search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
42.48k stars 9.51k forks source link

v1.0.11 - terraform apply resulting in empty result or couldn't fine resource errors. #30023

Closed psharm53 closed 2 years ago

psharm53 commented 2 years ago

Terraform Version - 1.0.11 AWS Provider - 3.66.0

We are getting intermittent errors like following when working with terraform for AWS Infrastructure Provisioning:

============== ╷ │ Error: error updating Security Group (sg-0a73d418ae947fe09): couldn't find resource │ │ with module.security_groups.aws_security_group.default["CIOPS-MS-Redis-SG"], │ on ../../modules/Stack/SecurityGroups/main.tf line 1, in resource "aws_security_group" "default": │ 1: resource "aws_security_group" "default" { │ ╵ ╷ │ Error: error updating Security Group (sg-0348f9cfa61f16235): couldn't find resource │ │ with module.security_groups.aws_security_group.default["CIOPS-MySQL-SG"], │ on ../../modules/Stack/SecurityGroups/main.tf line 1, in resource "aws_security_group" "default": │ 1: resource "aws_security_group" "default" { │ ╵ ╷ │ Error: error reading Route Table (rtb-0fc9e07acc59ca7eb): couldn't find resource │ │ with module.data_vpc.aws_route_table.public_route_table["us-east-1a"], │ on ../../modules/Stack/VPC/main.tf line 92, in resource "aws_route_table" "public_route_table": │ 92: resource "aws_route_table" "public_route_table" { │ ╵

╷ │ Error: error reading Route in Route Table (rtb-0061e7bf9ed9458d7) with destination (10.110.64.0/20): couldn't find resource │ │ with module.routing_extapp_data.aws_route.source["CIOPS-ExtApp-Private-Routing-1b"], │ on ../../modules/Stack/Routing/main.tf line 13, in resource "aws_route" "source": │ 13: resource "aws_route" "source" { │

╷ │ Error: error reading Route Table (rtb-03178c1f7809c539c): couldn't find resource │ │ with module.extapp_vpc.aws_route_table.public_route_table["us-east-1a"], │ on ../../modules/Stack/VPC/main.tf line 92, in resource "aws_route_table" "public_route_table": │ 92: resource "aws_route_table" "public_route_table" { │ ╵ ╷ │ Error: error reading Route Table Association (rtbassoc-09e721baf95da7d6f): empty result │ │ with module.extapp_vpc.aws_route_table_association.default_private["CIOPS-ExtApp-ELB-Private-Subnet-1a"], │ on ../../modules/Stack/VPC/main.tf line 266, in resource "aws_route_table_association" "default_private": │ 266: resource "aws_route_table_association" "default_private" { │ ╵

NOTE - The Errors are not static but intermittent. We got the error 3-4 times in about 100 executions done over a period of 48 hours.

==========================

Procedure to reproduce issue Pre-requisites:

  1. Use Region us-east-1 only
  2. IAM role attached to EC2 instance on which terraform will be executed with account administrator access.
  3. One VPC , it's CIDR . The VPC should have 2 private route table and one public route table . Keep their route table entires , VPC ID and CIDR handy.
  4. Second VPC , it's CIDR . The VPC should have 2 private route table and one public route table . Keep their route table entires , VPC ID and CIDR handy.
  5. One S3 bucket with folder names State-Files and FlowLogs in us-east-1

Steps to follow

  1. Go to Folder Path Scripts/Terraform/Reinvent/StackLdapPeering

  2. Edit File for following fields

    => Replace AWS Account ID ldap_vpc_access_role => Set to IAM role ARN from pre-requisutes 2. ldap_ops_vpc_id = Set to VPC ID from pre-requisutes 3. ldap_ops_vpc_cidr = Set to VPC CIDR from pre-requisutes 3. => Replace with one private Route Table ID from pre-requisutes 3. => Replace with second private Route Table ID from pre-requisutes 3. => Replace with public Route Table ID from pre-requisutes 3. ops_vpc_id = Set to VPC ID from pre-requisutes 4. ops_vpc_cidr = Set to VPC CIDR from pre-requisutes 4. => Replace with one private Route Table ID from pre-requisutes 4. => Replace with second private Route Table ID from pre-requisutes 4. => Replace the string with S3 bucket from pre-requisutes 5.

  3. Execute Commands as follows: => export AWS_DEFAULT_REGION="us-east-1"

    => terraform init -reconfigure -input=false -backend-config="encrypt=true" -backend-config="max_retries=100" -backend-config="bucket=<Valid S3 Bucket Name from pre req 5>/State-Files/" -backend-config="region=us-east-1" -backend-config="key=CIOPS-test.tfstate"

    =>terraform get

    =>terraform plan -input=false -var-file=CIOPS.tfvars This will show 761 resources to be created

    => terraform apply -auto-approve -input=false -var-file=CIOPS.tfvars

Terraform Configuration : Scripts.zip

jbardin commented 2 years ago

Hello,

This appears to be an issue or question with the AWS provider, not with Terraform itself. You can see existing issues and file a new one in their repository here: https://github.com/hashicorp/terraform-provider-aws/issues. If you have questions about Terraform or the AWS provider, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by a few core maintainers.

Thanks!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.