search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.74k stars 9.1k forks source link

[Bug]: CloudFormation StackSet (X): InvalidOperationException: Cannot update ManagedExecution while updating StackSet Template or Parameters #35031

Open AliAllomani opened 8 months ago

AliAllomani commented 8 months ago

Terraform Core Version

1.6.6

AWS Provider Version

5.31.0

Affected Resource(s)

Expected Behavior

Ability to update ManagedExecution value

e.g. 

# aws cloudformation update-stack-set --managed-execution Active=true --stack-set-name test-stackset --use-previous-template
{
    "OperationId": "12f0e5b5-1f89-44f8-a28f-f461c8d76179"
}

Actual Behavior

When trying to toggle managed_execution.active from false to true, the operation fails with the error Cannot update ManagedExecution while updating StackSet Template or Parameters, even though no other changes are being made to the stackset.

# aws_cloudformation_stack_set.this["x"] will be updated in-place
  ~ resource "aws_cloudformation_stack_set" "this" {
        id                      = "x"
        name                    = "x"
        tags                    = {}
        # (10 unchanged attributes hidden)

      ~ managed_execution {
          ~ active = false -> true
        }

        # (2 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

...

aws_cloudformation_stack_set.this["x"]: Modifying... [id=x]
╷
│ Error: updating CloudFormation StackSet (x): InvalidOperationException: Cannot update ManagedExecution while updating StackSet Template or Parameters.
│       status code: 400, request id: 9ca9bce0-49c4-459e-a7ac-35bff6848f4c
│ 
│   with aws_cloudformation_stack_set.this["x"],
│   on main.tf line 11, in resource "aws_cloudformation_stack_set" "this":
│   11: resource "aws_cloudformation_stack_set" "this" {

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_cloudformation_stack_set" "this" {
  for_each = { for v in var.stack_sets : v.name => v }

  name = each.key

  permission_model = "SERVICE_MANAGED"

  auto_deployment {
    enabled                          = true
    retain_stacks_on_account_removal = false
  }

  operation_preferences {
    failure_tolerance_percentage = each.value.failure_tolerance_percentage
    max_concurrent_percentage    = each.value.max_concurrent_percentage
    region_concurrency_type      = each.value.region_concurrency_type
  }

  managed_execution {
    active = each.value.managed_execution
  }

  capabilities = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM"]

  parameters = each.value.parameters

  template_body = file("${path.module}/templates/${each.value.template_name}.yaml")

  lifecycle {
    ignore_changes = [
      administration_role_arn
    ]
  }
}

stack_sets = [
  {
    name          = "xxx"
    template_name = "xxx"
    parameters = { }
    managed_execution = true
  }
]

variable "stack_sets" {
  type = list(object({
    name                         = string
    parameters                   = map(string)
    template_name                = string
    target_ou_paths              = list(string)
    target_regions               = list(string)
    failure_tolerance_percentage = optional(number, 100)
    max_concurrent_percentage    = optional(number, 30)
    region_concurrency_type      = optional(string, "PARALLEL")
    managed_execution            = optional(bool, true)
  }))
  description = "List of stack sets to create"
}

Steps to Reproduce

  1. Terraform Plan and Apply for aws_cloudformation_stack_set with managed_execution.active = false
  2. Terraform Plan and Apply for aws_cloudformation_stack_set with managed_execution.active = true

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 8 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue