-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_wafv2_web_acl : Provider produced inconsistent final plan #23390
Comments
I have tested with |
I was seeing this issue due to setting default tags in the AWS provider. That may be a legitimate outstanding issue |
I ran into this issue the other day with tags on the WAF, it seems there may be an issue with the way tags are handled by the aws provider for some resources. Workaround was:
|
Dupe of #23992 additional workarounds available there. |
Upgrading terraform to 1.4.x fixed this for me |
NOTE: I cannot reproduce this error using Terraform v1.5+/AWS provider v5.7+ after trying various configurations. Retry using a minimum of Terraform v1.4.2/AWS provider v4.67.0 but preferably Terraform v1.5.3+/AWS provider v5.8.0+ and let us know if this is still a problem! If we don't hear back and can't reproduce, we plan to close this on or around July 20, 2023. The evidence suggests this is OBE (ie, fixed in the interim). |
I tried this config to reproduce this specific issue. I got no errors. Here's my process to attempt to reproduce the problem:
Configprovider "aws" {
default_tags {
tags = {
fine_night = "tonight"
fine_day = "tomorrow"
}
}
}
resource "aws_wafv2_regex_pattern_set" "test" {
name = "wafv23992test"
description = "Example regex pattern set"
scope = "REGIONAL"
regular_expression {
regex_string = "one"
}
regular_expression {
regex_string = "two"
}
}
resource "aws_wafv2_web_acl" "test" {
name = "wafv23992test"
scope = "REGIONAL"
default_action {
allow {}
}
visibility_config {
cloudwatch_metrics_enabled = false
metric_name = "Test-ACLS-metrics-dev"
sampled_requests_enabled = false
}
tags = {
"desc" = "sample test"
}
rule {
name = "Test-Rate-Limits-dev"
priority = 0
statement {
rate_based_statement {
aggregate_key_type = "IP"
limit = 500
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "Test-Rate-Limits-dev"
sampled_requests_enabled = true
}
action {
block {
custom_response {
response_code = 403
}
}
}
}
rule {
name = "HEAnet-custom-deny-URL-Rule"
priority = 8
action {
block {}
}
statement {
regex_pattern_set_reference_statement {
arn = aws_wafv2_regex_pattern_set.test.arn
field_to_match {
query_string {}
}
text_transformation {
priority = 0
type = "NONE"
}
}
}
visibility_config {
cloudwatch_metrics_enabled = true
metric_name = "Test-custom-deny-URL-Rule-dev"
sampled_requests_enabled = true
}
}
} |
Hi all 👋 As was mentioned above, this issue appears to be fixed when using a minimum Terraform version of 1.4.2 and a minimum AWS Provider version of 4.67.0 (preferably Terraform 1.5.3 or later and AWS Provider 5.8.0 or later). If you experience any additional unexpected behaviors with versions that meet these requirements, please open a new issue so that we can investigate further. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Related:
aws_wafv2_web_acl
#27175aws_wafv2_web_acl
configurations #27273aws_wafv2_web_acl
description/tag changes result in inconsistent final plan #27479Terraform CLI and Terraform AWS Provider Version
Terraform v1.1.6
on linux_amd64
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
Panic Output
Expected Behavior
created/updated resourse
Actual Behavior
There are two issues.
Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply": aws_wafv2_web_acl.test-waf has changed ~ resource "aws_wafv2_web_acl" "test-waf" { id = "663afe0a-40f9-44f7-881a-74cea5ded06c" name = "Test-ACLS-dev" tags = {} # (5 unchanged attributes hidden) # (4 unchanged blocks hidden) }
2 . then when you update for example tags in aws_wafv2_web_acl and run apply the terraform throws an error.
vertex "aws_wafv2_web_acl.test-waf" error: Provider produced inconsistent final plan
when modified tags in aws_wafv2_web_acl and apply changes:
vertex "aws_wafv2_web_acl.test-waf" error: Provider produced inconsistent final plan
Steps to Reproduce
terraform apply
terraform apply
Important Factoids
References
The text was updated successfully, but these errors were encountered: