-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_route53_record.test_cert_validation issue with aws provider #9596
Comments
The same code has been used regularly until about a week ago when it started failing. |
This appears to be a region specific problem. If I run the acceptance test
|
I've started getting the same error on us-east-1 and other regions and that made my whole infrastructure undeployable. Is that a breaking change from AWS? |
@zygimantas Definitely seems that way, this started happening for us about a week ago in ap-southeast-2. Investigating with the AWS CLI, it looks like describe certificate is now returning an empty validation options array to start with - it resolves later. This change is breaking the terraform code as it doesn't retry in that scenario. |
Hi everyone 👋 Thank you so much for reporting this issue and sorry its being so problematic. 😖 The additional information being provided is super helpful. Indeed this does like an API change that is being problematic with the The error messaging shown in this issue, is relevant for Terraform 0.11 and earlier, e.g.
While the error messaging shown in #9616, is the equivalent for Terraform 0.12 and later, e.g.
We are opting to consolidate similar reports of the same underlying issue here in this issue just to keep discussions and efforts in one location. It looks like a potential fix has been submitted in #9598 so we will be taking a look at that shortly. I'll provide an additional update here once we have verified that pull request, hopefully later today. Thanks everyone for your patience and hoping this can get addressed quickly. |
See my latest comment in #9345 under this section |
The fix for this has been merged and will release with version 2.23.0 of the Terraform AWS Provider. Our releases generally occur on Thursdays, but given the nature of this bug, we may release sooner. |
Is there a workaround for this? Our deployment scripts keep failing because of this error. Thanks, |
@angiedev on my side besides fixing the code of the provider myself, relaunching the deployment a 2nd time right after it fails just works |
Thanks @obourdon. Unfortunately this doesn't work for me. I am attempting to change our deployment scripts to get around this issue. I hope the fix will be available soon. I greatly appreciate everyone's efforts in getting this fixed. |
I am trying to find a workaround since when I create my cert using: My output vars are coming out blank: As a workaround I thought I could try looking up the cert after the fact and then get the values but that did not work either: data "aws_acm_certificate" "arb_certificate_recall" { output "arb_cert_record_name" { output "arb_cert_record_type" { output "arb_cert_record_value" { The values are still blank. Is there another approach you could recommend? I am unable to deploy. I would appreciate any tips! |
@angiedev on my side before changing the AWS provider code I was thinking about using some kind of "delay method" which could probably be combined with that you tried above but this is more like a wild guess ... |
When will they release v2.23.0? |
@jltuts: from what @bflad told above
We are Wednesday so I guess that the plan is still to make this release happen tomorrow. |
@obourdon, |
This has been released in version 2.23.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I just tested it and it works well! Thanks guys... |
me too, confirming that 2.23.0 solves the issues. Many thanks to all |
Works great!! Thanks so much! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
Terraform v0.11.14
Affected Resource(s)
Terraform Configuration Files
Debug Output
terraform apply output below....
data.aws_route53_zone.cluster_zone: Refreshing state...
aws_acm_certificate.test_cert: Creating...
arn: "" => ""
domain_name: "" => ""
domain_validation_options.#: "" => ""
subject_alternative_names.#: "" => ""
tags.%: "" => "5"
.
.
.
validation_emails.#: "" => ""
validation_method: "" => "DNS"
aws_acm_certificate.test_cert: Creation complete after 3s (ID: )
Error: Error applying plan:
1 error occurred:
Panic Output
Expected Behavior
should create the aws_route53_record
Actual Behavior
1 error occurred:
Steps to Reproduce
terraform apply
on the following code replacing redacted values with suitable values.
provider "aws" {
region = "ap-southeast-2"
version = "~> 2.21.1"
assume_role {
role_arn = "arn:aws:iam:::role/"
session_name = "SESSION_NAME"
external_id = "EXTERNAL_ID"
}
}
resource "aws_acm_certificate" "test_cert" {
domain_name = " "
validation_method = "DNS"
tags {
}
}
data "aws_route53_zone" "cluster_zone" {
name = ""
private_zone = false
}
resource "aws_route53_record" "test_cert_validation" {
name = "${aws_acm_certificate.test_cert.domain_validation_options.0.resource_record_name}"
type = "${aws_acm_certificate.test_cert.domain_validation_options.0.resource_record_type}"
zone_id = "${data.aws_route53_zone.cluster_zone.zone_id}"
records = ["${aws_acm_certificate.test_cert.domain_validation_options.0.resource_record_value}"]
ttl = 60
}
resource "aws_acm_certificate_validation" "test_cert" {
certificate_arn = "${aws_acm_certificate.test_cert.arn}"
validation_record_fqdns = ["${aws_route53_record.test_cert_validation.fqdn}"]
}
Important Factoids
References
The text was updated successfully, but these errors were encountered: