[Bug]: Create a new `aws_route53_vpc_association_authorization` for existing resource

[mohsenbarzegar]

Terraform Core Version

1.5.7

AWS Provider Version

5.65.0

Affected Resource(s)

• aws_route53_vpc_association_authorization

Expected Behavior

Terraform plan should report NOOP,

Actual Behavior

Terraform plan reports:

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

  # module.ops_dns.aws_route53_vpc_association_authorization.name will be created
+ resource "aws_route53_vpc_association_authorization" "name" {
      + id         = (known after apply)
      + vpc_id     = "vpc-1"
      + vpc_region = (known after apply)
      + zone_id    = "zone-1"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

By applying this plan, provider returns error: Error: reading Route53 VPC Association Authorization (zone-1:vpc-1): too many results: wanted 1, got 2

Relevant Error/Panic Output Snippet

Error: reading Route53 VPC Association Authorization (zone-1:vpc-1): too many results: wanted 1, got 2

  with module.ops_dns.aws_route53_vpc_association_authorization.main,
  on ../../../../../modules/aws/private-dns-authorization/main.tf line 14, in resource "aws_route53_vpc_association_authorization" "authorization":
  14: resource "aws_route53_vpc_association_authorization" "name" {

Terraform Configuration Files

resource "aws_route53_vpc_association_authorization" "authorization" {
  provider = aws.hosted_zone_provider

  vpc_id  = data.aws_vpc.cluster_vpc.id
  zone_id = data.aws_route53_zone.zone.zone_id

}

Steps to Reproduce

Upgrade aws provider version from5.38.0 to5.65.0

New provider version tries to create (NOT recreate) a new aws_route53_vpc_association_authorization for already exists association_authorization

Debug Output

No response

Panic Output

No response

Important Factoids

By fetching current terraform state, we can see the resource is already exist (I double checked with aws-cli and aws console): terraform state show module.ops_dns.aws_route53_vpc_association_authorization.name it returns the current state for the existing resource correctly:

# module.dns.aws_route53_vpc_association_authorization.name:
resource "aws_route53_vpc_association_authorization" "authorization" {
    id         = "zone-1:vpc-1"
    vpc_id     = "vpc-1"
    vpc_region = "eu-central-1"
    zone_id    = "zone-1"
}

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.