[Bug]: Unable to create CostCategory with Tags match_options = "ABSENT"

[DanielTaniel]

Terraform Core Version

v1.7.5

AWS Provider Version

v5.43.0

Affected Resource(s)

aws_ce_cost_category

Expected Behavior

It should be possible to create a cost category that groups items that are missing a particular tag. This is possible in the cost category AWS console.

Actual Behavior

When attempting to create a cost category that filters on Tag with the rule match_options = ["ABSENT"] terraform cities a validatioan error

1 validation error detected: Value '[]' at 'rules.1.member.rule.tags.values' failed to satisfy constraint: Member must have length greater than or equal to 1

If I supply a value as either [], or [""] i get the same error. If I supply a value = ["anuything"] i get the following error

creating AWS CE (Cost Explorer) Cost Category: ValidationException: Failed to create Cost Category: Tags expression must not have values set when ABSENT is provided

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_ce_cost_category" "product-categtory" {
  name         = "Product Split"
  rule_version = "CostCategoryExpression.v1"
  rule {
    type  = "REGULAR"
    value = "Product Split"
    rule {
      tags {
        key           = "product-name"
        values        = ["product1", "product2", "product3"]
        match_options = ["EQUALS"]
      }
    }
  }
  rule {
    type  = "REGULAR"
    value = "Product Split"
    rule {
      tags {
        key           = "product-name"
       # or any of the following values
       # values        = ["Something"]
       # values        = []
       # values        = [""]
        match_options = ["ABSENT"]
      }
    }
  }
}

Steps to Reproduce

Attempt to build the supplied aws_ce_cost_category

Debug Output

2024-04-02T16:28:10.963+0100 [INFO]  Terraform version: 1.7.5
2024-04-02T16:28:10.963+0100 [DEBUG] using github.com/hashicorp/go-tfe v1.41.0
2024-04-02T16:28:10.963+0100 [DEBUG] using github.com/hashicorp/hcl/v2 v2.19.1
2024-04-02T16:28:10.963+0100 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.1
2024-04-02T16:28:10.963+0100 [DEBUG] using github.com/zclconf/go-cty v1.14.1
2024-04-02T16:28:10.963+0100 [INFO]  Go runtime version: go1.21.8
2024-04-02T16:28:10.963+0100 [INFO]  CLI args: []string{"terraform", "apply"}
2024-04-02T16:28:10.963+0100 [DEBUG] Attempting to open CLI config file: /home/[USER]/.terraformrc
2024-04-02T16:28:10.963+0100 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /home/[USER]/.terraform.d/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /home/[USER]/.local/share/terraform/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /usr/share/ubuntu/terraform/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /usr/share/gnome/terraform/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /usr/local/share/terraform/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /usr/share/terraform/plugins
2024-04-02T16:28:10.963+0100 [DEBUG] ignoring non-existing provider search directory /var/lib/snapd/desktop/terraform/plugins
2024-04-02T16:28:10.964+0100 [INFO]  CLI command args: []string{"apply"}
2024-04-02T16:28:10.964+0100 [DEBUG] New state was assigned lineage "a8b928ca-0270-fa58-e175-c543a2131085"
2024-04-02T16:28:11.408+0100 [DEBUG] checking for provisioner in "."
2024-04-02T16:28:11.408+0100 [DEBUG] checking for provisioner in "/home/[USER]/Applications"
2024-04-02T16:28:11.409+0100 [INFO]  backend/local: starting Apply operation
2024-04-02T16:28:11.409+0100 [DEBUG] created provider logger: level=debug
2024-04-02T16:28:11.409+0100 [INFO]  provider: configuring client automatic mTLS
2024-04-02T16:28:11.415+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 args=[".terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5"]
2024-04-02T16:28:11.415+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450156
2024-04-02T16:28:11.415+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5
2024-04-02T16:28:11.472+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: configuring server automatic mTLS: timestamp="2024-04-02T16:28:11.472+0100"
2024-04-02T16:28:11.478+0100 [DEBUG] provider: using plugin: version=5
2024-04-02T16:28:11.478+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: plugin address: address=/tmp/plugin911960239 network=unix timestamp="2024-04-02T16:28:11.477+0100"
2024-04-02T16:28:11.837+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-02T16:28:11.842+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450156
2024-04-02T16:28:11.842+0100 [DEBUG] provider: plugin exited
2024-04-02T16:28:11.842+0100 [DEBUG] Building and walking validate graph
2024-04-02T16:28:11.842+0100 [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/aws"], implied first by aws_ce_cost_category.product-categtory
2024-04-02T16:28:11.842+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory" (*terraform.NodeValidatableResource) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:11.842+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory" references: []
2024-04-02T16:28:11.842+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/aws\"]" references: []
2024-04-02T16:28:11.842+0100 [DEBUG] Starting graph walk: walkValidate
2024-04-02T16:28:11.842+0100 [DEBUG] created provider logger: level=debug
2024-04-02T16:28:11.842+0100 [INFO]  provider: configuring client automatic mTLS
2024-04-02T16:28:11.846+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 args=[".terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5"]
2024-04-02T16:28:11.846+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450192
2024-04-02T16:28:11.846+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5
2024-04-02T16:28:11.903+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: configuring server automatic mTLS: timestamp="2024-04-02T16:28:11.903+0100"
2024-04-02T16:28:11.908+0100 [DEBUG] provider: using plugin: version=5
2024-04-02T16:28:11.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: plugin address: network=unix address=/tmp/plugin271309085 timestamp="2024-04-02T16:28:11.908+0100"
2024-04-02T16:28:11.919+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-02T16:28:11.922+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450192
2024-04-02T16:28:11.922+0100 [DEBUG] provider: plugin exited
2024-04-02T16:28:11.922+0100 [INFO]  backend/local: apply calling Plan
2024-04-02T16:28:11.922+0100 [DEBUG] Building and walking plan graph for NormalMode
2024-04-02T16:28:11.922+0100 [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/aws"], implied first by aws_ce_cost_category.product-categtory (expand)
2024-04-02T16:28:11.922+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:11.923+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory (expand)" references: []
2024-04-02T16:28:11.923+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/aws\"]" references: []
2024-04-02T16:28:11.923+0100 [DEBUG] Starting graph walk: walkPlan
2024-04-02T16:28:11.923+0100 [DEBUG] created provider logger: level=debug
2024-04-02T16:28:11.923+0100 [INFO]  provider: configuring client automatic mTLS
2024-04-02T16:28:11.925+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 args=[".terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5"]
2024-04-02T16:28:11.925+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450214
2024-04-02T16:28:11.925+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5
2024-04-02T16:28:11.984+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: configuring server automatic mTLS: timestamp="2024-04-02T16:28:11.984+0100"
2024-04-02T16:28:11.989+0100 [DEBUG] provider: using plugin: version=5
2024-04-02T16:28:11.989+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: plugin address: address=/tmp/plugin3731542161 network=unix timestamp="2024-04-02T16:28:11.989+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Configuring Terraform AWS Provider: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider tf_mux_provider="*schema.GRPCProviderServer" @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:134 @module=aws timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Resolving credentials provider: @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Loading configuration: @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 @module=aws.aws-base tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving credentials: @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws.aws-base tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: Retrieved credentials: @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:39 tf_aws.credentials_source=EnvConfigCredentials tf_mux_provider="*schema.GRPCProviderServer" timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Loading configuration: tf_rpc=ConfigureProvider @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.049+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Creating AWS SDK v1 session: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:158 @module=aws tf_mux_provider="*schema.GRPCProviderServer" timestamp="2024-04-02T16:28:12.049+0100"
2024-04-02T16:28:12.050+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving AWS account details: tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:173 tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_rpc=ConfigureProvider @module=aws timestamp="2024-04-02T16:28:12.050+0100"
2024-04-02T16:28:12.050+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving caller identity from STS: tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider @module=aws.aws-base tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp="2024-04-02T16:28:12.050+0100"
2024-04-02T16:28:12.050+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Request Sent: rpc.service=STS
  http.request.body=
  | Action=GetCallerIdentity&Version=2011-06-15
   http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************5KSI/20240402/eu-west-2/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.7.5 (+https://www.terraform.io) terraform-provider-aws/5.43.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.26.0 os/linux lang/go#1.21.8 md/GOOS#linux md/GOARCH#amd64 api/sts#1.28.5" net.peer.name=sts.eu-west-2.amazonaws.com http.method=POST tf_aws.sdk=aws-sdk-go-v2 tf_aws.signing_region="" @module=aws.aws-base aws.region=eu-west-2 rpc.method=GetCallerIdentity tf_rpc=ConfigureProvider rpc.system=aws-api tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 tf_mux_provider="*schema.GRPCProviderServer" @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 http.request.header.amz_sdk_invocation_id=84ce8318-79fc-454c-b196-fda5f0417b61 http.request.header.content_type=application/x-www-form-urlencoded http.request.header.x_amz_date=20240402T152812Z http.request.header.x_amz_security_token="*****" http.request_content_length=43 http.url=https://sts.eu-west-2.amazonaws.com/ http.request.header.amz_sdk_request="attempt=1; max=25" tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp="2024-04-02T16:28:12.050+0100"
2024-04-02T16:28:12.107+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Response Received: tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 http.duration=56 rpc.system=aws-api tf_aws.sdk=aws-sdk-go-v2 tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws rpc.service=STS tf_rpc=ConfigureProvider @module=aws.aws-base
  http.response.body=
  | <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  |   <GetCallerIdentityResult>
  |     <Arn>[arn]</Arn>
  |     <UserId>[uid]</UserId>
  |     <Account>[account]</Account>
  |   </GetCallerIdentityResult>
  |   <ResponseMetadata>
  |     <RequestId>[requestid]</RequestId>
  |   </ResponseMetadata>
  | </GetCallerIdentityResponse>
   http.response.header.date="Tue, 02 Apr 2024 15:28:11 GMT" http.response_content_length=500 @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 http.response.header.x_amzn_requestid=e28fe46f-7939-413b-a8d7-1281351eebe2 rpc.method=GetCallerIdentity aws.region=eu-west-2 http.response.header.content_type=text/xml http.status_code=200 tf_aws.signing_region="" timestamp="2024-04-02T16:28:12.106+0100"
2024-04-02T16:28:12.107+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: Retrieved caller identity from STS: @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:39 tf_req_id=e4f9c9c5-f854-6fad-3b25-ef5553a41d76 timestamp="2024-04-02T16:28:12.106+0100"
2024-04-02T16:28:12.107+0100 [DEBUG] Resource instance state not found for node "aws_ce_cost_category.product-categtory", instance aws_ce_cost_category.product-categtory
2024-04-02T16:28:12.107+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory" references: []
2024-04-02T16:28:12.107+0100 [DEBUG] refresh: aws_ce_cost_category.product-categtory: no state, so not refreshing
2024-04-02T16:28:12.115+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-02T16:28:12.119+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450214
2024-04-02T16:28:12.119+0100 [DEBUG] provider: plugin exited
2024-04-02T16:28:12.119+0100 [DEBUG] building apply graph to check for errors
2024-04-02T16:28:12.119+0100 [DEBUG] Resource state not found for node "aws_ce_cost_category.product-categtory", instance aws_ce_cost_category.product-categtory
2024-04-02T16:28:12.119+0100 [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/aws"], implied first by aws_ce_cost_category.product-categtory (expand)
2024-04-02T16:28:12.119+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:12.119+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:12.119+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory (expand)" references: []
2024-04-02T16:28:12.119+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory" references: []
2024-04-02T16:28:12.119+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/aws\"]" references: []

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ce_cost_category.product-categtory will be created
  + resource "aws_ce_cost_category" "product-categtory" {
      + arn             = (known after apply)
      + effective_end   = (known after apply)
      + effective_start = (known after apply)
      + id              = (known after apply)
      + name            = "Product Split"
      + rule_version    = "CostCategoryExpression.v1"
      + tags_all        = (known after apply)

      + rule {
          + type  = "REGULAR"
          + value = "Product Split"

          + rule {
              + tags {
                  + key           = "product-name"
                  + match_options = [
                      + "ABSENT",
                    ]
                  + values        = [
                      + "Something",
                    ]
                }
            }
        }
      + rule {
          + type  = "REGULAR"
          + value = "Product Split"

          + rule {
              + tags {
                  + key           = "product-name"
                  + match_options = [
                      + "EQUALS",
                    ]
                  + values        = [
                      + "product1",
                      + "product2",
                      + "product3",
                    ]
                }
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.
2024-04-02T16:28:12.143+0100 [DEBUG] command: asking for input: "\nDo you want to perform these actions?"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

2024-04-02T16:28:13.788+0100 [INFO]  backend/local: apply calling Apply
2024-04-02T16:28:13.788+0100 [DEBUG] Building and walking apply graph for NormalMode plan
2024-04-02T16:28:13.789+0100 [DEBUG] Resource state not found for node "aws_ce_cost_category.product-categtory", instance aws_ce_cost_category.product-categtory
2024-04-02T16:28:13.789+0100 [DEBUG] adding implicit provider configuration provider["registry.terraform.io/hashicorp/aws"], implied first by aws_ce_cost_category.product-categtory
2024-04-02T16:28:13.789+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory (expand)" (*terraform.nodeExpandApplyableResource) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:13.789+0100 [DEBUG] ProviderTransformer: "aws_ce_cost_category.product-categtory" (*terraform.NodeApplyableResourceInstance) needs provider["registry.terraform.io/hashicorp/aws"]
2024-04-02T16:28:13.789+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory (expand)" references: []
2024-04-02T16:28:13.789+0100 [DEBUG] ReferenceTransformer: "aws_ce_cost_category.product-categtory" references: []
2024-04-02T16:28:13.789+0100 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/aws\"]" references: []
2024-04-02T16:28:13.789+0100 [DEBUG] Starting graph walk: walkApply
2024-04-02T16:28:13.789+0100 [DEBUG] created provider logger: level=debug
2024-04-02T16:28:13.789+0100 [INFO]  provider: configuring client automatic mTLS
2024-04-02T16:28:13.791+0100 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 args=[".terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5"]
2024-04-02T16:28:13.791+0100 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450263
2024-04-02T16:28:13.791+0100 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5
2024-04-02T16:28:13.845+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: configuring server automatic mTLS: timestamp="2024-04-02T16:28:13.845+0100"
2024-04-02T16:28:13.851+0100 [DEBUG] provider: using plugin: version=5
2024-04-02T16:28:13.851+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: plugin address: address=/tmp/plugin2407209990 network=unix timestamp="2024-04-02T16:28:13.851+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Configuring Terraform AWS Provider: tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:134 @module=aws tf_rpc=ConfigureProvider timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Resolving credentials provider: tf_rpc=ConfigureProvider @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 tf_mux_provider="*schema.GRPCProviderServer" timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Loading configuration: @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving credentials: tf_mux_provider="*schema.GRPCProviderServer" @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c tf_rpc=ConfigureProvider timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: Retrieved credentials: @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:39 tf_aws.credentials_source=EnvConfigCredentials tf_mux_provider="*schema.GRPCProviderServer" tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Loading configuration: @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Creating AWS SDK v1 session: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:158 tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider @module=aws timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving AWS account details: tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:173 @module=aws tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.908+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: Retrieving caller identity from STS: tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 @module=aws.aws-base tf_mux_provider="*schema.GRPCProviderServer" tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c tf_rpc=ConfigureProvider timestamp="2024-04-02T16:28:13.908+0100"
2024-04-02T16:28:13.909+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Request Sent: http.request_content_length=43 tf_provider_addr=registry.terraform.io/hashicorp/aws aws.region=eu-west-2 http.request.header.x_amz_date=20240402T152813Z http.url=https://sts.eu-west-2.amazonaws.com/ net.peer.name=sts.eu-west-2.amazonaws.com http.request.header.content_type=application/x-www-form-urlencoded tf_aws.sdk=aws-sdk-go-v2 http.request.header.amz_sdk_request="attempt=1; max=25" http.method=POST rpc.system=aws-api @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47
  http.request.body=
  | Action=GetCallerIdentity&Version=2011-06-15
   http.request.header.amz_sdk_invocation_id=67b02a1a-1b48-461f-876c-a8cef44b0164 http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.7.5 (+https://www.terraform.io) terraform-provider-aws/5.43.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.26.0 os/linux lang/go#1.21.8 md/GOOS#linux md/GOARCH#amd64 api/sts#1.28.5" tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c @module=aws.aws-base rpc.service=STS http.request.header.x_amz_security_token="*****" tf_aws.signing_region="" tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************5KSI/20240402/eu-west-2/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" rpc.method=GetCallerIdentity timestamp="2024-04-02T16:28:13.909+0100"
2024-04-02T16:28:14.052+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Response Received: tf_aws.sdk=aws-sdk-go-v2 tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c http.response.header.content_type=text/xml http.response.header.date="Tue, 02 Apr 2024 15:28:13 GMT" http.response_content_length=500 http.status_code=200 rpc.service=STS rpc.method=GetCallerIdentity tf_aws.signing_region="" tf_mux_provider="*schema.GRPCProviderServer" @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:47 @module=aws.aws-base
  http.response.body=
  | <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  |   <GetCallerIdentityResult>
  |     <Arn[arn]</Arn>
  |     <UserId>[uid]</UserId>
  |     <Account>[account]</Account>
  |   </GetCallerIdentityResult>
  |   <ResponseMetadata>
  |     <RequestId>[rid]</RequestId>
  |   </ResponseMetadata>
  | </GetCallerIdentityResponse>
   aws.region=eu-west-2 http.response.header.x_amzn_requestid=11855c76-59a4-4d5d-8438-507574608d9d rpc.system=aws-api tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider http.duration=143 timestamp="2024-04-02T16:28:14.052+0100"
2024-04-02T16:28:14.052+0100 [INFO]  provider.terraform-provider-aws_v5.43.0_x5: Retrieved caller identity from STS: tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.50/logging/tf_logger.go:39 @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad6fc1b-312a-bbc7-7285-fdf13060998c timestamp="2024-04-02T16:28:14.052+0100"
aws_ce_cost_category.product-categtory: Creating...
2024-04-02T16:28:14.060+0100 [INFO]  Starting apply for aws_ce_cost_category.product-categtory
2024-04-02T16:28:14.061+0100 [DEBUG] aws_ce_cost_category.product-categtory: applying the planned Create change
2024-04-02T16:28:14.062+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: [DEBUG] setting computed for "tags_all" from ComputedKeys
2024-04-02T16:28:14.062+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: [DEBUG] Waiting for state to become: [success]
2024-04-02T16:28:14.062+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Request Sent: http.request.header.content_type=application/x-amz-json-1.1 tf_rpc=ApplyResourceChange rpc.service="Cost Explorer" tf_req_id=0ad604b6-87dc-8b31-f774-fc6532f082f6 tf_resource_type=aws_ce_cost_category aws.region=eu-west-2 http.request_content_length=359 http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.7.5 (+https://www.terraform.io) terraform-provider-aws/5.43.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.51.9 (go1.21.8; linux; amd64)" @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.51/logger.go:109 http.request.header.x_amz_target=AWSInsightsIndexService.CreateCostCategoryDefinition http.url=https://ce.us-east-1.amazonaws.com/ tf_provider_addr=registry.terraform.io/hashicorp/aws http.method=POST rpc.method=CreateCostCategoryDefinition rpc.system=aws-api tf_mux_provider="*schema.GRPCProviderServer" tf_aws.signing_region=us-east-1
  http.request.body=
  | {"Name":"Product Split","RuleVersion":"CostCategoryExpression.v1","Rules":[{"Rule":{"Tags":{"Key":"product-name","MatchOptions":["EQUALS"],"Values":["product2","product3","product1"]}},"Type":"REGULAR","Value":"Product Split"},{"Rule":{"Tags":{"Key":"product-name","MatchOptions":["ABSENT"],"Values":["Something"]}},"Type":"REGULAR","Value":"Product Split"}]}
   http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************5KSI/20240402/us-east-1/ce/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=*****" http.request.header.x_amz_date=20240402T152814Z tf_aws.sdk=aws-sdk-go @module=aws net.peer.name=ce.us-east-1.amazonaws.com http.flavor=1.1 http.request.header.x_amz_security_token="*****" timestamp="2024-04-02T16:28:14.062+0100"
2024-04-02T16:28:14.390+0100 [DEBUG] provider.terraform-provider-aws_v5.43.0_x5: HTTP Response Received: @module=aws http.response.header.date="Tue, 02 Apr 2024 15:28:14 GMT" rpc.service="Cost Explorer" rpc.system=aws-api tf_aws.signing_region=us-east-1 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=0ad604b6-87dc-8b31-f774-fc6532f082f6 tf_resource_type=aws_ce_cost_category
  http.response.body=
  | {"__type":"ValidationException","message":"Failed to create Cost Category: Tags expression must not have values set when ABSENT is provided"}
   tf_mux_provider="*schema.GRPCProviderServer" aws.region=eu-west-2 http.response.header.cache_control=no-cache http.status_code=400 rpc.method=CreateCostCategoryDefinition tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.51/logger.go:157 http.duration=327 http.response_content_length=141 tf_aws.sdk=aws-sdk-go http.response.header.content_type=application/x-amz-json-1.1 http.response.header.x_amzn_requestid=[e959dffa-987f-41de-a084-82bdd502c265, 3a697dd2-9c92-4ba9-8d04-3c48fa6d8e97] timestamp="2024-04-02T16:28:14.390+0100"
2024-04-02T16:28:14.390+0100 [ERROR] provider.terraform-provider-aws_v5.43.0_x5: Response contains error diagnostic:
  diagnostic_summary=
  | creating AWS CE (Cost Explorer) Cost Category: ValidationException: Failed to create Cost Category: Tags expression must not have values set when ABSENT is provided
  | \tstatus code: 400, request id: e959dffa-987f-41de-a084-82bdd502c265
   tf_req_id=0ad604b6-87dc-8b31-f774-fc6532f082f6 tf_resource_type=aws_ce_cost_category tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.22.1/tfprotov5/internal/diag/diagnostics.go:58 diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/hashicorp/aws @module=sdk.proto diagnostic_detail="" tf_proto_version=5.4 timestamp="2024-04-02T16:28:14.390+0100"
2024-04-02T16:28:14.403+0100 [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-04-02T16:28:14.403+0100 [ERROR] vertex "aws_ce_cost_category.product-categtory" error: creating AWS CE (Cost Explorer) Cost Category: ValidationException: Failed to create Cost Category: Tags expression must not have values set when ABSENT is provided
    status code: 400, request id: e959dffa-987f-41de-a084-82bdd502c265
╷
│ Error: creating AWS CE (Cost Explorer) Cost Category: ValidationException: Failed to create Cost Category: Tags expression must not have values set when ABSENT is provided
│   status code: 400, request id: e959dffa-987f-41de-a084-82bdd502c265
│ 
│   with aws_ce_cost_category.product-categtory,
│   on costcategory.tf line 102, in resource "aws_ce_cost_category" "product-categtory":
│  102: resource "aws_ce_cost_category" "product-categtory" {
│ 
╵
2024-04-02T16:28:14.407+0100 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-04-02T16:28:14.411+0100 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.43.0/linux_amd64/terraform-provider-aws_v5.43.0_x5 pid=450263
2024-04-02T16:28:14.411+0100 [DEBUG] provider: plugin exited

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[acwwat]

According to TagValues:

If Values and Key aren't specified, the ABSENT MatchOption is applied to all tags. That is, it's filtered on resources with no tags.

If Key is provided and Values isn't specified, the ABSENT MatchOption is applied to the tag Key only. That is, it's filtered on resources without the given tag key.

The validation error is from calling the AWS API. It seems it is generally missing object length checks. In the case of Values it's being "converted" to an empty list in the AWS API request payload.