[Bug]: Unable to reference AppStream image shared from another AWS account using `aws_appstream_image`

[btuenomso]

Terraform Core Version

1.8.3

AWS Provider Version

5.68.0

Affected Resource(s)

data aws_appstream_image

Expected Behavior

When specifying name, type, and most_recent, the AppStream image shared from another AWS account should be retrieved.

Actual Behavior

An error occurred.

Relevant Error/Panic Output Snippet

Error: reading AWS AppStream 2.0 Image Data Source (<null>): couldn't find resource

  with data.aws_appstream_image.al2[0],
  on appstream.tf line 192, in data "aws_appstream_image" "al2":
 192: data "aws_appstream_image" "al2" {

couldn't find resource

Terraform Configuration Files

data "aws_appstream_image" "al2" {
  count = local.flag ? 1 : 0

  name        = "sample-al2-jp-image"
  type        = "SHARED"
  most_recent = true
}

Steps to Reproduce

1. Pre-share the AppStream image from another AWS account with the settings Use for Image Builder = True and Use for Fleet = True.
2. Execute terraform plan.

Debug Output

No response

Panic Output

No response

Important Factoids

Additional Information:

The error did not occur when using name_regex instead of name.

References

No response

Would you like to implement a fix?

No

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @btuenomso 👋 Thank you for taking the time to raise this! Would it be possible to share debug logging (redacted as needed)? It may be particularly useful if you're able to do so with using name and name_regex, since you mentioned that the error only occurs when using the former rather than the latter.

[btuenomso]

Hello @justinretzolk

I apologize for the delay in responding. I attempted to redact secure information from the requested debug logs for sharing, but the volume was too large to manage. However, I have identified the cause of the issue and would like to share my findings.

---

For the name parameter, Terraform specifies {"Names":["sample-al2-jp-image"]} as an argument for AppStream's DescribeImages API. However, according to the AWS API Reference, this parameter can only be used for PUBLIC or PRIVATE images. Therefore, executing this for SHARED images results in a ResourceNotFoundException error.

https://docs.aws.amazon.com/appstream2/latest/APIReference/API_DescribeImages.html

Names
The names of the public or private images to describe.

For the name_regex parameter, the argument for DescribeImages is {}. This suggests that all images are retrieved first, and then an internal search is performed. As a result, SHARED images can be retrieved without any issues.

When specifying names:

$ aws appstream describe-images --names sample-al2-jp-image --query "Images[?(Name=='sample-al2-jp-image' && Visibility=='SHARED')].[Name, Visibility]" --output text

An error occurred (ResourceNotFoundException) when calling the DescribeImages operation: The image sample-al2-jp-image for account **********  does not exist.

When not specifying names:

$ aws appstream describe-images --query "Images[?(Name=='sample-al2-jp-image' && Visibility=='SHARED')].[Name, Visibility]" --output text
sample-al2-jp-image    SHARED