hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.

https://registry.terraform.io/providers/hashicorp/aws

Mozilla Public License 2.0

9.87k stars 9.21k forks source link

[Bug]: `aws_eip` error: Unpaginated and unqualified requests are not permitted #38841

Open theresali-apple opened 3 months ago

theresali-apple commented 3 months ago

Description

Hi there,

We have a lot of security groups in our aws account, which aws helps us to raise the limit by service quota request. When I try to get a list of SG(security groups) using Terraform Data Source: aws_security_group, I then get an Error: reading EC2 Security Group: OperationNotPermitted: Unpaginated and unqualified requests are not permitted.

Provider.aws: version = 5.39.1

Thank you for any help.

Affected Resource(s) and/or Data Source(s)

Data Source: aws_security_group

Potential Terraform Configuration

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 3 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

justinretzolk commented 3 months ago

Hey @theresali-apple 👋 Thank you for taking the time to raise this! You mentioned that you're trying to use the (singular) aws_security_group data source. Did you mean the (plural) aws_security_groups data source?

theresali-apple commented 3 months ago

Thank you @justinretzolk for the reply. We are actually using the (singular) aws_security_group. But actually, the error might come from aws_eip here:

resource "aws_eip" "shared-vpc-eip" {
  count = length(var.az_ids)
  vpc   = true
  tags = ...
  depends_on = [aws_vpc.shared-vpc]
}

Here is the terraform plan error:

in resource "aws_eip" "shared-vpc-eip":
[1m[31mError: [0m[0m[1mreading EC2 Security Group: OperationNotPermitted: Unpaginated and unqualified requests are not permitted.
238:   vpc   = [4mtrue[0m
status code: 400

stefanfreitag commented 2 months ago

Hi @theresali-apple, is the issue also existing in one of the newer provider versions, e.g. >= v5.60.0?

I tried to get more insights by tracking back the reading EC2 Security Group from your explanation. I see it showing up only in one place: data.aws_security_groups. Here is the code snippet

if len(input.Filters) == 0 {
    input.Filters = nil
}

output, err := findSecurityGroups(ctx, conn, input)

if err != nil {
    return sdkdiag.AppendErrorf(diags, "reading EC2 Security Groups: %s", err)
}

The findSecurityGroups function has been updated in July 24 to use the AWS SDK Go v2. That's the reason why I asked if the issue still persists when using a newer provider. This said, I am not sure if your issue is related to aws_eip. It would be awesome if you could provide additional details.