terraform-provider-aws: Provider produced inconsistent result after apply - aws_vpc_endpoint_route_table_association.s3_vpc_endpoint

Community Note

  • Please vote on this issue by adding a đź‘Ť reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave “+1” or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version 0.12.23 aws provider version 2.51.0

Affected Resource(s)

aws_vpc_endpoint_route_table_association.s3_vpc_endpoint

Terraform Configuration Files

resource "aws_route_table" "private_subnet_rtb" {
  count  = length(var.availability_zones) * var.flag
  vpc_id = aws_vpc.vpc[0].id
}

resource "aws_vpc_endpoint_route_table_association" "s3_vpc_endpoint" {
  vpc_endpoint_id = aws_vpc_endpoint.s3[0].id
  count           = length(var.availability_zones) * var.flag
  route_table_id  = element(aws_route_table.private_subnet_rtb.*.id, count.index)
}

resource "aws_vpc_endpoint" "s3" {
  count        = var.flag
  vpc_id       = aws_vpc.vpc[0].id
  service_name = "com.amazonaws.${data.aws_region.current.name}.s3"
}

Debug Output

Error: Provider produced inconsistent result after apply vpc.aws_vpc_endpoint_route_table_association.s3_vpc_endpoint[0], provider “registry.terraform.io/-/aws” produced an unexpected new value for was present, but now absent. This is a bug in the provider, which should be reported in the provider’s own issue tracker…

Expected Behavior

Terraform apply should have been successful

Actual Behavior

Terraform apply fails

Steps to Reproduce

This does not happen all the time, running apply multiple times

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Reactions: 49
  • Comments: 21 (11 by maintainers)

Commits related to this issue

Most upvoted comments

We are on Terraform 0.13.3 and on hashicorp/aws v2.70.0.

Apply failed with

Error: Provider produced inconsistent result after apply

When applying changes to
module.my_module_name.aws_network_interface_sg_attachment.my_server[2],
provider "registry.terraform.io/hashicorp/aws" produced an unexpected new
value: Root resource was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

The next apply failed with

Error: security group [id redacted] already attached to interface ID [id redacted]

  on [filename] line 22, in resource "aws_network_interface_sg_attachment" "my_server":
  22: resource "aws_network_interface_sg_attachment" "my_server" {

So did the one after it.

We had to manually detach the Security Group, then apply again. That resolved it.

+2
atsalolikhin-spokeo on Nov 12, 2020

aws_vpc_endpoint_route_table_association issue addressed in #16200. aws_network_interface_sg_attachment issue raised in #16201.

+1
ewbankkit on Feb 4, 2021

I have noticed that the aws_vpc_endpoint_subnet_association resource which makes very similar AWS API calls to the aws_vpc_endpoint_route_table_association resource has a call to vpcEndpointWaitUntilAvailable

https://github.com/hashicorp/terraform-provider-aws/blob/63df631903b9f3c452d2cdc8aebd1976f870e7d3/aws/resource_aws_vpc_endpoint.go#L458-L471

whereas the route table association does not wait for the VPC endpoint to reach available state. I can see no harm in adding such a call.

+1
ewbankkit on Nov 14, 2020

Same issue. Encountered with TF v0.12.28, and provider v3.11.0.

+1
mwheeler-aicradle on Oct 20, 2020
Read more comments on GitHub
← terraform-provider-aws: Provider produced inconsistent final plan / an invalid new value for .tags_all
terraform-provider-aws: Provider produced inconsistent result after apply ECS Fargate task →