search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.71k stars 9.07k forks source link

[Bug]: Error: Provider produced inconsistent result after apply #37747

Open gcetrone3 opened 3 months ago

gcetrone3 commented 3 months ago

Terraform Core Version

1.7.4

AWS Provider Version

5.51.1 Fails 5.49.0 Succeeds

Affected Resource(s)

data "aws_iam_policy" "AWSLambdaVPCAccessExecutionRole" {
  arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
}

resource "aws_iam_role" "lambda_role" {
  name               = "${local.full_lambda_name}-isr"
  description        = "${upper(var.project)} ${local.app_name} IAM Service Role"
  assume_role_policy = file("${path.module}/iam_policies_json/assumerolepolicy.json")
  tags = local.all_tags
}

# Wildcards are acceptable in this Policy by IHA Security Standards
# tfsec:ignore:aws-iam-no-policy-wildcards
resource "aws_iam_policy" "lambda_policy" {
  name        = "${local.full_lambda_name}-isrp"
  description = "${upper(var.project)} ${local.app_name} IAM Service Role Policy"
  policy      = file("${path.module}/iam_policies_json/lambda_iam_policy.json")
  tags = local.all_tags
}

resource "aws_iam_policy_attachment" "attach_policy_lambda" {
  name       = aws_iam_role.lambda_role.name
  roles      = [aws_iam_role.lambda_role.name]
  policy_arn = aws_iam_policy.lambda_policy.arn
}

resource "aws_iam_policy_attachment" "attach_policy_lambda_vpc" {
  name       = "${aws_iam_role.lambda_role.name}-vpc"
  roles      = [aws_iam_role.lambda_role.name]
  policy_arn = data.aws_iam_policy.AWSLambdaVPCAccessExecutionRole.arn
}

Expected Behavior

Policy Attachment is consistent and succeeds.

Actual Behavior

 Error: Provider produced inconsistent result after apply
│ 
│ When applying changes to
│ module.Core.module.SMTP_Mailer.aws_iam_policy_attachment.attach_policy_lambda_vpc,
│ provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an
│ unexpected new value: Root object was present, but now absent.
│ 
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.

Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 5.0"...
- Finding hashicorp/random versions matching "~> 3.0"...
- Finding latest version of hashicorp/null...
- Finding latest version of hashicorp/template...
- Finding hashicorp/local versions matching "~> 2.0"...
- Installing hashicorp/null v3.2.2...
- Installed hashicorp/null v3.2.2 (signed by HashiCorp)
- Installing hashicorp/template v2.2.0...
- Installed hashicorp/template v2.2.0 (signed by HashiCorp)
- Installing hashicorp/local v2.5.1...
- Installed hashicorp/local v2.5.1 (signed by HashiCorp)
- Installing hashicorp/aws v5.51.1...
- Installed hashicorp/aws v5.51.1 (signed by HashiCorp)
- Installing hashicorp/random v3.6.2...
- Installed hashicorp/random v3.6.2 (signed by HashiCorp)

Relevant Error/Panic Output Snippet

None

Terraform Configuration Files

# Configure the AWS Provider
provider "aws" {
  region            = "us-east-1"
  use_fips_endpoint = true
}

# Configure the Terraform BackEnd and Versions
terraform {
  backend "s3" {}
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }

    random = {
      source  = "hashicorp/random"
      version = "~> 3.0"
    }

    local = {
      source  = "hashicorp/local"
      version = "~> 2.0"
    }
  }

  required_version = ">= 1.2.0" #required terraform version
}

Steps to Reproduce

Deploy terraform resources through AWS CodePipeline

Debug Output

None

Panic Output

None

Important Factoids

None

References

None

Would you like to implement a fix?

No

github-actions[bot] commented 3 months ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

svanderwall commented 3 months ago

I am also getting a similar issue when modifying API Gateway Routes.