[Bug]: aws_fsx_lustre_file_system 'subnet_ids' is a confusing variable

[MDBeudekerCN]

Terraform Core Version

1.8.1

AWS Provider Version

5.51.1

Affected Resource(s)

aws_fsx_lustre_file_system has a variable named 'Subnet_ids' which should be a list of string. However when inputting the subnet IDs of my VPC module private IPs as follows:

│   69:   subnet_ids       = data.terraform_remote_state.infra.outputs.vpc.private_subnets
│ 
│ Attribute subnet_ids supports 1 item maximum, but config has 3 declared.

I get the following error:

Attribute subnet_ids supports 1 item maximum, but config has 3 declared.

The variable subnet_ids should be string instead of list(string) if it supports just 1 value. Making it a string with length 1 is confusing, since AWS also only supports 1 subnet

Expected Behavior

Expected: Variable name implies you being able to specify multiple subnet IDs, but reality should be that the variable subnet_id should be singular

Actual Behavior

Attribute subnet_ids supports 1 item maximum, but config has 3 declared.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

module "vpc" {
  #checkov:skip=CKV_TF_1: "Ensure Terraform module sources use a commit hash"
  source             = "terraform-aws-modules/vpc/aws"
  version            = "5.8.1"
}

output "vpc" {
  value = module.vpc
}

resource "aws_fsx_lustre_file_system" "example" {
  import_path      = "s3:123456"
  storage_capacity = 1200
  subnet_ids       = outputs.vpc.private_subnets
}

Steps to Reproduce

See above code and try to add more subnet ID's to the variable subnet_ids

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[stefanfreitag]

Hi @MDBeudekerCN ,

I understand your point as if only one subnet identifier is supported then the type should be string instead of list of strings. On my end I looked into the CloudFormation documentation to understand where the list of strings is coming from:

When it comes to the AWS::FSx::FileSystem the CF looks like below

{
  "Type" : "AWS::FSx::FileSystem",
  "Properties" : {
      "BackupId" : String,
      "FileSystemType" : String,
      "FileSystemTypeVersion" : String,
      "KmsKeyId" : String,
      "LustreConfiguration" : LustreConfiguration,
      "OntapConfiguration" : OntapConfiguration,
      "OpenZFSConfiguration" : OpenZFSConfiguration,
      "SecurityGroupIds" : [ String, ... ],
      "StorageCapacity" : Integer,
      "StorageType" : String,
      "SubnetIds" : [ String, ... ],
      "Tags" : [ Tag, ... ],
      "WindowsConfiguration" : WindowsConfiguration
    }
}

so the template supports different filesystems (ontap, openzfs, lustre). All of them have in common that subnet identifiers are needed, only the number of identifiers is different:

For Windows and ONTAP MULTI_AZ_1 deployment types,provide exactly two subnet IDs, one for the preferred file server and one for the standby file server. You specify one of these subnets as the preferred subnet using the WindowsConfiguration > PreferredSubnetID or OntapConfiguration > PreferredSubnetID properties. For more information about Multi-AZ file system configuration, see Availability and durability: Single-AZ and Multi-AZ file systems in the Amazon FSx for Windows User Guide and Availability and durability in the Amazon FSx for ONTAP User Guide.

For Windows SINGLE_AZ_1 and SINGLE_AZ_2 and all Lustre deployment types, provide exactly one subnet ID. The file server is launched in that subnet's Availability Zone.

(quoted from the provided link)

In the Go SDK v2 you find also SubnetIds []string when it comes to CreateFileSystemInput.

I hope the explanation helps a bit to understand the origin of the list for the subnet identifiers.

[justinretzolk]

Hey @MDBeudekerCN 👋 Thank you for taking the time to raise this, and thank you to @stefanfreitag for another great explanation. I'll add that part of the reason for keeping this as a list rather than a string comes from our provider design principles which guide that resources should match as close to the underlying API as possible. Doing so helps to make the provider match as closely as possible to other tools (i.e. the aws CLI or API itself), improving interoperability.

If there are any other concerns around this, we'd be happy to continue the conversation. Otherwise, we'll get this issue closed out. Regardless, we appreciate you taking the time to raise this and any future concerns you may have!