 65535
  protocol          = "tcp"
  security_group_id = aws_security_group.emr-master-managed.id
  cidr_blocks       = ["0.0.0.0/0"]
}

resource "aws_security_group" "emr-slave-managed" {
  name                   = "EMR Slave Managed test"
  description            = "Rules managed by EMR for EMR slave"
  vpc_id                 = "<redacted>"
  revoke_rules_on_delete = true

  tags = {
    Name = "Test EMR Slave (managed by EMR)"
  }
}

resource "aws_security_group_rule" "emr-slave-managed-egress" {
  type              = "egress"
  from_port         = 0
  to_port           = 65535
  protocol          = "tcp"
  security_group_id = aws_security_group.emr-slave-managed.id
  cidr_blocks       = ["0.0.0.0/0"]
}

resource "aws_emr_cluster" "emr" {
  name                              = "dev Test"
  release_label                     = "emr-5.35.0"
  applications                      = ["Hadoop", "Spark"]
  keep_job_flow_alive_when_no_steps = true
  service_role                      = aws_iam_role.emr_default_role.name

  ec2_attributes {
    key_name                          = aws_key_pair.ssh.key_name
    subnet_id                         = "<redacted>"
    emr_managed_master_security_group = aws_security_group.emr-master-managed.id
    emr_managed_slave_security_group  = aws_security_group.emr-slave-managed.id
    instance_profile                  = aws_iam_instance_profile.emr_profile.name
  }

  tags = {
    Name = "dev Test Cluster"
  }

  master_instance_fleet {
    name = "MASTER"

    instance_type_configs {
      instance_type = "m5.xlarge"
      ebs_config {
        size                 = 128
        type                 = "gp2"
        volumes_per_instance = 1
      }
    }

    launch_specifications {
        on_demand_specification {
          allocation_strategy = "lowest-price" 
        }
      }

    target_on_demand_capacity = 1
  }

  core_instance_fleet {
    name = "CORE"
    instance_type_configs {
      instance_type = "c5.xlarge"

      # /mnt
      ebs_config {
        size                 = 128
        type                 = "gp2"
        volumes_per_instance = 1
      }

      # /mnt1
      ebs_config {
        size                 = 512
        type                 = "gp2"
        volumes_per_instance = 1
      }
    }

    launch_specifications {
        on_demand_specification {
          allocation_strategy = "lowest-price" 
        }
    }

    target_on_demand_capacity = "1"
  }
}

Steps to Reproduce

Run terraform apply.

The cluster will be created with an incorrect EBS size for the CORE instance sizes

Debug Output

2023-11-30T12:28:37.682-0800 [DEBUG] provider.terraform-provider-aws_v5.28.0_x5: HTTP Request Sent: @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.43/logger.go:109 http.request.header.content_type=application/x-amz-json-1.1 rpc.method=RunJobFlow http.request.header.x_amz_security_token=***** http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.4.6 (+https://www.terraform.io) terraform-provider-aws/5.28.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.48.7 (go1.20.11; darwin; amd64)" tf_resource_type=aws_emr_cluster http.request_content_length=1433 net.peer.name=elasticmapreduce.us-east-1.amazonaws.com rpc.system=aws-api tf_req_id=79f261ad-d454-5692-cd6d-dfd93766e518 rpc.service=EMR http.url=https://elasticmapreduce.us-east-1.amazonaws.com/ http.method=POST http.request.body="{"Applications":[{"Name":"Spark"},{"Name":"Hadoop"}],"Instances":{"AdditionalMasterSecurityGroups":[""],"AdditionalSlaveSecurityGroups":[""],"Ec2KeyName":"Test-dev-test-unique","Ec2SubnetId":"subnet-0fcc3e731466d4323","Ec2SubnetIds":[],"EmrManagedMasterSecurityGroup":"sg-017eeb2a4a37156ac","EmrManagedSlaveSecurityGroup":"sg-08c72f26d3f16b44c","InstanceFleets":[{"InstanceFleetType":"MASTER","InstanceTypeConfigs":[{"BidPriceAsPercentageOfOnDemandPrice":100,"EbsConfiguration":{"EbsBlockDeviceConfigs":[{"VolumeSpecification":{"SizeInGB":128,"VolumeType":"gp2"},"VolumesPerInstance":1}]},"InstanceType":"m5.xlarge","WeightedCapacity":1}],"LaunchSpecifications":{"OnDemandSpecification":{"AllocationStrategy":"lowest-price"}},"Name":"MASTER","TargetOnDemandCapacity":1,"TargetSpotCapacity":0},{"InstanceFleetType":"CORE","InstanceTypeConfigs":[{"BidPriceAsPercentageOfOnDemandPrice":100,"InstanceType":"c5.xlarge","WeightedCapacity":1}],"LaunchSpecifications":{"OnDemandSpecification":{"AllocationStrategy":"lowest-price"}},"Name":"CORE","TargetOnDemandCapacity":1,"TargetSpotCapacity":0}],"KeepJobFlowAliveWhenNoSteps":true,"ServiceAccessSecurityGroup":"","TerminationProtected":false},"JobFlowRole":"TestEMRProfile-devtest","Name":"dev Test","ReleaseLabel":"emr-5.35.0","ServiceRole":"TestEMR_DefaultRole-devtest","StepConcurrencyLevel":1,"Tags":[{"Key":"Name","Value":"dev Test Cluster"}],"VisibleToAllUsers":true}
[truncated...]" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ApplyResourceChange http.request.header.x_amz_date=20231130T202837Z http.request.header.x_amz_target=ElasticMapReduce.RunJobFlow tf_aws.sdk=aws-sdk-go @module=aws aws.region=us-east-1 http.flavor=1.1 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************SWWZ/20231130/us-east-1/elasticmapreduce/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=*****" tf_mux_provider=*schema.GRPCProviderServer timestamp=2023-11-30T12:28:37.682-0800
2023-11-30T12:28:38.096-0800 [DEBUG] provider.terraform-provider-aws_v5.28.0_x5: HTTP Response Received: @module=aws http.response_content_length=116 http.status_code=200 tf_req_id=79f261ad-d454-5692-cd6d-dfd93766e518 http.response.header.date="Thu, 30 Nov 2023 20:28:37 GMT" rpc.system=aws-api tf_resource_type=aws_emr_cluster tf_rpc=ApplyResourceChange aws.region=us-east-1 http.response.header.content_type=application/x-amz-json-1.1 rpc.service=EMR tf_aws.sdk=aws-sdk-go tf_provider_addr=registry.terraform.io/hashicorp/aws tf_mux_provider=*schema.GRPCProviderServer @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.43/logger.go:157 http.duration=412 http.response.body="{"ClusterArn":"arn:aws:elasticmapreduce:us-east-1:959096951266:cluster/j-IRJG4YX39XOH","JobFlowId":"j-IRJG4YX39XOH"}
" http.response.header.x_amzn_requestid=ff455974-77f5-431e-a22a-ba88689eaf9e rpc.method=RunJobFlow timestamp=2023-11-30T12:28:38.095-0800

Panic Output

No response

Important Factoids

The EBS config doesn't seem to be included in initial call when creating the cluster.

References

No response

Would you like to implement a fix?

Yes

hashicorp / terraform-provider-aws