[Bug]: Import for aws_vpc_ipam_pool_cidr_allocation had no effect

[bebold-jhr]

Terraform Core Version

1.3.7

AWS Provider Version

4.46.0

Affected Resource(s)

• aws_vpc_ipam_pool_cidr_allocation

Expected Behavior

During creation of the resource we encountered an error. However the resource had been created in AWS, but was shown as tainted in the plan. What we wanted to do was re-import the resource.

So we first removed the tainted resource:

terraform state rm module.####.aws_vpc_ipam_pool_cidr_allocation.this

Then we wanted to import the resource via:

  terraform import module.####.aws_vpc_ipam_pool_cidr_allocation.this ipam-pool-alloc-####_ipam-pool-####

Afterwards the resource should've been part of the terraform state without any changes in the plan.

Actual Behavior

The documentation says

IPAMs can be imported using the allocation id, e.g.
$ terraform import aws_vpc_ipam_pool_cidr_allocation.example

However the example doesn't show the usage of the allocation id. Which might be incorrect in the documentation.
We then tried to import the resource using

  terraform import module.####.aws_vpc_ipam_pool_cidr_allocation.this ipam-pool-alloc-####_ipam-pool-####

Import was allegedly successful, but nothing had happened. The resource was presented as a completely new resource in the next plan.

So is the import not working? Was our assumption to add the id in the import command incorrect? Is the example not correct?

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_vpc_ipam_pool_cidr_allocation" "this" {
  ipam_pool_id = data.aws_vpc_ipam_pool.this.id
  cidr         = data.aws_vpc_ipam_preview_next_cidr.this.cidr
  description = "value"

  lifecycle {
    ignore_changes = [
      cidr,
      description # forces replacement
    ]
  }
}

locals {
  cidr = aws_vpc_ipam_pool_cidr_allocation.this.cidr
}

Steps to Reproduce

• Create a new aws_vpc_ipam_pool_cidr_allocation
• Fail with: Error: reading IPAM Pool CIDR Allocation (ipam-pool-alloc-xxxxxxxxxxx_ipam-pool-xxxxxxxxxx): couldn't find resource
• Remove tainted resource from state
• Try to import

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

#28913

Would you like to implement a fix?

No

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[mattburgess]

@bebold-jhr this issue was automatically closed because of the doc fix for the import instructions being merged. Beyond that, though, I was unable to replicate your issue. Here's my Terraform code:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "= 4.50.0"
    }
  }
}

provider "aws" {
  region = "eu-west-2"
}

data "aws_region" "current" {}

resource "aws_vpc_ipam" "test" {
  operating_regions {
    region_name = data.aws_region.current.name
  }
}

resource "aws_vpc_ipam_pool" "test" {
  address_family = "ipv4"
  ipam_scope_id  = aws_vpc_ipam.test.private_default_scope_id
  locale         = data.aws_region.current.name
}

resource "aws_vpc_ipam_pool_cidr" "test" {
  ipam_pool_id = aws_vpc_ipam_pool.test.id
  cidr         = "172.2.0.0/24"
}

resource "aws_vpc_ipam_pool_cidr_allocation" "test" {
  ipam_pool_id = aws_vpc_ipam_pool.test.id
  cidr         = cidrsubnet(aws_vpc_ipam_pool_cidr.test.cidr, 4, 0)
}

And here's my reproducer script:

#!/bin/sh

terraform apply -auto-approve
pool_alloc_id=$(terraform state show aws_vpc_ipam_pool_cidr_allocation.test | awk '$3 ~ /ipam-pool-alloc-.*ipam-pool-/ { gsub(/"/, "", $3); print $3 }')
terraform state show aws_vpc_ipam_pool_cidr_allocation.test
terraform state rm aws_vpc_ipam_pool_cidr_allocation.test
terraform import aws_vpc_ipam_pool_cidr_allocation.test ${pool_alloc_id}
terraform plan

Here's the output showing that the state rm, import and subsequent plan commands result in no changes. If you're still able to reproduce this then please let us know and we'll take another look. Thanks!

$ ./test.sh 
data.aws_region.current: Reading...
data.aws_region.current: Read complete after 0s [id=eu-west-2]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_vpc_ipam.test will be created
  + resource "aws_vpc_ipam" "test" {
      + arn                      = (known after apply)
      + id                       = (known after apply)
      + private_default_scope_id = (known after apply)
      + public_default_scope_id  = (known after apply)
      + scope_count              = (known after apply)
      + tags_all                 = (known after apply)

      + operating_regions {
          + region_name = "eu-west-2"
        }
    }

  # aws_vpc_ipam_pool.test will be created
  + resource "aws_vpc_ipam_pool" "test" {
      + address_family  = "ipv4"
      + arn             = (known after apply)
      + auto_import     = false
      + id              = (known after apply)
      + ipam_scope_id   = (known after apply)
      + ipam_scope_type = (known after apply)
      + locale          = "eu-west-2"
      + pool_depth      = (known after apply)
      + state           = (known after apply)
      + tags_all        = (known after apply)
    }

  # aws_vpc_ipam_pool_cidr.test will be created
  + resource "aws_vpc_ipam_pool_cidr" "test" {
      + cidr         = "172.2.0.0/24"
      + id           = (known after apply)
      + ipam_pool_id = (known after apply)
    }

  # aws_vpc_ipam_pool_cidr_allocation.test will be created
  + resource "aws_vpc_ipam_pool_cidr_allocation" "test" {
      + cidr                    = "172.2.0.0/28"
      + id                      = (known after apply)
      + ipam_pool_allocation_id = (known after apply)
      + ipam_pool_id            = (known after apply)
      + resource_id             = (known after apply)
      + resource_owner          = (known after apply)
      + resource_type           = (known after apply)
    }

Plan: 4 to add, 0 to change, 0 to destroy.
aws_vpc_ipam.test: Creating...
aws_vpc_ipam.test: Creation complete after 6s [id=ipam-073dc05f1f7339027]
aws_vpc_ipam_pool.test: Creating...
aws_vpc_ipam_pool.test: Creation complete after 9s [id=ipam-pool-049638b27f930c431]
aws_vpc_ipam_pool_cidr.test: Creating...
aws_vpc_ipam_pool_cidr.test: Still creating... [10s elapsed]
aws_vpc_ipam_pool_cidr.test: Creation complete after 13s [id=172.2.0.0/24_ipam-pool-049638b27f930c431]
aws_vpc_ipam_pool_cidr_allocation.test: Creating...
aws_vpc_ipam_pool_cidr_allocation.test: Creation complete after 0s [id=ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938_ipam-pool-049638b27f930c431]

Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
# aws_vpc_ipam_pool_cidr_allocation.test:
resource "aws_vpc_ipam_pool_cidr_allocation" "test" {
    cidr                    = "172.2.0.0/28"
    id                      = "ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938_ipam-pool-049638b27f930c431"
    ipam_pool_allocation_id = "ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938"
    ipam_pool_id            = "ipam-pool-049638b27f930c431"
    resource_owner          = "320797911953"
    resource_type           = "custom"
}
Removed aws_vpc_ipam_pool_cidr_allocation.test
Successfully removed 1 resource instance(s).
data.aws_region.current: Reading...
data.aws_region.current: Read complete after 0s [id=eu-west-2]
aws_vpc_ipam_pool_cidr_allocation.test: Importing from ID "ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938_ipam-pool-049638b27f930c431"...
aws_vpc_ipam_pool_cidr_allocation.test: Import prepared!
  Prepared aws_vpc_ipam_pool_cidr_allocation for import
aws_vpc_ipam_pool_cidr_allocation.test: Refreshing state... [id=ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938_ipam-pool-049638b27f930c431]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

data.aws_region.current: Reading...
data.aws_region.current: Read complete after 0s [id=eu-west-2]
aws_vpc_ipam.test: Refreshing state... [id=ipam-073dc05f1f7339027]
aws_vpc_ipam_pool.test: Refreshing state... [id=ipam-pool-049638b27f930c431]
aws_vpc_ipam_pool_cidr.test: Refreshing state... [id=172.2.0.0/24_ipam-pool-049638b27f930c431]
aws_vpc_ipam_pool_cidr_allocation.test: Refreshing state... [id=ipam-pool-alloc-0272f2f2a1ad642039d3f6c6abfa54938_ipam-pool-049638b27f930c431]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are needed.

[github-actions]

This functionality has been released in v4.51.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.