[Bug]: Error: creating Redshift Cluster IAM Roles. InvalidClusterState: The Cluster is being modified by a concurrent operation.

[GISTech01]

Terraform Core Version

1.4.6

AWS Provider Version

5.12.0

Affected Resource(s)

• aws_redshift_cluster
• aws_redshift_cluster_iam_roles

Expected Behavior

Amazon Redshift Cluster should be deployed and in available state before associated iam roles are attached to the Redshift cluster.

Actual Behavior

Terraform fails to deploy Amazon Redshift cluster with iam_roles defined as its applied immediately after cluster is deployed, but still unavailable which causes the apply to fail, trying to add the associated iam roles

Relevant Error/Panic Output Snippet

Error: creating Redshift Cluster IAM Roles (***): InvalidClusterState: The Cluster is being modified by a concurrent operation. Please check the Cluster's status and try again.
│   status code: 400, request id: 091d7b82-0ec9-446f-8923-33d08622291a
│ 
│   with aws_redshift_cluster_iam_roles.this,
│   on redshift.tf line 100, in resource "aws_redshift_cluster_iam_roles" "this":
│  100: resource "aws_redshift_cluster_iam_roles" "this" {

Terraform Configuration Files

--- redshift cluster ---

module ktts-redshift { source = "terraform-aws-modules/redshift/aws" version = "~> 5.0.0"

cluster_identifier = var.cluster_identifier allow_version_upgrade = var.allow_version_upgrade node_type = var.redshift_node_type number_of_nodes = var.redshift_number_of_nodes

database_name = var.redshift_database_name create_random_password = var.create_random_password master_username = jsondecode(data.aws_secretsmanager_secret_version.redshift_secret.secret_string)["Username"] master_password = jsondecode(data.aws_secretsmanager_secret_version.redshift_secret.secret_string)["Password"]

enhanced_vpc_routing = var.enhanced_vpc_routing vpc_security_group_ids = [module.ktts-redshift-sg.security_group_id] subnet_ids = module.vpc.redshift_subnets

availability_zone_relocation_enabled = var.enable_az_relocation

logging = { enable = var.enable_redshift_logging bucket_name = module.s3-bucket-redshift.s3_bucket_id s3_key_prefix = "${var.redshift_database_name}/" }

create_subnet_group = var.create_subnet_group subnet_group_name = module.vpc.redshift_subnet_group create_parameter_group = var.create_parameter_group

}

resource "aws_redshift_cluster_iam_roles" "this" { cluster_identifier = module.ktts-redshift.cluster_identifier iam_role_arns = var.redshift_iam_role_arns

depends_on = [module.ktts-redshift] }

Steps to Reproduce

Either deploy Amazon Redshift Cluster using Terraform Redshift Module or:

• Create Redshift Cluster using Terraform resource - aws_redshift_cluster followed by,
• Attaching IAM roles to cluster using Terraform resource - aws_redshift_cluster_iam_roles

Debug Output

None

Panic Output

None

Important Factoids

None

References

https://github.com/hashicorp/terraform-provider-aws/issues/28884

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.