search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
41.49k stars 9.38k forks source link

Terraform accepts multiple values for log_destination_configs when in fact you can only specify one. #35152

Closed canadianpaddy closed 1 month ago

canadianpaddy commented 1 month ago

Terraform Version

1.7.0

Terraform Configuration Files

resource "aws_wafv2_web_acl_logging_configuration" "default" {
  log_destination_configs = [
    aws_kinesis_firehose_delivery_stream.waf-logs.arn,
    aws_cloudwatch_log_group.waf.arn
  ]
  resource_arn = aws_wafv2_web_acl.rapidlms.arn
}

Debug Output

https://gist.github.com/canadianpaddy/06968362b38b05596c21e2aef4a730d2

Expected Behavior

Terraform plan should have errored stating I can only specify one destination for the logging config.

Actual Behavior

Instead, the plan finished and when I went to apply I got the following error and it took me a while to realize it's because despite the plan allowing an array of multiple values, the API (and console) will only let you have 1.

Error: putting WAFv2 WebACL Logging Configuration (arn:aws:wafv2:ca-central-1:434696202534:regional/webacl/staging-rapidlms-eks-firewall/de44cae9-7991-4cae-8c6e-04e3d7f31c1a): WAFLimitsExceededException: AWS WAF couldn’t perform the operation because you exceeded your resource limit
with aws_wafv2_web_acl_logging_configuration.default
on waf.tf line 885, in resource "aws_wafv2_web_acl_logging_configuration" "default":
resource "aws_wafv2_web_acl_logging_configuration" "default" {

Steps to Reproduce

  1. terraform init
  2. terraform apply

Additional Context

No response

References

No response

jbardin commented 1 month ago

Hello,

This appears to be an issue or question with the AWS provider, not with Terraform itself. You can see existing issues and file a new one in their repository here: https://github.com/hashicorp/terraform-provider-aws/issues. If you have questions about Terraform or the AWS provider, it's better to use the community forum where there are more people ready to help. The GitHub issues here are monitored only by a few core maintainers.

Thanks!

github-actions[bot] commented 1 day ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.