When moving a Site-to-Site VPN from one Transit Gateway to another, the provider tests for Transit Gateway Attachments, but doesn't appear to check for "Associated" status (as opposed to "Deleted").
Expected Behavior
aws_vpn_connection test should return only Associated TGW Attachment ID.
Actual Behavior
Terraform apply fails with the following error.
Relevant Error/Panic Output Snippet
│ Error: reading EC2 VPN Connection (vpn-XXXXXXXXXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2
│
│ with module.vpn-gateway["test"].aws_vpn_connection.preshared[0],
│ on modules/vpn-gateway/main.tf line 6, in resource "aws_vpn_connection" "preshared":
│ 6: resource "aws_vpn_connection" "preshared" {
### Terraform Configuration Files
resource "aws_customer_gateway" "this" {
type = "ipsec.1"
}
### Steps to Reproduce
Create the Site-to-Site VPN on one Transit Gateway. Change the Transit Gateway to another (it detaches and re-attaches). Change it back. This is for reversion testing.
### Debug Output
### Panic Output
_No response_
### Important Factoids
While we migrate customers from one Transit Gateway to another, there may be instances where they require us to revert. This issue occurs when there are more than 1 Transit Gateway Attachments returned on the `DescribeTransitGatewayAttachments` (the first having been deleted during the migration. the second being the new one created during "revert").
### References
_No response_
### Would you like to implement a fix?
None
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.9.6
AWS Provider Version
5.70.0
Affected Resource(s)
When moving a Site-to-Site VPN from one Transit Gateway to another, the provider tests for Transit Gateway Attachments, but doesn't appear to check for "Associated" status (as opposed to "Deleted").
Expected Behavior
aws_vpn_connection
test should return only Associated TGW Attachment ID.Actual Behavior
Terraform apply fails with the following error.
Relevant Error/Panic Output Snippet
resource "aws_customer_gateway" "this" { type = "ipsec.1" }
resource "aws_vpn_connection" "preshared" { transit_gateway_id = var.transit_gateway_id type = "ipsec.1" customer_gateway_id = aws_customer_gateway.this.id
}
2024-10-09T15:06:16.665-0700 [DEBUG] provider.terraform-provider-aws_v5.70.0_x5: HTTP Request Sent: http.request.header.x_amz_security_token="" http.request_content_length=245 @module=aws aws.region=us-east-1 http.request.header.x_amz_date=20241009T220616Z tf_aws.sdk=aws-sdk-go-v2 rpc.system=aws-api tf_mux_provider="schema.GRPCProviderServer" tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 http.request.header.amz_sdk_invocation_id=5105b70f-4796-41a7-b584-447a21372be9 rpc.service=EC2 tf_provider_addr=registry.terraform.io/hashicorp/aws http.request.header.amz_sdk_request="attempt=1; max=25" http.url=https://ec2.us-east-1.amazonaws.com/ net.peer.name=ec2.us-east-1.amazonaws.com tf_rpc=ReadResource http.method=POST http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.9.6 (+https://www.terraform.io) terraform-provider-aws/5.70.0 (+https://registry.terraform.io/providers/hashicorp/aws) m/C aws-sdk-go-v2/1.31.0 os/linux lang/go#1.23.1 md/GOOS#linux md/GOARCH#amd64 api/ec2#1.179.2" tf_resource_type=aws_vpn_connection @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.58/logging/tf_logger.go:45 http.request.header.content_type=application/x-www-form-urlencoded http.request.body= | Acti****ents&Filter.1.Name=resource-id&Filter.1.Value.1=vpn-XXXXXXXXXX&Filter.2.Name=resource-type&Filter.2.Value.1=vpn&Filter.3.Name=transit-gateway-id&Filter.3.Value.1=tgw-XXXXXXXXX&Version=2016-11-15 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA****FKLW/20241009/us-east-1/ec2/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=****" rpc.method=DescribeTransitGatewayAttachments tf_aws.signing_region="" timestamp=2024-10-09T15:06:16.665-0700 2024-10-09T15:06:16.826-0700 [DEBUG] provider.terraform-provider-aws_v5.70.0_x5: HTTP Response Received: http.response.body= | <?xml version="1.0" encoding="UTF-8"?> |
| 27a9d97c-a473-46a7-8041-e7615ed8118b
|
| -
|
2024-10-08T22:20:08.000Z
| vpn-XXXXXXXXXX
| 99999999999
| vpn
| deleted
|
| tgw-attach-XXXXXXXXXXX
| tgw-XXXXXXXXX
| 99999999999
|
| -
|
| associated
| tgw-rtb-046891be4458f827b
|
| 2024-10-09T20:21:26.000Z
| vpn-XXXXXXXXXX
| 99999999999
| vpn
| available
|
| tgw-attach-YYYYYYYYYYY
| tgw-XXXXXXXXX
| 99999999999
|
|
|
http.response.header.strict_transport_security="max-age=31536000; includeSubDomains" tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_vpn_connection http.response.header.cache_control="no-cache, no-store" http.response.header.vary=accept-encoding rpc.method=DescribeTransitGatewayAttachments tf_mux_provider="schema.GRPCProviderServer" rpc.service=EC2 tf_aws.signing_region="" @caller=github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.58/logging/tf_logger.go:45 @module=aws aws.region=us-east-1 http.duration=159 http.response.header.date="Wed, 09 Oct 2024 22:06:15 GMT" http.response.header.server=AmazonEC2 tf_rpc=ReadResource tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 http.response.header.content_type=text/xml;charset=UTF-8 http.response.header.x_amzn_requestid=27a9d97c-a473-46a7-8041-e7615ed8118b http.status_code=200 rpc.system=aws-api tf_aws.sdk=aws-sdk-go-v2 timestamp=2024-10-09T15:06:16.826-0700
2024-10-09T15:06:16.827-0700 [ERROR] provider.terraform-provider-aws_v5.70.0_x5: Response contains error diagnostic: diagnostic_severity=ERROR tf_proto_version=5.6 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=42f0af6a-bf00-3544-bf0a-9e8e3a136a73 tf_resource_type=aws_vpn_connection @module=sdk.proto diagnostic_detail="" diagnostic_summary="reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2" tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.24.0/tfprotov5/internal/diag/diagnostics.go:58 timestamp=2024-10-09T15:06:16.827-0700
2024-10-09T15:06:16.827-0700 [ERROR] vertex "module.vpn-gateway[\"ted-test\"].aws_vpn_connection.preshared[0]" error: reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2
2024-10-09T15:06:16.827-0700 [ERROR] vertex "module.vpn-gateway.aws_vpn_connection.preshared (expand)" error: reading EC2 VPN Connection (vpn-XXXXXXXXXX) Transit Gateway Attachment: too many results: wanted 1, got 2
2024-10-09T15:06:16.865-0700 [WARN] Planning encountered errors, so plan is not applyable