Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_transfer_server - VPC Hosted never completes #15823

Closed
ghost opened this issue Oct 23, 2020 · 4 comments · Fixed by #17539
Closed

aws_transfer_server - VPC Hosted never completes #15823

ghost opened this issue Oct 23, 2020 · 4 comments · Fixed by #17539
Labels
bug Addresses a defect in current functionality. service/transfer Issues and PRs that pertain to the transfer service.

Comments

@ghost
Copy link

ghost commented Oct 23, 2020

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

3.11.0

Affected Resource(s)

aws_transfer_server

Terraform Configuration Files

resource "aws_transfer_server" "sftp_transfer_server" {
  identity_provider_type = "SERVICE_MANAGED"
  logging_role           = data.aws_iam_role.ct_cloudwatch_role.arn
  endpoint_type = "VPC"

  endpoint_details {
      vpc_id = data.aws_vpc.selected.id
      subnet_ids = [data.aws_subnet.public_1c.id]
      address_allocation_ids = [data.aws_eip.transfer_server_eip.id]
  }

  tags = {
    NAME = var.server_name
    ENV  = var.env
  }
}

Debug Output

Expected Behavior

transfer server should be created in a couple of minutes (UI confirmed)

Actual Behavior

Resource creating waits indefinitely

aws_transfer_server.sftp_transfer_server: Still creating... [10m0s elapsed]
aws_transfer_server.sftp_transfer_server: Still creating... [10m10s elapsed]
aws_transfer_server.sftp_transfer_server: Still creating... [10m20s elapsed]
aws_transfer_server.sftp_transfer_server: Still creating... [10m30s elapsed]
...

Steps to Reproduce

  1. terraform plan - succeeds showing the expected resource
  2. terraform apply

Important Factoids

The VPC, Subnet, all networking (etc) are all shared from the master account, using AWS Control Tower.

  • #0000
@ghost ghost added the service/transfer Issues and PRs that pertain to the transfer service. label Oct 23, 2020
@anGie44 anGie44 added the needs-triage Waiting for first response or review from a maintainer. label Oct 27, 2020
@quentin9696
Copy link

Hi,

I have the same issue. Note: I'm using vpc sharing.

Here is my resource:

resource "aws_transfer_server" "this" {
  endpoint_type          = "VPC"
  force_destroy          = true
  identity_provider_type = "SERVICE_MANAGED"
  logging_role           = "arn:aws:iam::7xxxxxxxxxxxxxxx:role/my-role"

  endpoint_details {
    subnet_ids = [
      "subnet-xxxxxxxxxxxxxxxxxx",
      "subnet-yyyyyyyyyyyyyyyyyy",
    ]
    vpc_id = "vpc-zzzzzzzzzzzzzzzzzz"

  }
}

Here are logs:

---[ RESPONSE ]--------------------------------------
HTTP/2.0 500 Internal Server Error
Content-Length: 238
Content-Type: application/x-amz-json-1.1
Date: Thu, 22 Apr 2021 12:57:35 GMT


-----------------------------------------------------: timestamp=2021-04-22T08:58:05.112-0400
2021-04-22T08:58:05.113-0400 [INFO]  plugin.terraform-provider-aws_v3.37.0_x5: 2021/04/22 08:58:05 [DEBUG] [aws-sdk-go] {"__type":"InternalServiceError","Message":"Error calling CreateVpcEndpoint: An internal error has occurred (Service: AmazonEC2; Status Code: 500; Error Code: InternalError; Request ID: ; Proxy: null)"}: timestamp=2021-04-22T08:58:05.113-0400
2021-04-22T08:58:05.113-0400 [INFO]  plugin.terraform-provider-aws_v3.37.0_x5: 2021/04/22 08:58:05 [DEBUG] [aws-sdk-go] DEBUG: Validate Response Transfer/CreateServer failed, attempt 4/25, error InternalServiceError: Error calling 
DEBUG: Retrying Request Transfer/CreateServer, attempt 5: timestamp=2021-04-22T08:58:05.982-0400

My terraform IAM user is administrator.

@puneetpunj
Copy link

I spoke to AWS support folks and they confirmed it is because participant account does not have access to default security group of master account where VPC is managed.
Basically, you need to attach a security group from your participant account.

I believe this issue will be resolved once fix for this is deployed - #15788

@ewbankkit ewbankkit added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Jun 17, 2021
@ewbankkit ewbankkit mentioned this issue Jul 2, 2021
Merged
@ewbankkit
Copy link
Contributor

@dsdorazio #17539 has been merged, adding support for (non-default) VPC security groups. This should be available in v3.49.0 of the Terraform AWS Provider next week.

@github-actions
Copy link

github-actions bot commented Aug 2, 2021

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 2, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/transfer Issues and PRs that pertain to the transfer service.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

resource/aws_transfer_server: Add support for VPC security groups amadureira/terraform-provider-aws
4 participants
@ewbankkit @anGie44 @quentin9696 @puneetpunj