search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.77k stars 9.13k forks source link

Unable to import `aws_key_pair` #612

Closed hashibot closed 7 years ago

hashibot commented 7 years ago

This issue was originally opened by @eyalzek as hashicorp/terraform#12716. It was migrated here as part of the provider split. The original body of the issue is below.

Terraform Version

v0.8.8

Affected Resource(s)

I'm trying to import an aws_key_pair according to the documentation but terraform is complaining that it doesn't exist:

$ aws ec2 describe-key-pairs
{
    "KeyPairs": [
        {
            "KeyName": "production", 
            "KeyFingerprint": "....."
        }
    ]
}
$ terraform import module.production.aws_key_pair.terraform production
module.production.aws_key_pair.terraform: Importing from ID "production"...
module.production.aws_key_pair.terraform: Import complete!
  Imported aws_key_pair (ID: production)
module.production.aws_key_pair.terraform: Refreshing state... (ID: production)
Error importing: 1 error(s) occurred:

* import module.production.aws_key_pair.terraform (id: production): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.
Ninir commented 7 years ago

Hi @eyalzek,

I was not able to replicate your issue using Terraform 0.9.11: creating, importing & refreshing worked fine.

I will close this issue if you don't mind. If you still encounter an issue, could you comment on this one? Will be happy to discuss & investigate this with you! πŸ˜„

eyalzek commented 7 years ago

Hey I can easily reproduce it with my structure by setting the default region to the wrong one. So the main issue here is that my main module .tf file (that holds all the defaults, including region) is not being read in the import operation. Not sure if this is expected or not though... This would be useful in cases like mine, where you share sub-modules between several top level modules on different regions.

Ninir commented 7 years ago

Hi @eyalzek

Could you share your configuration please? would help debugging this! :blush:

Also, just to put this case aside, did you ensure that your credentials for Terraform & AWS are matching the same region & accounts? For instance, Terraform is using a specific environment variable for the region (https://www.terraform.io/docs/providers/aws/index.html#environment-variables), AWS_DEFAULT_REGION, whereas it is named AWS_REGION in the CLI.

Thanks!

eyalzek commented 7 years ago

Structure:

test
β”œβ”€β”€ module
β”‚Β Β  β”œβ”€β”€ module.tf
β”‚Β Β  └── terraform.tfstate
└── submodules
    └── main.tf

in a real situtation, submodules would contain all the resources required for the environment.

Contents of module/module.tf:

module "test" {
  source = "../submodules"
  region = "eu-west-1"
}

contents of submodules/main.tf:

variable "region" {
    default = "eu-central-1"
}

provider "aws" {
    region = "${var.region}"
}

output of aws --region=eu-west-1 ec2 describe-key-pairs:

{
    "KeyPairs": [
        {
            "KeyFingerprint": "........",
            "KeyName": "terraform-test"
        }
    ]
}

And trying to import with the following command: terraform import module.test.aws_key_pair.terraform terraform-test

This fails with:

module.test.aws_key_pair.terraform: Importing from ID "terraform-test"...
module.test.aws_key_pair.terraform: Import complete!
  Imported aws_key_pair (ID: terraform-test)
module.test.aws_key_pair.terraform: Refreshing state... (ID: terraform-test)
Error importing: 1 error(s) occurred:

* module.test.aws_key_pair.terraform (import id: terraform-test): 1 error(s) occurred:

* import module.test.aws_key_pair.terraform result: terraform-test: import module.test.aws_key_pair.terraform (id: terraform-test): Terraform detected a resource with this ID doesn't
exist. Please verify the ID is correct. You cannot import non-existent
resources using Terraform import.

Running the same command with AWS_REGION=eu-west-1 or AWS_DEFAULT_REGION=eu-west-1 produces the same error. Changing eu-central-1 to eu-west-1 as the default value for the region on submodules/main.tf will allow importing the key as expected.

Ninir commented 7 years ago

Could you paste the debug from the API calls made, doing this kind of CLI call?

TF_LOG=DEBUG TF_LOG_PATH=terraform.log terraform import module.test.aws_key_pair.terraform terraform-test

This will create a file where you run the actual import. I'm presuming of a module issue rather than an inability to import the correct file there. There are a few modules issues I know, one that might be related: https://github.com/hashicorp/terraform/issues/15692

Thus, I assume that the value used is then the one defined by the module, not the one passed. To be sure of that, remove the default value, temporarily, and try to re-run plan. It should errors telling that you are missing a var.

Thanks!

eyalzek commented 7 years ago

I replaced any information that seemed sensitive to me with <REDACTED>, let me know if you require request ID's, etc.

2017/08/10 10:50:35 [INFO] Terraform version: 0.9.11  efca455c35d0d218a9bfee835a8ec3ef8d4d1c8c
2017/08/10 10:50:35 [INFO] Go runtime version: go1.8
2017/08/10 10:50:35 [INFO] CLI args: []string{"/home/eyal/bin/tf", "import", "module.test.aws_key_pair.terraform", "terraform-test"}
2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] Attempting to open CLI config file: /home/eyal/.terraformrc
2017/08/10 10:50:35 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2017/08/10 10:50:35 [INFO] CLI command args: []string{"import", "module.test.aws_key_pair.terraform", "terraform-test"}
2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] command: loading backend config file: /home/eyal/repos/infrastructure/terraform/test/module
2017/08/10 10:50:35 [DEBUG] command: no data state file found for backend config
2017/08/10 10:50:35 [DEBUG] New state was assigned lineage "b000b263-92bb-401e-8b83-c042ed4bafaa"
2017/08/10 10:50:35 [INFO] command: backend initialized: <nil>
2017/08/10 10:50:35 [INFO] command: backend <nil> is not enhanced, wrapping in local
2017/08/10 10:50:35 [DEBUG] Starting graph walk: walkImport
2017/08/10 10:50:35 [DEBUG] dag/walk: added new vertex: "module.test.aws_key_pair.terraform (import id: terraform-test)"
2017/08/10 10:50:35 [DEBUG] dag/walk: added new vertex: "module.test.provider.aws"
2017/08/10 10:50:35 [DEBUG] dag/walk: added new vertex: "provider.aws (close)"
2017/08/10 10:50:35 [DEBUG] dag/walk: added new vertex: "provider.aws (disabled)"
2017/08/10 10:50:35 [DEBUG] dag/walk: added edge: "provider.aws (close)" waiting on "module.test.aws_key_pair.terraform (import id: terraform-test)"
2017/08/10 10:50:35 [DEBUG] dag/walk: added edge: "module.test.aws_key_pair.terraform (import id: terraform-test)" waiting on "module.test.provider.aws"
2017/08/10 10:50:35 [DEBUG] dag/walk: added edge: "module.test.provider.aws" waiting on "provider.aws (disabled)"
2017/08/10 10:50:35 [DEBUG] dag/walk: dependencies changed for "provider.aws (close)", sending new deps
2017/08/10 10:50:35 [DEBUG] dag/walk: dependencies changed for "module.test.aws_key_pair.terraform (import id: terraform-test)", sending new deps
2017/08/10 10:50:35 [DEBUG] dag/walk: dependencies changed for "module.test.provider.aws", sending new deps
2017/08/10 10:50:35 [DEBUG] dag/walk: walking "provider.aws (disabled)"
2017/08/10 10:50:35 [DEBUG] vertex 'root.provider.aws (disabled)': walking
2017/08/10 10:50:35 [DEBUG] vertex 'root.provider.aws (disabled)': evaluating
2017/08/10 10:50:35 [DEBUG] root: eval: *terraform.EvalSequence
2017/08/10 10:50:35 [DEBUG] root: eval: *terraform.EvalInterpolate
2017/08/10 10:50:35 [DEBUG] root: eval: *terraform.EvalBuildProviderConfig
2017/08/10 10:50:35 [DEBUG] root: eval: *terraform.EvalSetProviderConfig
2017/08/10 10:50:35 [TRACE] [walkImport] Exiting eval tree: provider.aws (disabled)
2017/08/10 10:50:35 [DEBUG] dag/walk: walking "module.test.provider.aws"
2017/08/10 10:50:35 [DEBUG] vertex 'root.module.test.provider.aws': walking
2017/08/10 10:50:35 [DEBUG] vertex 'root.module.test.provider.aws': evaluating
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalSequence
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalInitProvider
2017/08/10 10:50:35 [DEBUG] plugin: starting plugin: /home/eyal/bin/tf []string{"/home/eyal/bin/tf", "internal-plugin", "provider", "aws"}
2017/08/10 10:50:35 [DEBUG] plugin: waiting for RPC address for: /home/eyal/bin/tf
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [INFO] Terraform version: 0.9.11  efca455c35d0d218a9bfee835a8ec3ef8d4d1c8c
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [INFO] Go runtime version: go1.8
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [INFO] CLI args: []string{"/home/eyal/bin/tf", "internal-plugin", "provider", "aws"}
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [DEBUG] Attempting to open CLI config file: /home/eyal/.terraformrc
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [INFO] CLI command args: []string{"internal-plugin", "provider", "aws"}
2017/08/10 10:50:35 [DEBUG] plugin: tf: 2017/08/10 10:50:35 [DEBUG] Detected home directory from env var: /home/eyal
2017/08/10 10:50:35 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:35 [INFO] Starting provider plugin aws
2017/08/10 10:50:35 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:35 [DEBUG] plugin: plugin address: unix /tmp/plugin149379070
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalOpFilter
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalSequence
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalGetProvider
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalInterpolate
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalBuildProviderConfig
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalInputProvider
2017/08/10 10:50:35 [DEBUG] root.test: eval: terraform.EvalNoop
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalOpFilter
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalSequence
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalGetProvider
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalInterpolate
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalBuildProviderConfig
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalSetProviderConfig
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalOpFilter
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalSequence
2017/08/10 10:50:35 [DEBUG] root.test: eval: *terraform.EvalConfigProvider
2017/08/10 10:50:35 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:35 [INFO] No assume_role block read from configuration
2017/08/10 10:50:35 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:35 [INFO] Building AWS region structure
2017/08/10 10:50:35 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:35 [INFO] Building AWS auth structure
2017/08/10 10:50:36 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:36 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id
2017/08/10 10:50:36 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:36 [INFO] AWS Auth provider used: "SharedCredentialsProvider"
2017/08/10 10:50:36 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:36 [INFO] Initializing DeviceFarm SDK connection
2017/08/10 10:50:36 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:36 [DEBUG] [aws-sdk-go] DEBUG: Request sts/GetCallerIdentity Details:
2017/08/10 10:50:36 [DEBUG] plugin: tf: ---[ REQUEST POST-SIGN ]-----------------------------
2017/08/10 10:50:36 [DEBUG] plugin: tf: POST / HTTP/1.1
2017/08/10 10:50:36 [DEBUG] plugin: tf: Host: sts.amazonaws.com
2017/08/10 10:50:36 [DEBUG] plugin: tf: User-Agent: aws-sdk-go/1.8.34 (go1.8; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.9.11
2017/08/10 10:50:36 [DEBUG] plugin: tf: Content-Length: 43
2017/08/10 10:50:36 [DEBUG] plugin: tf: Authorization: AWS4-HMAC-SHA256 Credential=<REDACTED>/20170810/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=<REDACTED>
2017/08/10 10:50:36 [DEBUG] plugin: tf: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2017/08/10 10:50:36 [DEBUG] plugin: tf: X-Amz-Date: 20170810T085036Z
2017/08/10 10:50:36 [DEBUG] plugin: tf: Accept-Encoding: gzip
2017/08/10 10:50:36 [DEBUG] plugin: tf:
2017/08/10 10:50:36 [DEBUG] plugin: tf: Action=GetCallerIdentity&Version=2011-06-15
2017/08/10 10:50:36 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] DEBUG: Response sts/GetCallerIdentity Details:
2017/08/10 10:50:37 [DEBUG] plugin: tf: ---[ RESPONSE ]--------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: HTTP/1.1 200 OK
2017/08/10 10:50:37 [DEBUG] plugin: tf: Connection: close
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Length: 401
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Type: text/xml
2017/08/10 10:50:37 [DEBUG] plugin: tf: Date: Thu, 10 Aug 2017 08:50:36 GMT
2017/08/10 10:50:37 [DEBUG] plugin: tf: X-Amzn-Requestid: <REDACTED>
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
2017/08/10 10:50:37 [DEBUG] plugin: tf:   <GetCallerIdentityResult>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <Arn>arn:aws:iam::<REDACTED>:user/eyal</Arn>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <UserId><REDACTED></UserId>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <Account><REDACTED></Account>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   </GetCallerIdentityResult>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   <ResponseMetadata>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <RequestId><REDACTED></RequestId>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   </ResponseMetadata>
2017/08/10 10:50:37 [DEBUG] plugin: tf: </GetCallerIdentityResponse>
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] Trying to get account ID via iam:GetUser
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] DEBUG: Request iam/GetUser Details:
2017/08/10 10:50:37 [DEBUG] plugin: tf: ---[ REQUEST POST-SIGN ]-----------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: POST / HTTP/1.1
2017/08/10 10:50:37 [DEBUG] plugin: tf: Host: iam.amazonaws.com
2017/08/10 10:50:37 [DEBUG] plugin: tf: User-Agent: aws-sdk-go/1.8.34 (go1.8; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.9.11
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Length: 33
2017/08/10 10:50:37 [DEBUG] plugin: tf: Authorization: AWS4-HMAC-SHA256 Credential=<REDACTED>/20170810/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=<REDACTED>
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2017/08/10 10:50:37 [DEBUG] plugin: tf: X-Amz-Date: 20170810T085037Z
2017/08/10 10:50:37 [DEBUG] plugin: tf: Accept-Encoding: gzip
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf: Action=GetUser&Version=2010-05-08
2017/08/10 10:50:37 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] DEBUG: Response iam/GetUser Details:
2017/08/10 10:50:37 [DEBUG] plugin: tf: ---[ RESPONSE ]--------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: HTTP/1.1 200 OK
2017/08/10 10:50:37 [DEBUG] plugin: tf: Connection: close
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Length: 521
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Type: text/xml
2017/08/10 10:50:37 [DEBUG] plugin: tf: Date: Thu, 10 Aug 2017 08:50:37 GMT
2017/08/10 10:50:37 [DEBUG] plugin: tf: X-Amzn-Requestid: <REDACTED>
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] <GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
2017/08/10 10:50:37 [DEBUG] plugin: tf:   <GetUserResult>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <User>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <Path>/</Path>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <PasswordLastUsed><REDACTED></PasswordLastUsed>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <UserName>eyal</UserName>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <Arn>arn:aws:iam::<REDACTED>:user/eyal</Arn>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <UserId><REDACTED></UserId>
2017/08/10 10:50:37 [DEBUG] plugin: tf:       <CreateDate><REDACTED></CreateDate>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     </User>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   </GetUserResult>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   <ResponseMetadata>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <RequestId><REDACTED></RequestId>
2017/08/10 10:50:37 [DEBUG] plugin: tf:   </ResponseMetadata>
2017/08/10 10:50:37 [DEBUG] plugin: tf: </GetUserResponse>
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] DEBUG: Request ec2/DescribeAccountAttributes Details:
2017/08/10 10:50:37 [DEBUG] plugin: tf: ---[ REQUEST POST-SIGN ]-----------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: POST / HTTP/1.1
2017/08/10 10:50:37 [DEBUG] plugin: tf: Host: ec2.eu-west-1.amazonaws.com
2017/08/10 10:50:37 [DEBUG] plugin: tf: User-Agent: aws-sdk-go/1.8.34 (go1.8; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.9.11
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Length: 87
2017/08/10 10:50:37 [DEBUG] plugin: tf: Authorization: AWS4-HMAC-SHA256 Credential=<REDACTED>/20170810/eu-west-1/ec2/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=<REDACTED>
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2017/08/10 10:50:37 [DEBUG] plugin: tf: X-Amz-Date: 20170810T085037Z
2017/08/10 10:50:37 [DEBUG] plugin: tf: Accept-Encoding: gzip
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf: Action=DescribeAccountAttributes&AttributeName.1=supported-platforms&Version=2016-11-15
2017/08/10 10:50:37 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DescribeAccountAttributes Details:
2017/08/10 10:50:37 [DEBUG] plugin: tf: ---[ RESPONSE ]--------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: HTTP/1.1 200 OK
2017/08/10 10:50:37 [DEBUG] plugin: tf: Connection: close
2017/08/10 10:50:37 [DEBUG] plugin: tf: Transfer-Encoding: chunked
2017/08/10 10:50:37 [DEBUG] plugin: tf: Content-Type: text/xml;charset=UTF-8
2017/08/10 10:50:37 [DEBUG] plugin: tf: Date: Thu, 10 Aug 2017 08:50:37 GMT
2017/08/10 10:50:37 [DEBUG] plugin: tf: Server: AmazonEC2
2017/08/10 10:50:37 [DEBUG] plugin: tf: Vary: Accept-Encoding
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf:
2017/08/10 10:50:37 [DEBUG] plugin: tf: -----------------------------------------------------
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2017/08/10 10:50:37 [DEBUG] plugin: tf: <DescribeAccountAttributesResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <requestId><REDACTED></requestId>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     <accountAttributeSet>
2017/08/10 10:50:37 [DEBUG] plugin: tf:         <item>
2017/08/10 10:50:37 [DEBUG] plugin: tf:             <attributeName>supported-platforms</attributeName>
2017/08/10 10:50:37 [DEBUG] plugin: tf:             <attributeValueSet>
2017/08/10 10:50:37 [DEBUG] plugin: tf:                 <item>
2017/08/10 10:50:37 [DEBUG] plugin: tf:                     <attributeValue>VPC</attributeValue>
2017/08/10 10:50:37 [DEBUG] plugin: tf:                 </item>
2017/08/10 10:50:37 [DEBUG] plugin: tf:             </attributeValueSet>
2017/08/10 10:50:37 [DEBUG] plugin: tf:         </item>
2017/08/10 10:50:37 [DEBUG] plugin: tf:     </accountAttributeSet>
2017/08/10 10:50:37 [DEBUG] plugin: tf: </DescribeAccountAttributesResponse>
2017/08/10 10:50:37 [DEBUG] dag/walk: walking "module.test.aws_key_pair.terraform (import id: terraform-test)"
2017/08/10 10:50:37 [DEBUG] vertex 'root.module.test.aws_key_pair.terraform (import id: terraform-test)': walking
2017/08/10 10:50:37 [DEBUG] vertex 'root.module.test.aws_key_pair.terraform (import id: terraform-test)': evaluating
2017/08/10 10:50:37 [DEBUG] root.test: eval: *terraform.EvalGetProvider
2017/08/10 10:50:37 [DEBUG] root.test: eval: *terraform.EvalImportState
2017/08/10 10:50:37 [DEBUG] vertex 'root.module.test.aws_key_pair.terraform (import id: terraform-test)': expanding/walking dynamic subgraph
2017/08/10 10:50:37 [DEBUG] dag/walk: upstream errored, not walking "provider.aws (close)"
2017/08/10 10:50:37 [DEBUG] plugin: waiting for all plugin processes to complete...
2017/08/10 10:50:37 [DEBUG] plugin: tf: aws-provider (internal) 2017/08/10 10:50:37 [DEBUG] plugin: waiting for all plugin processes to complete...
2017/08/10 10:50:37 [DEBUG] plugin: /home/eyal/bin/tf: plugin process exited
Ninir commented 7 years ago

@eyalzek Could you tell me where is your key_pair resource defined please? It's the last bit missing for me to replicate locally.

Thanks!

eyalzek commented 7 years ago

It isn't defined, this is not required until version 0.10 as far as I'm aware. Moreover, if I try to define the resource before importing (with terraform 0.9.11) it complains:

module.test.aws_key_pair.terraform: Importing from ID "terraform-test"...
module.test.aws_key_pair.terraform: Import complete!
  Imported aws_key_pair (ID: terraform-test)
Error importing: 1 error(s) occurred:

* module.test.aws_key_pair.terraform (import id: terraform-test): Can't import module.test.aws_key_pair.terraform, would collide with an existing resource.

Please remove or rename this resource before continuing.

My flow for importing resources up until now was first importing them, then reconstruct the resource according to the entry in the state file.

Ninir commented 7 years ago

Ok so I managed to replicate your issue: the debug log you provided was missing the Request/Response for DescribeKeyPairs, which has the answer to your issue.

With the config you provided, I recreated the same structure, and ran, from inside the module directory, the import with all the same, and got the issue.

Here is the debug log:

2017/08/10 12:03:54 [DEBUG] plugin: terraform: aws-provider (internal) 2017/08/10 12:03:54 [DEBUG] [aws-sdk-go] DEBUG: Request ec2/DescribeKeyPairs Details:
2017/08/10 12:03:54 [DEBUG] plugin: terraform: ---[ REQUEST POST-SIGN ]-----------------------------
2017/08/10 12:03:54 [DEBUG] plugin: terraform: POST / HTTP/1.1
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Host: ec2.eu-central-1.amazonaws.com
2017/08/10 12:03:54 [DEBUG] plugin: terraform: User-Agent: aws-sdk-go/1.8.34 (go1.8.3; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.9.11
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Content-Length: 57
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Authorization: AWS4-HMAC-SHA256 Credential=SENSITIVE/20170810/eu-central-1/ec2/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=b991e28e370a2d3db1aab592b50aa4b06f26678243187a6e413c6b1070af3d00
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2017/08/10 12:03:54 [DEBUG] plugin: terraform: X-Amz-Date: 20170810T100354Z
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Accept-Encoding: gzip
2017/08/10 12:03:54 [DEBUG] plugin: terraform: 
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Action=DescribeKeyPairs&KeyName.1=test&Version=2016-11-15
2017/08/10 12:03:54 [DEBUG] plugin: terraform: -----------------------------------------------------
2017/08/10 12:03:54 [DEBUG] plugin: terraform: aws-provider (internal) 2017/08/10 12:03:54 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DescribeKeyPairs Details:
2017/08/10 12:03:54 [DEBUG] plugin: terraform: ---[ RESPONSE ]--------------------------------------
2017/08/10 12:03:54 [DEBUG] plugin: terraform: HTTP/1.1 400 Bad Request
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Connection: close
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Transfer-Encoding: chunked
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Date: Thu, 10 Aug 2017 10:03:54 GMT
2017/08/10 12:03:54 [DEBUG] plugin: terraform: Server: AmazonEC2

The key was created in the eu-west-1 region on my side. However, as you can see line 4, eu-central-1 whereas the region passed in my config is eu-west-1.

If you want to be sure of it, remove the default value for the region and try again: you'll have an error -if I'm not wrong-.

This is likely a core issue rather than an AWS-provider bug there. Tell me if I can help more here :)

eyalzek commented 7 years ago

Yes, I'm experiencing the same behavior, as described in the previous issue report. Overcoming this is pretty straightforward once you know what the issue is (just setting the correct default region and reverting afterwards). Just hope it'll be solved in the future.

Is there an existing bug report for this?

Ninir commented 7 years ago

Found at least https://github.com/hashicorp/terraform/issues/15692 but there may be more!

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!