[Bug]: Site-to-Site VPN Transit Gateway Attachment test reporting multiple attachments

[davidhiebert]

Terraform Core Version

1.9.6

AWS Provider Version

5.70.0

Affected Resource(s)

When moving a Site-to-Site VPN from one Transit Gateway to another, the provider tests for Transit Gateway Attachments, but doesn't appear to check for "Associated" status (as opposed to "Deleted").

Expected Behavior

aws_vpn_connection test should return only Associated TGW Attachment ID.

Actual Behavior

Terraform apply fails with the following error.

Relevant Error/Panic Output Snippet

│ Error: reading EC2 VPN Connection (vpn-XXXXXXXXXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2
│ 
│   with module.vpn-gateway["test"].aws_vpn_connection.preshared[0],
│   on modules/vpn-gateway/main.tf line 6, in resource "aws_vpn_connection" "preshared":
│    6: resource "aws_vpn_connection" "preshared" {

### Terraform Configuration Files

resource "aws_customer_gateway" "this" { type = "ipsec.1" }

resource "aws_vpn_connection" "preshared" { transit_gateway_id = var.transit_gateway_id type = "ipsec.1" customer_gateway_id = aws_customer_gateway.this.id

}

### Steps to Reproduce

Create the Site-to-Site VPN on one Transit Gateway. Change the Transit Gateway to another (it detaches and re-attaches). Change it back. This is for reversion testing.

### Debug Output

2024-10-09T15:06:16.665-0700 [DEBUG] provider.terraform-provider-aws_v5.70.0_x5: HTTP Request Sent: http.request.header.x_amz_security_token="" http.request_content_length=245 @module=aws aws.region=us-east-1 http.request.header.x_amz_date=20241009T220616Z tf_aws.sdk=aws-sdk-go-v2 rpc.system=aws-api tf_mux_provider="schema.GRPCProviderServer" tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 http.request.header.amz_sdk_invocation_id=5105b70f-4796-41a7-b584-447a21372be9 rpc.service=EC2 tf_provider_addr=registry.terraform.io/hashicorp/aws http.request.header.amz_sdk_request="attempt=1; max=25" http.url=https://ec2.us-east-1.amazonaws.com/ net.peer.name=ec2.us-east-1.amazonaws.com tf_rpc=ReadResource http.method=POST http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.9.6 (+https://www.terraform.io) terraform-provider-aws/5.70.0 (+https://registry.terraform.io/providers/hashicorp/aws) m/C aws-sdk-go-v2/1.31.0 os/linux lang/go#1.23.1 md/GOOS#linux md/GOARCH#amd64 api/ec2#1.179.2" tf_resource_type=aws_vpn_connection @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.58/logging/tf_logger.go:45 http.request.header.content_type=application/x-www-form-urlencoded http.request.body= | Acti****ents&Filter.1.Name=resource-id&Filter.1.Value.1=vpn-XXXXXXXXXX&Filter.2.Name=resource-type&Filter.2.Value.1=vpn&Filter.3.Name=transit-gateway-id&Filter.3.Value.1=tgw-XXXXXXXXX&Version=2016-11-15 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA****FKLW/20241009/us-east-1/ec2/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=****" rpc.method=DescribeTransitGatewayAttachments tf_aws.signing_region="" timestamp=2024-10-09T15:06:16.665-0700 2024-10-09T15:06:16.826-0700 [DEBUG] provider.terraform-provider-aws_v5.70.0_x5: HTTP Response Received: http.response.body= | <?xml version="1.0" encoding="UTF-8"?> | | 27a9d97c-a473-46a7-8041-e7615ed8118b | | | 2024-10-08T22:20:08.000Z | vpn-XXXXXXXXXX | 99999999999 | vpn | deleted | | tgw-attach-XXXXXXXXXXX | tgw-XXXXXXXXX | 99999999999 | | | | associated | tgw-rtb-046891be4458f827b | | 2024-10-09T20:21:26.000Z | vpn-XXXXXXXXXX | 99999999999 | vpn | available | | tgw-attach-YYYYYYYYYYY | tgw-XXXXXXXXX | 99999999999 | | | http.response.header.strict_transport_security="max-age=31536000; includeSubDomains" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_vpn_connection http.response.header.cache_control="no-cache, no-store" http.response.header.vary=accept-encoding rpc.method=DescribeTransitGatewayAttachments tf_mux_provider="schema.GRPCProviderServer" rpc.service=EC2 tf_aws.signing_region="" @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.58/logging/tf_logger.go:45 @module=aws aws.region=us-east-1 http.duration=159 http.response.header.date="Wed, 09 Oct 2024 22:06:15 GMT" http.response.header.server=AmazonEC2 tf_rpc=ReadResource tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 http.response.header.content_type=text/xml;charset=UTF-8 http.response.header.x_amzn_requestid=27a9d97c-a473-46a7-8041-e7615ed8118b http.status_code=200 rpc.system=aws-api tf_aws.sdk=aws-sdk-go-v2 timestamp=2024-10-09T15:06:16.826-0700 2024-10-09T15:06:16.827-0700 [ERROR] provider.terraform-provider-aws_v5.70.0_x5: Response contains error diagnostic: diagnostic_severity=ERROR tf_proto_version=5.6 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 tf_resource_type=aws_vpn_connection @module=sdk.proto diagnostic_detail="" diagnostic_summary="reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2" tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.24.0/tfprotov5/internal/diag/diagnostics.go:58 timestamp=2024-10-09T15:06:16.827-0700 2024-10-09T15:06:16.827-0700 [ERROR] vertex "module.vpn-gateway[\"ted-test\"].aws_vpn_connection.preshared[0]" error: reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2 2024-10-09T15:06:16.827-0700 [ERROR] vertex "module.vpn-gateway.aws_vpn_connection.preshared (expand)" error: reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2 2024-10-09T15:06:16.865-0700 [WARN] Planning encountered errors, so plan is not applyable

### Panic Output

_No response_

### Important Factoids

While we migrate customers from one Transit Gateway to another, there may be instances where they require us to revert.  This issue occurs when there are more than 1 Transit Gateway Attachments returned on the `DescribeTransitGatewayAttachments` (the first having been deleted during the migration.  the second being the new one created during "revert").

### References

_No response_

### Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.