[Bug]: aws_chatbot_teams_channel_configuration returns "Error: waiting for creation AWS Chatbot Teams Channel Configuration" during apply, but the resource is created in AWS

[yolanv]

Terraform Core Version

1.5.7

AWS Provider Version

5.61.0

Affected Resource(s)

aws_chatbot_teams_channel_configuration

Expected Behavior

The creation of the channel configuration should succeed and terraform apply should return with success and the resource should be available in AWS.

Actual Behavior

The resource is available in AWS, but terraform apply fails with the following message:

│ Error: waiting for creation AWS Chatbot Teams Channel Configuration (<teams team id obfuscated>)
│ 
│   with module.chatbot.aws_chatbot_teams_channel_configuration.chatbot_notifications,
│   on chatbot/teams.tf line 19, in resource "aws_chatbot_teams_channel_configuration" "chatbot_notifications":
│   19: resource "aws_chatbot_teams_channel_configuration" "chatbot_notifications" {
│ 
│ couldn't find resource (21 retries)

Running terraform apply a second time returns the following error:

│ Error: creating AWS Chatbot Teams Channel Configuration (<teams team id obfuscated>)
│ 
│   with module.chatbot.aws_chatbot_teams_channel_configuration.chatbot_notifications,
│   on chatbot/teams.tf line 19, in resource "aws_chatbot_teams_channel_configuration" "chatbot_notifications":
│   19: resource "aws_chatbot_teams_channel_configuration" "chatbot_notifications" {
│ 
│ operation error chatbot: CreateMicrosoftTeamsChannelConfiguration, https
│ response error StatusCode: 409, RequestID:
│ <request id>, ConflictException: Resource with arn
│ arn:aws:chatbot::account-id:chat-configuration/microsoft-teams-channel/chatbot-notifications
│ already exists.
╵

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_chatbot_teams_channel_configuration" "chatbot_notifications" {
  configuration_name = var.configuration_name
  iam_role_arn       = aws_iam_role.chatbot_notifications.arn

  channel_id = var.channel_id
  team_id    = var.team_id
  tenant_id  = var.tenant_id

  team_name     = var.team_name
  channel_name  = var.channel_name
  logging_level = "INFO"

  sns_topic_arns = [var.sns_topic_arn]
}

Steps to Reproduce

run terraform apply which should create a chatbot configuration channel

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[DanielRieske]

Hi @yolanv 👋 - thank you for raising this issue!

This resource has been made on a best-effort basis because it's a bit difficult to create a working environment to test these types of resources.

The issue here is that the create action is waiting until we are able to find the created resource and this seems to be timing out because it's unable to find the created resource. In my initial assessment I don't see anything wrong with the implementation and it would be extremely helpful if you can provide some trace logging.

Would it be possible to re-run the apply with TF_LOG=debug enable, redact where applicable data and sent this as a gist? I would be very interested in the API requests and responses from the AWS Chatbot API.

Thanks in advance!

[yolanv]

Hello @DanielRieske,

Sorry for the late answer. I have tried to reproduce the process to generate the debug logs on a test account in our AWS environment and we found out that the chatbot creation process was successful here. So the problem is limited to the account mentioned in the first post in this bug report.

This doesn't seem to be a Terraform issue, so we will investigate further on our end and report back if we find out what the issue was. Thank you for replying and for taking the time to provide assistance to the bug report.

[yolanv]

Upon further investigation, it looks like there is no clear difference as to why it works on the test account and why it doesn't work on the account it is supposed to be on. Looking at the debug logs and CloudTrail, the requests that are sent and the responses that are received are identical to each other (except account-bound information such as the account ID). I do not see any differences in the request and response bodies. All information is identical to each other.

Here is an example of a response body that is shown in the debug log on the account where it works:

{
    "NextToken": null,
    "TeamChannelConfigurations": [
        {
            "ChannelId": "<teams channel id>",
            "ChannelName": null,
            "ChatConfigurationArn": "arn:aws:chatbot::<account-id>:chat-configuration/microsoft-teams-channel/chatbot-notifications",
            "ConfigurationName": "chatbot-notifications",
            "GuardrailPolicyArns": [
                "arn:aws:iam::aws:policy/AdministratorAccess"
            ],
            "IamRoleArn": "arn:aws:iam::<account-id>:role/service-role/AWSChatbot-role",
            "LoggingLevel": "INFO",
            "SnsTopicArns": [
                "arn:aws:sns:eu-west-1:<account-id>:infra-test"
            ],
            "State": null,
            "StateReason": null,
            "Tags": [<redacted>],
            "TeamId": "<teams-team-id>",
            "TeamName": null,
            "TenantId": "<teams-tenant-id>",
            "UserAuthorizationRequired": false
        }
    ]
}

And here it timeouts:

{
    "NextToken": null,
    "TeamChannelConfigurations": [
        {
            "ChannelId": "<teams channel id>",
            "ChannelName": null,
            "ChatConfigurationArn": "arn:aws:chatbot::<account-id>:chat-configuration/microsoft-teams-channel/chatbot-notifications",
            "ConfigurationName": "chatbot-notifications",
            "GuardrailPolicyArns": [
                "arn:aws:iam::aws:policy/AdministratorAccess"
            ],
            "IamRoleArn": "arn:aws:iam::<account-id>:role/service-role/AWSChatbot-role",
            "LoggingLevel": "INFO",
            "SnsTopicArns": [
                "arn:aws:sns:eu-west-1:<account-id>:central-eventbridge-sns-topic"
            ],
            "State": null,
            "StateReason": null,
            "Tags": [<redacted>],
            "TeamId": "<teams team id>",
            "TeamName": null,
            "TenantId": "<teams tenant id>",
            "UserAuthorizationRequired": false
        }
    ]
}

We will continue to investigate but we do not see any clear information as to why it happens.