search

terraform-aws-modules / terraform-aws-vpc

Terraform module to create AWS VPC resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/vpc/aws
Apache License 2.0
2.99k stars 4.44k forks source link

reading EC2 VPC Endpoint Services: couldn't find resource #1019

Closed mglowa closed 11 months ago

mglowa commented 11 months ago

Description

Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.

If your request is for a new feature, please use the Feature request template.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

Reproduction Code [Required]

module "endpoints" {
  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "5.0.0"

  vpc_id             = module.network-vpc.vpc_id
  security_group_ids = [aws_security_group.https_vpc.id]

  endpoints = {
    kms = {
      service             = "kms"
      private_dns_enabled = false
      subnet_ids          = module.network-vpc.public_subnets
      security_group_ids  = [aws_security_group.https_vpc.id]
    },
    s3 = {
      service         = "s3"
      route_table_ids = module.network-vpc.private_route_table_ids
      service_type    = "Gateway"
    },
    ssm = {
      service             = "ssm"
      private_dns_enabled = false
      subnet_ids          = module.network-vpc.public_subnets
      security_group_ids  = [aws_security_group.https_vpc.id]
    },
    ssmmessages = {
      service             = "ssmmessages"
      private_dns_enabled = false
      subnet_ids          = module.network-vpc.public_subnets
      security_group_ids  = [aws_security_group.https_vpc.id]
    },
    ec2 = {
      service             = "ec2"
      private_dns_enabled = false
      subnet_ids          = module.network-vpc.public_subnets
      security_group_ids  = [aws_security_group.https_vpc.id]
    },
    kafka = {
      service             = "kafka"
      private_dns_enabled = false
      subnet_ids          = module.network-vpc.public_subnets
      security_group_ids  = [aws_security_group.https_vpc.id]      
    }
  }

  tags = {
    Terraform    = "true"
    Environment  = var.environment
    ManagedBy    = "Container Platform"
    DeployedWith = "${terraform.workspace}"
  }
}

Steps to reproduce the behavior:

  1. add additional VPC endpoint to the list (kafka in this case)
  2. run terraform plan on associated terraform workspace

Expected behavior

New VPC endpoint for Kafka is created

Actual behavior

Error: reading EC2 VPC Endpoint Services: couldn't find resource with module.endpoints.data.aws_vpc_endpoint_service.this["kafka"] on .terraform/modules/endpoints/modules/vpc-endpoints/main.tf line 9, in data "aws_vpc_endpoint_service" "this":

data "aws_vpc_endpoint_service" "this" {

Terminal Output Screenshot(s)

image

Additional context

Previous endpoints have been created with no issues. There are more vpc endpoints created, but I've shoved just few of them in the code. The rest of them are set in exactly the same way. There is no any VPC endpoint service configured for any VPC endpoint. There was the same issue listed --> https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/946 however with slightly different configuration and the suggestion was to use service names in the way I did in my code (which worked for all previous endpoints). The issue was closed as there was no activity for long period of time.

bryantbiggs commented 11 months ago

this is going to depend on:

  1. Is the name used the name the service endpoint expects?
  2. Is support for VPC endpoints for that service supported?
  3. In addition to 2, is the region/partition supported?

From a module perspective however, there is no issue at this time so closing out

mglowa commented 11 months ago

@bryantbiggs, answering your questions:

  1. Yes
  2. Yes
  3. yes Additionally, as I mentioned in description, it works properly for all previously created endpoints. I'm getting this error only for kafka one.
bryantbiggs commented 11 months ago

I beg to differ - it is not a supported service https://docs.aws.amazon.com/vpc/latest/privatelink/aws-services-privatelink-support.html

github-actions[bot] commented 10 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.