v1.9.0: VPC Endpoint Data Resource no longer works in GovCloud

[lorengordon]

As of v1.9.0 of the terraform aws provider, I can no longer use the aws_vpc_endpoint_service data resource to get the service_name for the S3 VPC Endpoint in a GovCloud region. If I revert back to v1.8.0, it works fine.

Terraform Version

> terraform -v
Terraform v0.11.3

Affected Resource(s)

• aws_vpc_endpoint_service

Terraform Configuration Files

provider "aws" {
  version = "1.9.0"
}

data "aws_vpc_endpoint_service" "s3" {
  service = "s3"
}

resource "aws_vpc_endpoint" "s3" {
  vpc_id       = "vpc-foovpcid"
  service_name = "${data.aws_vpc_endpoint_service.s3.service_name}"
}

Debug Output

Debug output

Gist contains both the non-working behavior in v1.9.0 and the working behavior in v1.8.0.

Expected Behavior

Expected the data resource to resolve and provide the service_name, as it does in v1.8.0.

> terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_vpc_endpoint_service.s3: Refreshing state...

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + aws_vpc_endpoint.s3
      id:                <computed>
      cidr_blocks.#:     <computed>
      policy:            <computed>
      prefix_list_id:    <computed>
      route_table_ids.#: <computed>
      service_name:      "com.amazonaws.us-gov-west-1.s3"
      vpc_id:            "vpc-foovpcid"


Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

Actual Behavior

terraform plan threw an error:

> terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.aws_vpc_endpoint_service.s3: Refreshing state...

Error: Error refreshing state: 1 error(s) occurred:

* data.aws_vpc_endpoint_service.s3: 1 error(s) occurred:

* data.aws_vpc_endpoint_service.s3: data.aws_vpc_endpoint_service.s3: no matching VPC Endpoint Service found

Steps to Reproduce

1. terraform plan

[ewbankkit]

Probably related to #3317.

[lorengordon]

@jmcarp Any ideas? I'm no good with Go or I'd try to patch it myself. I'd be happy to test a fix, of course.

[bflad]

Hi @lorengordon, thanks so much for reporting this and sorry that you are running into trouble here. For full disclosure, there are some improvements we could make on the maintainer side for handling acceptance testing of the AWS US Government partition as currently any testing is very manual. I'll spend some time the coming days to write up what will be required to get fully automated testing setup so it can be on our product roadmap and prioritized.

In the meantime, I'll try to to take a look at this on Monday.

[bflad]

Fix has been merged into master and will be released with v1.11.0 of the AWS provider, likely at the end of this week.

[lorengordon]

Thanks @jmcarp and @bflad!

[bflad]

This has been released in version 1.11.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!