search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io
Other
42.78k stars 9.56k forks source link

Adding AWS cross account provider orphans resource #33600

Closed bwmetcalf closed 1 year ago

bwmetcalf commented 1 year ago

Terraform Version

% tf version
Terraform v1.4.6
on darwin_amd64

Terraform Configuration Files

resource "some_resource" "default" {
...
  providers = {
    aws = aws.cross_account
  }
...
}

Debug Output

n/a

Expected Behavior

Terraform isn't aware of what provider its using in state, so the result is understandable. However, not sure if this is possible to address. If resources are created by a module in the current AWS account and then a cross account provider is introduced in the module, those resources will be created in the cross account and reflected in state, but the resources created in the first account will not be destroyed and orphaned in AWS. This probably occurs with other cloud providers as well.

Not sure if it's somehow possible for Terraform to realize the provider has changed and remove the existing resources before creating the new ones.

Actual Behavior

See above.

Steps to Reproduce

Create a resource in AWS with a standard provider config such as

provider "aws" {
  region  = "us-west-2"
  profile = account_a
}

then introduce a second provider in the resource such as

provider "aws" {
  alias   = cross_account
  region  = "us-west-2"
  profile = account_b
}

and apply again.

Additional Context

No response

References

No response

jbardin commented 1 year ago

Duplicate of #29294

github-actions[bot] commented 11 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.