aws_secretsmanager_secret does not rebuild deleted secret

[richardgavel]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.11.8

AWS provider version 1.60.0

Affected Resource(s)

• aws_secrets_manager_secret

Expected Behavior

Deleting a secret and recreating it right away should succeed as long as the recover_window_in_days was set to 0 on the create.

Actual Behavior

Error message: An error occurred (InvalidRequestException) when calling the CreateSecret operation: You can't create this secret because a secret with this name is already scheduled for deletion.

Steps to Reproduce

terraform destroy followed quickly by a terraform apply

Notes

It appears that AWS has changed the message that occurs in the scenario when you use the force delete to match that when providing an explicit recovery window. This can be seen by running the AWS CLI in a script (one more more of the follow up create-secret calls will fail, but then one will succeed, followed by the obvious "secret already exists" error.

aws secretsmanager create-secret --name mysecret aws secretsmanager delete-secret --secret-id mysecret --force-delete-without-recovery aws secretsmanager create-secret --name mysecret aws secretsmanager create-secret --name mysecret aws secretsmanager create-secret --name mysecret aws secretsmanager create-secret --name mysecret

References

#5583

https://github.com/terraform-providers/terraform-provider-aws/blob/ca0991e63d765e5e4d801d4893a310fc2113d91a/aws/resource_aws_secretsmanager_secret.go#L111

[anGie44]

Hi @richardgavel , thank you for creating this issue. I believe this has been fixed in versions as early as v2.0.0 of the terraform aws provider. I was able to reproduce your error with recovery_window_in_days=0 with v.1.60. of the provider, but in later versions I see recreate behavior works as expected. With that said, I'm going to close this issue, but if you are still experiencing this error with other terraform and/or terraform aws provider version combinations please create a new issue or comment back here with updates.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!