[Bug]: No RAM Resource Share (arn:aws:ram:eu-central-1:xxxxxxxxxxxxxxx:resource-share/xxxxxxxxxxxxxxxxxxxxx) invitation found

[githubkannadhasan]

Terraform Core Version

1.5.7

AWS Provider Version

5.32.1

Affected Resource(s)

previous bug re-occurred: https://github.com/hashicorp/terraform-provider-aws/issues/11785

module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Destroying... [id=arn:aws:ram:eu-central-1::resource-share/] aws_securityhub_invite_accepter.eu-central-1_accepter: Creating... module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Destruction complete after 0s module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Creating... aws_securityhub_invite_accepter.eu-central-1_accepter: Creation complete after 0s [id=] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [10s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [20s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [30s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [40s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [50s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m0s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m10s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m20s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m30s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m40s elapsed] module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter: Still creating... [1m50s elapsed] ╷ │ Error: No RAM Resource Share (arn:aws:ram:eu-central-1::resource-share/) invitation found │ │ NOTE: If both AWS accounts are in the same AWS Organization and RAM Sharing with AWS Organizations is enabled, this resource is not necessary │ │ with module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter, │ on enabled_region/transit_gw.tf line 52, in resource "aws_ram_resource_share_accepter" "tgw_accepter": │ 52: resource "aws_ram_resource_share_accepter" "tgw_accepter" { │ ╵

Exit code: 1

Expected Behavior

Checking manually I can confirm that the resource share exists and everything is working from a network perspective (the Transit Gateway in my case). Also the resource share ID does exist, so the error message that no RAM invite was found must be misleading in some way.

Actual Behavior

aws_ram_resource_share_accepter throws an error.

Relevant Error/Panic Output Snippet

│ Error: No RAM Resource Share (arn:aws:ram:eu-central-1:992385527449:resource-share/962ed44b-0532-412e-a30e-e5acc3ba7e88) invitation found
│
│ NOTE: If both AWS accounts are in the same AWS Organization and RAM Sharing with AWS Organizations is enabled, this resource is not necessary
│
│   with module.eu-central-1.aws_ram_resource_share_accepter.tgw_accepter,
│   on enabled_region/transit_gw.tf line 52, in resource "aws_ram_resource_share_accepter" "tgw_accepter":
│   52: resource "aws_ram_resource_share_accepter" "tgw_accepter" {
│
╵

Terraform Configuration Files

na

Steps to Reproduce

terraform apply

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[dthvt]

Can confirm this has broken again. The import of an existing RAM share is broken because the RAM invitation (a "hidden" object you can't see in console) expires after X number of days (I want to say 14, but I don't recall for sure). Once the invitation is expired, the share is still in place. When importing, the code appears to depend on the invitation being present.

For example, one of my long established RAM shares shows this in the receiving account:

$ aws ram get-resource-shares --resource-owner OTHER-ACCOUNTS
{
    "resourceShares": [
        {
            "resourceShareArn": "arn:aws:ram:us-east-1:123456789012:resource-share/f89e35d5-55e1-xxxx-xxxx-xxxxxxxxxxxx",
            "name": "xxxxxxxxx",
            "owningAccountId": "210987654321",
            "allowExternalPrincipals": true,
            "status": "ACTIVE",
            "creationTime": "2020-10-01T13:44:36.668000-04:00",
            "lastUpdatedTime": "2020-10-01T13:44:36.668000-04:00",
            "featureSet": "STANDARD"
        }
    ]
}

$ aws ram get-resource-share-invitations 
{
    "resourceShareInvitations": []
}

This makes it impossible for me to import the share.