failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist

Hi,

I have a problem with one of the rules: aws_resource_missing_tags rule complains about a missing provider, but terraform apply is able to create everything. So the provider is there. I enabled the debug logs but didn't found anything suspicious.

The problem was introduced with an update to the newest version. The last version working on our side is 0.23.1.

OS: Windows and Alpine Linux (Docker) Terraform version: 1.3.2 Tflint version: 0.47 ruleset.aws: 0.24.2

Here is a minimal example:

main.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.7.0"
    }

  }

  required_version = ">= 0.13.0"
}

provider "aws" {
  region = "eu-central-1"
}

provider "aws" {
  region = "eu-west-1"
  alias  = "backup_replication"
}

locals {
  tags = {
    app: "a"
    environment: "b"
    service: "c"
    team: "d"
  }
}

module "m" {
  source = "./m"

  providers = {
    aws = aws
    aws.backup_replication = aws.backup_replication
  }
}

resource "aws_security_group" "a" {
  name = "xyz"
  vpc_id = "<your vpc>"

  tags = local.tags
}

resource "aws_security_group" "b" {
  name = "xyz-a"
  vpc_id = "<your-vpc>"

  tags = local.tags

  provider = aws.backup_replication
}

m/main.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "5.7.0"

      configuration_aliases = [aws.backup_replication]
    }

  }

  required_version = ">= 0.13.0"
}

locals {
  tags = {
    app: "a"
    environment: "b"
    service: "c"
    team: "d"
  }
}

resource "aws_security_group" "a" {
  name = "xyz-m"
  vpc_id = "<your vpc>"

  tags = local.tags
}

resource "aws_security_group" "b" {
  name = "xyz-m-a"
  vpc_id = "<your voc>"

  tags = local.tags

  provider = aws.backup_replication
}

.tflint.hcl

config {
  force               = false
  disabled_by_default = false
}

plugin "aws" {
  source  = "github.com/terraform-linters/tflint-ruleset-aws"
  # renovate: datasource=github-tags depName=terraform-linters/tflint-ruleset-aws
  version = "0.24.2"

  enabled    = true
  deep_check = true
  region     = "eu-central-1"
}

rule "aws_resource_missing_tags" {
  enabled = true
  tags    = ["team", "service", "app", "environment"]
}

rule "terraform_required_version" {
  enabled = false
}

debug log

$ TFLINT_LOG=debug tflint --config .tflint.hcl --recursive --module
16:44:11 config.go:137: [INFO] Load config: .tflint.hcl
16:44:11 config.go:269: [DEBUG] Config loaded
16:44:11 config.go:270: [DEBUG]   Module: false
16:44:11 config.go:271: [DEBUG]   ModuleSet: false
16:44:11 config.go:272: [DEBUG]   Force: false
16:44:11 config.go:273: [DEBUG]   ForceSet: true
16:44:11 config.go:274: [DEBUG]   DisabledByDefault: false
16:44:11 config.go:275: [DEBUG]   DisabledByDefaultSet: true
16:44:11 config.go:276: [DEBUG]   PluginDir:
16:44:11 config.go:277: [DEBUG]   PluginDirSet: false
16:44:11 config.go:278: [DEBUG]   Format:
16:44:11 config.go:279: [DEBUG]   FormatSet: false
16:44:11 config.go:280: [DEBUG]   Varfiles:
16:44:11 config.go:281: [DEBUG]   Variables:
16:44:11 config.go:282: [DEBUG]   Only:
16:44:11 config.go:283: [DEBUG]   IgnoreModules:
16:44:11 config.go:287: [DEBUG]   Rules:
16:44:11 config.go:289: [DEBUG]     aws_resource_missing_tags: true
16:44:11 config.go:289: [DEBUG]     terraform_required_version: false
16:44:11 config.go:291: [DEBUG]   Plugins:
16:44:11 config.go:293: [DEBUG]     aws: enabled=true, version=0.24.2, source=github.com/terraform-linters/tflint-ruleset-aws
16:44:11 config.go:320: [INFO] The `terraform` plugin block is not found. Enable the plugin `terraform` automatically
16:44:11 option.go:71: [DEBUG] CLI Options
16:44:11 option.go:72: [DEBUG]   Module: true
16:44:11 option.go:73: [DEBUG]   Force: false
16:44:11 option.go:74: [DEBUG]   Format:
16:44:11 option.go:75: [DEBUG]   Varfiles:
16:44:11 option.go:76: [DEBUG]   Variables:
16:44:11 option.go:77: [DEBUG]   EnableRules:
16:44:11 option.go:78: [DEBUG]   DisableRules:
16:44:11 option.go:79: [DEBUG]   Only:
16:44:11 option.go:80: [DEBUG]   EnablePlugins:
16:44:11 option.go:81: [DEBUG]   IgnoreModules:
16:44:11 loader.go:38: [INFO] Initialize new loader
16:44:11 module_mgr.go:63: [INFO] Module manifest file found. Initializing...
16:44:11 loader.go:80: [INFO] Module inspection is enabled. Building the root module with children...
16:44:11 loader.go:114: [DEBUG] Trying to load the module: key=m, version=, dir=m
16:44:11 runner.go:46: [INFO] Initialize new runner for root
16:44:11 runner.go:46: [INFO] Initialize new runner for module.m
16:44:11 discovery.go:33: [INFO] Plugin `terraform` is not installed, but the bundled plugin is available.
16:44:11 discovery.go:54: [INFO] Plugin `terraform` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\bin\tflint.exe args=["C:\\hlag\\Users\\kayma\\bin\\tflint.exe", "--act-as-bundled-plugin"]
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\bin\tflint.exe
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint.exe: 16:44:11 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10000
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:11 discovery.go:90: [DEBUG] Find plugin path: C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:11 discovery.go:54: [INFO] Plugin `aws` found
16:44:11 [DEBUG] go-plugin@v1.4.10/client.go:604: starting plugin: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe args=["C:\\hlag\\Users\\kayma\\.tflint.d\\plugins\\github.com\\terraform-linters\\tflint-ruleset-aws\\0.24.2\\tflint-ruleset-aws.exe"]
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:612: plugin started: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:707: waiting for RPC address: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [DEBUG] go-plugin@v1.4.10/server.go:404: plugin address: network=tcp address=127.0.0.1:10001
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:752: using plugin: version=11
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] host2plugin/client.go:124: starting host-side gRPC server
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO]  aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:12 [INFO]  aws/client.go:58: Initialize AWS Client
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [INFO] AWS Auth provider used: "EnvProvider"
16:44:12 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 2023/07/21 16:44:12 [DEBUG] Trying to get account information via sts:GetCallerIdentity
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [DEBUG] rules/aws_resource_missing_tags.go:204: Walk `%s` attribute: EXTRA_VALUE_AT_END=aws_security_group.a.tags
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] rules/aws_resource_missing_tags.go:186: Error querying provider tags: %s: EXTRA_VALUE_AT_END="The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:1046: tflint-ruleset-aws.exe: 16:44:13 [ERROR] interceptor/logging.go:18: failed to gRPC request: direction=host2plugin method=/proto.RuleSet/Check err="rpc error: code = Aborted desc = failed to check \"aws_resource_missing_tags\" rule: The aws provider with alias \"backup_replication\" doesn't exist."
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
16:44:13 [INFO]  go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\bin\tflint.exe pid=20548
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
16:44:13 [DEBUG] go-plugin@v1.4.10/grpc_stdio.go:142: stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: read tcp 127.0.0.1:52754->127.0.0.1:10001: wsarecv: An existing connection was forcibly closed by the remote host."
16:44:13 [INFO]  go-plugin@v1.4.10/client.go:665: plugin process exited: path=C:\hlag\Users\kayma\.tflint.d\plugins\github.com\terraform-linters\tflint-ruleset-aws\0.24.2\tflint-ruleset-aws.exe pid=12480
16:44:13 [DEBUG] go-plugin@v1.4.10/client.go:472: plugin exited
Failed to check ruleset; failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist.

Steps to reproduce:

terraform init
tflint --init --config .tflint.hcl
terraform apply # works fine
tflint --config .tflint.hcl --module --recursive # doesn't work

tflint --config .tflint.hcl --chdir m is working.

terraform-linters / tflint-ruleset-aws

failed to check "aws_resource_missing_tags" rule: The aws provider with alias "backup_replication" doesn't exist #518