[Bug]: aws_route53_zone_association retry error on destroy

[yetanotherjson]

Terraform Core Version

1.9.7

AWS Provider Version

5.70.0

Affected Resource(s)

aws_route53_zone_association

Expected Behavior

On destroy of a resource aws_route53_zone_association, resource gets destroyed without errors which results in a vpc association to a route53 private hosted zone getting removed.

Actual Behavior

During destroy of aws_route53_zone_association resource, receive an error that the vpc association does not exist however the disassociation did in fact complete. I looked through cloudtrail logs and it is due to the amount of time it takes for the disassociation to complete, a retry of the disassociation takes place and then generates the error. I propose that adding a timeout to the aws_route53_zone_association would solve this problem.

In cloudtrail, i see these events, in this order with about 15 seconds in between each and after a minute a retry of DisassociateVPCFromHostedZone takes place which results in an error probably because the disassociation has completed.

October 11, 2024, 13:56:05 (UTC-04:00 DisassociateVPCFromHostedZone October 11, 2024, 13:56:16 (UTC-04:00) GetChange October 11, 2024, 13:56:31 (UTC-04:00) GetChange October 11, 2024, 13:56:46 (UTC-04:00) GetChange October 11, 2024, 13:57:02 (UTC-04:00)) DisassociateVPCFromHostedZone <---- error

Relevant Error/Panic Output Snippet

aws_route53_zone_association.associate: Destroying... [id=Z05xx:vpc-xx:eu-central-1]
aws_route53_zone_association.associate: Still destroying... [id=Z05xx:vpc-xx:eu-central-1, 10s elapsed]
aws_route53_zone_association.associate: Still destroying... [id=Z05xx:vpc-xx:eu-central-1, 20s elapsed]
aws_route53_zone_association.associate: Still destroying... [id=Z05xx:vpc-xx:eu-central-1, 30s elapsed]
aws_route53_zone_association.associate: Still destroying... [id=Z05xx:vpc-xx:eu-central-1, 40s elapsed]
aws_route53_zone_association.associate: Still destroying... [id=Z05xx:vpc-xx:eu-central-1, 50s elapsed]
aws_route53_zone_association.associate: Destruction complete after 53s
aws_route53_zone.private: Modifying... [id=Z05xx]
╷
│ Error: disassociating Route53 Hosted Zone (Z05xx) from VPC (vpc-xx): operation error Route 53: DisassociateVPCFromHostedZone, https response error StatusCode: 404, RequestID: xx, VPCAssociationNotFound: No VPC association for vpc-xx:eu-central-1 to hosted zone Z05xx

Terraform Configuration Files

resource "aws_route53_zone" "private" {
  name = "this.is.a.test"

  vpc {
    vpc_id = vpc-xxx
    vpc_region = "eu-central-1"
  }
}

resource "aws_route53_zone_association" "associate" {
  zone_id    = aws_route53_zone.private.zone_id
  vpc_id     = "vpc-xx"
  vpc_region = "eu-central-1"

  max_retries = 1
}

Steps to Reproduce

Create 2 vpcs and route53 private hosted zone and associate a second vpc to the private hosted zone, then remove the association. 1) Terraform apply --auto-approve 2) Comment out, delete or change the vpc in the aws_route53_zone_association.associate resource 3) Terraform apply --auto-approve

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.