AWS Opsworks Errors on 'apply' when updating custom json

[tomcart90]

I'm opening this to resurrect: #376. Please see the original ticket description below.

I've been able to reproduce this using terraform v1.0.2 and v3.49.0 of the aws provider. It's important to note that the issue is only encountered when making an update to the opsworks custom json. Initial creation of the opsworks stack works just fine.

There's a potential fix for the issue outlined here: #7743

Hi All,

I have an issue when creating Windows Opsworks stacks and get the error when running an apply (possible bug):

aws_opsworks_stack.mystack: ValidationException: Agent Version: can only be set for Chef 11.10 and Chef 12
I’ve been speaking to AWS who said:

Hi Simon,
Thank you very much for your reply. This certainly pointed me in the right direction.

For Windows stacks, the only supported Chef version is 12.2 (vs. 12, 11.10 and older for Linux stacks). When specifying Chef 12.2 as the configuration manager, the AgentVersion API parameter is invalid, as you can see here in this CLI example:

$ aws opsworks describe-agent-versions --configuration-manager Name=Chef,Version=12.2
{
"AgentVersions": [
{
"Version": "71200020150603135521",
"ConfigurationManager": {
"Version": "12.2",
"Name": "Chef"
}
},
{
"Version": "71300020150612113504",
"ConfigurationManager": {
"Version": "12.2",
"Name": "Chef"
}
},
{
"Version": "71400020160128114716",
"ConfigurationManager": {
"Version": "12.2",
"Name": "Chef"
}
},
{
"Version": "71500020160927200752",
"ConfigurationManager": {
"Version": "12.2",
"Name": "Chef"
}
}
]
}
$
$ aws opsworks create-stack --name test122
--service-role-arn arn:aws:iam::123412341234:role/aws-opsworks-service-role
--default-instance-profile-arn arn:aws:iam::123412341234:instance-profile/aws-opsworks-ec2-role
--stack-region us-east-1
--configuration-manager Name=Chef,Version=12.2
--agent-version 71500020160927200752
--default-os "Microsoft Windows Server 2012 R2 Base"

An error occurred (ValidationException) when calling the CreateStack operation: Agent Version: can only be set for Chef 11.10 and Chef 12
$
$ aws opsworks create-stack --name test122
--service-role-arn arn:aws:iam::123412341234:role/aws-opsworks-service-role
--default-instance-profile-arn arn:aws:iam::123412341234:instance-profile/aws-opsworks-ec2-role
--stack-region us-east-1
--configuration-manager Name=Chef,Version=12.2
--agent-version LATEST
--default-os "Microsoft Windows Server 2012 R2 Base"

An error occurred (ValidationException) when calling the CreateStack operation: Agent Version: can only be set for Chef 11.10 and Chef 12
$

In this case, apparently Terraform is trying to pass the AgentVersion API parameter to CreateStack [1] (I assume this is the call being performed), which is invalid for Chef 12.2 stacks. If I remove the "--agent-version" parameter from the CLI examples above, it creates the stack.
I tried to find a bug report for Terraform for this issue but I was not able to, so you may need to report it. Removing the Agent Version from the resource definition (leaving it blank will default to LATEST) may also work, depending on the way Terraform crafts the API calls. I have already reported this issue to the OpsWorks documentation team in order for them to update the public documents with this requirement.

I’ve tried removing the agent_version from the stack and it still errors:

resource "aws_opsworks_stack" "mystack" {
   name = "${var.environment_name}-mystack"
   region = "eu-west-1"
   service_role_arn = "${aws_iam_role.aws-opsworks-service-role.arn}"
   default_instance_profile_arn = "${aws_iam_instance_profile.aws-opsworks-ec2-instance-role.arn}"
   #agent_version = "LATEST"
   configuration_manager_name = "Chef"
   configuration_manager_version = "12.2"
   default_os = "Microsoft Windows Server 2012 R2 Base"
   vpc_id = "${aws_vpc.default.id}"
   default_subnet_id = "${aws_subnet.zone-a.id}"
   hostname_theme = "Legendary_creatures_from_Japan"
   color = "rgb(100, 131, 57)"
   default_root_device_type = "ebs"
   use_opsworks_security_groups = "false"
   manage_berkshelf = "false"
   use_custom_cookbooks = "true"
   default_ssh_key_name = "${var.key_name}"
   custom_cookbooks_source {
     type = "git"
     url = "https://mygit/my.git"
   }
   custom_json = <<EOT
{
"mysettings": {
   "test": "test"
 }
}
EOT
}

I’m running Terraform v0.7.10 if that helps.

Does anyone have any ideas?

Cheers,
Simon.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.