Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Provider produced inconsistent final plan #17884

Closed
intechops6 opened this issue Mar 2, 2021 · 11 comments
Closed

Error: Provider produced inconsistent final plan #17884

intechops6 opened this issue Mar 2, 2021 · 11 comments
Labels
bug Addresses a defect in current functionality. service/lambda Issues and PRs that pertain to the lambda service.

Comments

@intechops6
Copy link

Terraform CLI and Terraform AWS Provider Version

"version": 4,
"terraform_version": "0.13.4"

Affected Resource(s)

aws_lambda_function - could not create the lambda function in the aws environment

Panic Output

Error: Provider produced inconsistent final plan

When expanding the plan for
module.create-lambda.aws_lambda_function.make_lambda to include
new values learned so far during apply, provider "registry.terraform.io/-/aws"
produced an invalid new value for .source_code_hash: was
cty.StringVal("FycrDOHF/Hd+E6e0Es3ZsuWiGPLSQdDFVw++adaBhJg="), but now
cty.StringVal("huJ5Mt3CVH7A6FlGSxMotgn0Q/tygsWTJkzIBiI1rPY=").

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ Terraform Apply ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲
Failed To Run Terraform Apply!

Expected Behavior

Expecting to create the aws lambda function.

Actual Behavior

It is not creating the lambda function since the hash of terraform plan and terraform apply is different.

Steps to Reproduce

create the terraform.tfvars, variables.tf and lambda.tf

terraform.tfvars
lambda_function_name = "test-lambda"
lambda_handler_name = "lambda_function.lambda_handler"
lambda_runtime = "python3.8"
lambda_timeout = "360"
lambda_package_name = "../../../../../dir-path/function.zip"
lambda_role_arn = "arn:aws:iam::xxxxxxxxx:role/path/lambda_role"

variables.tf
variable "lambda_function_name" {
type = string
}
variable "lambda_handler_name" {
type = string
}
variable "lambda_runtime" {
type = string
}
variable "lambda_timeout" {
type = string
}
variable "lambda_package_name" {
type = string
}
variable "lambda_role_arn" {
type = string
}

lambda.tf
module "create-lambda" {
source = "../../../../../athena-dir/modules/"
lambda_function_name = "${var.lambda_function_name}"
lambda_handler_name = "${var.lambda_handler_name}"
lambda_runtime = "${var.lambda_runtime}"
lambda_timeout = "${var.lambda_timeout}"
lambda_package_name = "${var.lambda_package_name}"
lambda_role_arn = "${var.lambda_role_arn}"
}

lambda.tf
resource "aws_lambda_function" "make_lambda" {
function_name = var.lambda_function_name
handler = var.lambda_handler_name
runtime = var.lambda_runtime
timeout = var.lambda_timeout
filename = var.lambda_package_name
source_code_hash = "${filebase64sha256(var.lambda_package_name)}"
role = var.lambda_role_arn
}

then, run terraform plan and apply.
@ghost ghost added the service/lambda Issues and PRs that pertain to the lambda service. label Mar 2, 2021
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Mar 2, 2021
@bflad bflad added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Mar 3, 2021
@bflad
Copy link
Contributor

bflad commented Mar 3, 2021

Hi @intechops6 👋 Thank you for reporting this and sorry you ran into trouble here. Could you please provide us with some additional information so we can look into this further?

  • Terraform AWS Provider version (only Terraform CLI and state version is above)
  • Is the underlying file of var.lambda_package_name being updated during the same Terraform run?
  • Can you show the output of terraform plan before this occurs?

@bflad bflad added the waiting-response Maintainers are waiting on response from community or contributor. label Mar 3, 2021
@jkucan
Copy link

jkucan commented Mar 10, 2021

I am seeing the same issue with

Terraform v0.14.7
+ provider registry.terraform.io/hashicorp/archive v2.1.0
+ provider registry.terraform.io/hashicorp/aws v3.31.0

The underlying file

  source_code_hash = fileexists(local.code_filepath) ? filebase64sha256(local.code_filepath) : 0

should not change (it's an archive). The archive content does not change, but I see the modification timestamp on the file is changed every time I run terraform apply

The archive is defined as

data "archive_file" "lambda_zip__example" {
  type = "zip"
  output_path = local.code_filepath
  source_dir = "/mnt/terraform/code"
}

@ghost ghost removed waiting-response Maintainers are waiting on response from community or contributor. labels Mar 10, 2021
@ZsoltPath
Copy link
Contributor

I've just bumped into the same issue at registry.terraform.io/hashicorp/aws v3.35.0

@JimBeam2019
Copy link

Hi @bflad, I have encountered the same issue recently.

Error: Provider produced inconsistent final plan

When expanding the plan for module.lambda_function_in_vpc.aws_lambda_function.this[0] to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .source_code_hash: was cty.StringVal("07fnZ38puKEHcwPIuaGymBqATq152C/Z2aoxLMWPRH0="), but now cty.StringVal("QEc9FactlOpwYYSoFSypHewANDU30G0dhbNDfMmltFM=").

The Terraform AWS Provider version is 3.37.0 linux amd64.

Here is the output of terraform plan below.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
 <= read (data resources)

Terraform will perform the following actions:

  # aws_db_parameter_group.example will be created
  + resource "aws_db_parameter_group" "example" {
      + arn         = (known after apply)
      + description = "postgresql-aurora-db-postgres11-parameter-group"
      + family      = "aurora-postgresql11"
      + id          = (known after apply)
      + name        = "postgresql-aurora-db-postgres11-parameter-group"
      + name_prefix = (known after apply)
      + tags        = {
          + "Environment" = "dev"
          + "Owner"       = "user"
        }
    }

  # aws_rds_cluster_parameter_group.example will be created
  + resource "aws_rds_cluster_parameter_group" "example" {
      + arn         = (known after apply)
      + description = "postgresql-aurora-postgres11-cluster-parameter-group"
      + family      = "aurora-postgresql11"
      + id          = (known after apply)
      + name        = "postgresql-aurora-postgres11-cluster-parameter-group"
      + name_prefix = (known after apply)
      + tags        = {
          + "Environment" = "dev"
          + "Owner"       = "user"
        }
    }

  # null_resource.lambda_deploy will be created
  + resource "null_resource" "lambda_deploy" {
      + id = (known after apply)
    }

  # module.api_gateway_v2.aws_apigatewayv2_api.this[0] will be created
  + resource "aws_apigatewayv2_api" "this" {
      + api_endpoint                 = (known after apply)
      + api_key_selection_expression = "$request.header.x-api-key"
      + arn                          = (known after apply)
      + execution_arn                = (known after apply)
      + id                           = (known after apply)
      + name                         = "Lambda Aurora"
      + protocol_type                = "HTTP"
      + route_selection_expression   = "$request.method $request.path"
      + tags                         = {
          + "Name" = "private-api"
        }

      + cors_configuration {
          + allow_headers = [
              + "authorization",
              + "content-type",
              + "x-amz-date",
              + "x-amz-security-token",
              + "x-amz-user-agent",
              + "x-api-key",
            ]
          + allow_methods = [
              + "*",
            ]
          + allow_origins = [
              + "*",
            ]
        }
    }

  # module.api_gateway_v2.aws_apigatewayv2_integration.this["$default"] will be created
  + resource "aws_apigatewayv2_integration" "this" {
      + api_id                                    = (known after apply)
      + connection_id                             = (known after apply)
      + connection_type                           = "INTERNET"
      + id                                        = (known after apply)
      + integration_method                        = "POST"
      + integration_response_selection_expression = (known after apply)
      + integration_type                          = (known after apply)
      + integration_uri                           = (known after apply)
      + payload_format_version                    = "1.0"
      + timeout_milliseconds                      = (known after apply)
    }

  # module.api_gateway_v2.aws_apigatewayv2_integration.this["ANY /"] will be created
  + resource "aws_apigatewayv2_integration" "this" {
      + api_id                                    = (known after apply)
      + connection_id                             = (known after apply)
      + connection_type                           = "INTERNET"
      + id                                        = (known after apply)
      + integration_method                        = "POST"
      + integration_response_selection_expression = (known after apply)
      + integration_type                          = (known after apply)
      + integration_uri                           = (known after apply)
      + payload_format_version                    = "2.0"
      + timeout_milliseconds                      = 12000
    }

  # module.api_gateway_v2.aws_apigatewayv2_route.this["$default"] will be created
  + resource "aws_apigatewayv2_route" "this" {
      + api_id             = (known after apply)
      + api_key_required   = false
      + authorization_type = "NONE"
      + id                 = (known after apply)
      + route_key          = "$default"
      + target             = (known after apply)
    }

  # module.api_gateway_v2.aws_apigatewayv2_route.this["ANY /"] will be created
  + resource "aws_apigatewayv2_route" "this" {
      + api_id             = (known after apply)
      + api_key_required   = false
      + authorization_type = "NONE"
      + id                 = (known after apply)
      + route_key          = "ANY /"
      + target             = (known after apply)
    }

  # module.api_gateway_v2.aws_apigatewayv2_stage.default[0] will be created
  + resource "aws_apigatewayv2_stage" "default" {
      + api_id        = (known after apply)
      + arn           = (known after apply)
      + auto_deploy   = true
      + deployment_id = (known after apply)
      + execution_arn = (known after apply)
      + id            = (known after apply)
      + invoke_url    = (known after apply)
      + name          = "$default"
      + tags          = {
          + "Name" = "private-api"
        }
    }

  # module.api_gateway_v2.aws_apigatewayv2_vpc_link.this["my-vpc"] will be created
  + resource "aws_apigatewayv2_vpc_link" "this" {
      + arn                = (known after apply)
      + id                 = (known after apply)
      + name               = "my-vpc"
      + security_group_ids = (known after apply)
      + subnet_ids         = (known after apply)
      + tags               = {
          + "Name" = "private-api"
        }
    }

  # module.aurora.aws_rds_cluster.this[0] will be created
  + resource "aws_rds_cluster" "this" {
      + allow_major_version_upgrade         = false
      + apply_immediately                   = true
      + arn                                 = (known after apply)
      + availability_zones                  = (known after apply)
      + backtrack_window                    = 0
      + backup_retention_period             = 7
      + cluster_identifier                  = "postgresql"
      + cluster_identifier_prefix           = (known after apply)
      + cluster_members                     = (known after apply)
      + cluster_resource_id                 = (known after apply)
      + copy_tags_to_snapshot               = false
      + database_name                       = (known after apply)
      + db_cluster_parameter_group_name     = (known after apply)
      + db_subnet_group_name                = "postgresql"
      + deletion_protection                 = false
      + enable_http_endpoint                = false
      + enabled_cloudwatch_logs_exports     = [
          + "postgresql",
        ]
      + endpoint                            = (known after apply)
      + engine                              = "aurora-postgresql"
      + engine_mode                         = "provisioned"
      + engine_version                      = "11.9"
      + final_snapshot_identifier           = (known after apply)
      + global_cluster_identifier           = ""
      + hosted_zone_id                      = (known after apply)
      + iam_database_authentication_enabled = true
      + id                                  = (known after apply)
      + kms_key_id                          = (known after apply)
      + master_password                     = (sensitive value)
      + master_username                     = (sensitive)
      + port                                = 5432
      + preferred_backup_window             = "02:00-03:00"
      + preferred_maintenance_window        = "sun:05:00-sun:06:00"
      + reader_endpoint                     = (known after apply)
      + replication_source_identifier       = ""
      + skip_final_snapshot                 = true
      + source_region                       = ""
      + storage_encrypted                   = true
      + tags                                = {
          + "Environment" = "dev"
          + "Owner"       = "user"
        }
      + vpc_security_group_ids              = (known after apply)
    }

  # module.aurora.aws_rds_cluster_instance.this[0] will be created
  + resource "aws_rds_cluster_instance" "this" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = "rds-ca-2019"
      + cluster_identifier              = (known after apply)
      + copy_tags_to_snapshot           = false
      + db_parameter_group_name         = (known after apply)
      + db_subnet_group_name            = "postgresql"
      + dbi_resource_id                 = (known after apply)
      + endpoint                        = (known after apply)
      + engine                          = "aurora-postgresql"
      + engine_version                  = "11.9"
      + id                              = (known after apply)
      + identifier                      = "postgresql-1"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.t3.medium"
      + kms_key_id                      = (known after apply)
      + monitoring_interval             = 0
      + monitoring_role_arn             = (known after apply)
      + performance_insights_enabled    = false
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "sun:05:00-sun:06:00"
      + promotion_tier                  = 1
      + publicly_accessible             = false
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Owner"       = "user"
        }
      + writer                          = (known after apply)
    }

  # module.aurora.aws_rds_cluster_instance.this[1] will be created
  + resource "aws_rds_cluster_instance" "this" {
      + apply_immediately               = true
      + arn                             = (known after apply)
      + auto_minor_version_upgrade      = true
      + availability_zone               = (known after apply)
      + ca_cert_identifier              = "rds-ca-2019"
      + cluster_identifier              = (known after apply)
      + copy_tags_to_snapshot           = false
      + db_parameter_group_name         = (known after apply)
      + db_subnet_group_name            = "postgresql"
      + dbi_resource_id                 = (known after apply)
      + endpoint                        = (known after apply)
      + engine                          = "aurora-postgresql"
      + engine_version                  = "11.9"
      + id                              = (known after apply)
      + identifier                      = "postgresql-2"
      + identifier_prefix               = (known after apply)
      + instance_class                  = "db.t3.medium"
      + kms_key_id                      = (known after apply)
      + monitoring_interval             = 0
      + monitoring_role_arn             = (known after apply)
      + performance_insights_enabled    = false
      + performance_insights_kms_key_id = (known after apply)
      + port                            = (known after apply)
      + preferred_backup_window         = (known after apply)
      + preferred_maintenance_window    = "sun:05:00-sun:06:00"
      + promotion_tier                  = 2
      + publicly_accessible             = false
      + storage_encrypted               = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Owner"       = "user"
        }
      + writer                          = (known after apply)
    }

  # module.aurora.aws_security_group.this[0] will be created
  + resource "aws_security_group" "this" {
      + arn                    = (known after apply)
      + description            = "Managed by Terraform"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = (known after apply)
      + name                   = (known after apply)
      + name_prefix            = "postgresql-"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Environment" = "dev"
          + "Name"        = "aurora-postgresql"
          + "Owner"       = "user"
        }
      + vpc_id                 = (known after apply)
    }

  # module.aurora.aws_security_group_rule.cidr_ingress[0] will be created
  + resource "aws_security_group_rule" "cidr_ingress" {
      + cidr_blocks              = [
          + "10.99.3.0/24",
          + "10.99.4.0/24",
          + "10.99.5.0/24",
        ]
      + description              = "From allowed CIDRs"
      + from_port                = 5432
      + id                       = (known after apply)
      + protocol                 = "tcp"
      + security_group_id        = (known after apply)
      + self                     = false
      + source_security_group_id = (known after apply)
      + to_port                  = 5432
      + type                     = "ingress"
    }

  # module.aurora.random_id.snapshot_identifier[0] will be created
  + resource "random_id" "snapshot_identifier" {
      + b64_std     = (known after apply)
      + b64_url     = (known after apply)
      + byte_length = 4
      + dec         = (known after apply)
      + hex         = (known after apply)
      + id          = (known after apply)
      + keepers     = {
          + "id" = "postgresql"
        }
    }

  # module.lambda_function_in_vpc.data.aws_iam_policy.vpc[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy" "vpc"  {
      + arn         = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess"
      + description = (known after apply)
      + id          = (known after apply)
      + name        = (known after apply)
      + path        = (known after apply)
      + policy      = (known after apply)
      + policy_id   = (known after apply)
      + tags        = (known after apply)
    }

  # module.lambda_function_in_vpc.data.aws_iam_policy_document.assume_role[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "assume_role"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions = [
              + "sts:AssumeRole",
            ]
          + effect  = "Allow"

          + principals {
              + identifiers = [
                  + "lambda.amazonaws.com",
                ]
              + type        = "Service"
            }
        }
    }

  # module.lambda_function_in_vpc.data.aws_iam_policy_document.logs[0] will be read during apply
  # (config refers to values not yet known)
 <= data "aws_iam_policy_document" "logs"  {
      + id   = (known after apply)
      + json = (known after apply)

      + statement {
          + actions   = [
              + "logs:CreateLogGroup",
              + "logs:CreateLogStream",
              + "logs:PutLogEvents",
            ]
          + effect    = "Allow"
          + resources = [
              + (known after apply),
              + (known after apply),
            ]
        }
    }

  # module.lambda_function_in_vpc.aws_cloudwatch_log_group.lambda[0] will be created
  + resource "aws_cloudwatch_log_group" "lambda" {
      + arn               = (known after apply)
      + id                = (known after apply)
      + name              = "/aws/lambda/postgras-lambda"
      + retention_in_days = 0
    }

  # module.lambda_function_in_vpc.aws_iam_policy.logs[0] will be created
  + resource "aws_iam_policy" "logs" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "postgras-lambda-logs"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
    }

  # module.lambda_function_in_vpc.aws_iam_policy.vpc[0] will be created
  + resource "aws_iam_policy" "vpc" {
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "postgras-lambda-vpc"
      + path      = "/"
      + policy    = (known after apply)
      + policy_id = (known after apply)
    }

  # module.lambda_function_in_vpc.aws_iam_policy_attachment.logs[0] will be created
  + resource "aws_iam_policy_attachment" "logs" {
      + id         = (known after apply)
      + name       = "postgras-lambda-logs"
      + policy_arn = (known after apply)
      + roles      = [
          + "postgras-lambda",
        ]
    }

  # module.lambda_function_in_vpc.aws_iam_policy_attachment.vpc[0] will be created
  + resource "aws_iam_policy_attachment" "vpc" {
      + id         = (known after apply)
      + name       = "postgras-lambda-vpc"
      + policy_arn = (known after apply)
      + roles      = [
          + "postgras-lambda",
        ]
    }

  # module.lambda_function_in_vpc.aws_iam_role.lambda[0] will be created
  + resource "aws_iam_role" "lambda" {
      + arn                   = (known after apply)
      + assume_role_policy    = (known after apply)
      + create_date           = (known after apply)
      + force_detach_policies = true
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "postgras-lambda"
      + path                  = "/"
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # module.lambda_function_in_vpc.aws_lambda_function.this[0] will be created
  + resource "aws_lambda_function" "this" {
      + arn                            = (known after apply)
      + description                    = "Lambda function"
      + filename                       = "/media/jimbeam/DATA/Project/DevOps/MyAWS_Aurora/build/index.zip"
      + function_name                  = "postgras-lambda"
      + handler                        = "index.handler"
      + id                             = (known after apply)
      + invoke_arn                     = (known after apply)
      + last_modified                  = (known after apply)
      + memory_size                    = 128
      + package_type                   = "Zip"
      + publish                        = true
      + qualified_arn                  = (known after apply)
      + reserved_concurrent_executions = -1
      + role                           = (known after apply)
      + runtime                        = "nodejs12.x"
      + signing_job_arn                = (known after apply)
      + signing_profile_version_arn    = (known after apply)
      + source_code_hash               = "07fnZ38puKEHcwPIuaGymBqATq152C/Z2aoxLMWPRH0="
      + source_code_size               = (known after apply)
      + timeout                        = 3
      + version                        = (known after apply)

      + environment {
          + variables = (known after apply)
        }

      + tracing_config {
          + mode = (known after apply)
        }

      + vpc_config {
          + security_group_ids = (known after apply)
          + subnet_ids         = (known after apply)
          + vpc_id             = (known after apply)
        }
    }

  # module.lambda_function_in_vpc.aws_lambda_permission.current_version_triggers["AllowExecutionFromAPIGateway"] will be created
  + resource "aws_lambda_permission" "current_version_triggers" {
      + action        = "lambda:InvokeFunction"
      + function_name = "postgras-lambda"
      + id            = (known after apply)
      + principal     = "apigateway.amazonaws.com"
      + qualifier     = (known after apply)
      + source_arn    = (known after apply)
      + statement_id  = "AllowExecutionFromAPIGateway"
    }

  # module.lambda_function_in_vpc.aws_lambda_permission.unqualified_alias_triggers["AllowExecutionFromAPIGateway"] will be created
  + resource "aws_lambda_permission" "unqualified_alias_triggers" {
      + action        = "lambda:InvokeFunction"
      + function_name = "postgras-lambda"
      + id            = (known after apply)
      + principal     = "apigateway.amazonaws.com"
      + source_arn    = (known after apply)
      + statement_id  = "AllowExecutionFromAPIGateway"
    }

  # module.vpc.aws_db_subnet_group.database[0] will be created
  + resource "aws_db_subnet_group" "database" {
      + arn         = (known after apply)
      + description = "Database subnet group for postgresql"
      + id          = (known after apply)
      + name        = "postgresql"
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
      + tags        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql"
          + "Owner"       = "user"
        }
    }

  # module.vpc.aws_internet_gateway.this[0] will be created
  + resource "aws_internet_gateway" "this" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Environment" = "dev"
          + "Name"        = "postgresql"
          + "Owner"       = "user"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_route.public_internet_gateway[0] will be created
  + resource "aws_route" "public_internet_gateway" {
      + destination_cidr_block = "0.0.0.0/0"
      + gateway_id             = (known after apply)
      + id                     = (known after apply)
      + instance_id            = (known after apply)
      + instance_owner_id      = (known after apply)
      + network_interface_id   = (known after apply)
      + origin                 = (known after apply)
      + route_table_id         = (known after apply)
      + state                  = (known after apply)

      + timeouts {
          + create = "5m"
        }
    }

  # module.vpc.aws_route_table.private[0] will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private"
          + "Owner"       = "user"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table.public[0] will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public"
          + "Owner"       = "user"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table_association.database[0] will be created
  + resource "aws_route_table_association" "database" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.database[1] will be created
  + resource "aws_route_table_association" "database" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.database[2] will be created
  + resource "aws_route_table_association" "database" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[0] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[1] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private[2] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[0] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[1] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public[2] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_subnet.database[0] will be created
  + resource "aws_subnet" "database" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.7.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1a"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1a"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.database[1] will be created
  + resource "aws_subnet" "database" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.8.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1b"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1b"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.database[2] will be created
  + resource "aws_subnet" "database" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.9.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1c"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-db-us-east-1c"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.private[0] will be created
  + resource "aws_subnet" "private" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.3.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1a"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1a"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.private[1] will be created
  + resource "aws_subnet" "private" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.4.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1b"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1b"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.private[2] will be created
  + resource "aws_subnet" "private" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.5.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1c"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-private-us-east-1c"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.public[0] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.0.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1a"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1a"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.public[1] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1b"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1b"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1b"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_subnet.public[2] will be created
  + resource "aws_subnet" "public" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "us-east-1c"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.99.2.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = true
      + owner_id                        = (known after apply)
      + tags                            = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1c"
          + "Owner"       = "user"
        }
      + tags_all                        = {
          + "Environment" = "dev"
          + "Name"        = "postgresql-public-us-east-1c"
          + "Owner"       = "user"
        }
      + vpc_id                          = (known after apply)
    }

  # module.vpc.aws_vpc.this[0] will be created
  + resource "aws_vpc" "this" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.99.0.0/18"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = false
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Environment" = "dev"
          + "Name"        = "postgresql"
          + "Owner"       = "user"
        }
      + tags_all                         = {
          + "Environment" = "dev"
          + "Name"        = "postgresql"
          + "Owner"       = "user"
        }
    }

Plan: 49 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + this_rds_cluster_endpoint           = (known after apply)
  + this_rds_cluster_id                 = (known after apply)
  + this_rds_cluster_instance_endpoints = [
      + (known after apply),
      + (known after apply),
    ]
  + this_rds_cluster_instance_ids       = [
      + (known after apply),
      + (known after apply),
    ]
  + this_rds_cluster_master_password    = (sensitive value)
  + this_rds_cluster_master_username    = (sensitive value)
  + this_rds_cluster_port               = 5432
  + this_rds_cluster_reader_endpoint    = (known after apply)
  + this_rds_cluster_resource_id        = (known after apply)
  + this_security_group_id              = (known after apply)

@missioncloud
Copy link

Same here!

data "aws_s3_bucket_object" "create_r53_cname_hash" {
  bucket = aws_s3_bucket.lambdas.bucket
  key    = trimprefix(yamldecode(file("/tmp/create-route53-cname.yml"))["Resources"]["Function"]["Properties"]["CodeUri"], "s3://${aws_s3_bucket.lambdas.bucket}/")
  depends_on = [null_resource.upload_create_r53_lambda]
}

resource "null_resource" "upload_create_r53_lambda" {
  triggers = {
    function_contents = filemd5("${path.module}/../../../lambda/create-route53-cname/function.py")
  }

  provisioner "local-exec" {
    command = <<EOF
sam package --s3-bucket ${aws_s3_bucket.lambdas.bucket} --s3-prefix CreateRoute53CNAME \
-t ${path.module}/../../../lambda/create-route53-cname/template.yml \
--debug --region ${data.aws_region.current.name} \
--output-template-file /tmp/create-route53-cname.yml
EOF
  }

  depends_on = [aws_s3_bucket.lambdas]
}

resource "aws_lambda_function" "create_r53_cname" {
  function_name = "CreateRoute53CNAME"
  role          = aws_iam_role.route53_lambda.arn
  s3_bucket = aws_s3_bucket.lambdas.bucket
  s3_key = data.aws_s3_bucket_object.create_r53_cname_hash.key
  source_code_hash = data.aws_s3_bucket_object.create_r53_cname_hash.body
  handler       = "function.lambda_handler"
  runtime = "python3.8"

  environment {
    variables = {
      ENV = terraform.workspace
    }
  }

  tags = local.global_tags
  depends_on = [null_resource.upload_create_r53_lambda, data.aws_s3_bucket_object.create_r53_cname_hash]
}

PLAN

❯ tf plan -target data.aws_iam_policy_document.trust_lambda -target data.aws_region.current -target data.aws_s3_bucket_object.create_r53_cname_hash -target aws_iam_role.route53_lambda -target aws_lambda_function.create_r53_cname -target aws_s3_bucket.lambdas -target null_resource.upload_create_r53_lambda -out lambda.tf.plan
aws_s3_bucket.lambdas: Refreshing state... [id=policymap-lambdas20210512022937079100000002]
aws_iam_role.route53_lambda: Refreshing state... [id=terraform-20210512022937078800000001]
null_resource.upload_create_r53_lambda: Refreshing state... [id=3423314569226036676]
aws_lambda_function.create_r53_cname: Refreshing state... [id=CreateRoute53CNAME]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_s3_bucket_object.create_r53_cname_hash will be read during apply
  # (config refers to values not yet known)
 <= data "aws_s3_bucket_object" "create_r53_cname_hash"  {
      + body                          = (known after apply)
      ~ bucket_key_enabled            = false -> (known after apply)
      + cache_control                 = (known after apply)
      + content_disposition           = (known after apply)
      + content_encoding              = (known after apply)
      + content_language              = (known after apply)
      ~ content_length                = 9076 -> (known after apply)
      ~ content_type                  = "binary/octet-stream" -> (known after apply)
      ~ etag                          = "0c1996e47e57b8b25003ae534b603fb5" -> (known after apply)
      + expiration                    = (known after apply)
      + expires                       = (known after apply)
      ~ id                            = "policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a" -> (known after apply)
      ~ last_modified                 = "Wed, 12 May 2021 02:47:12 UTC" -> (known after apply)
      ~ metadata                      = {} -> (known after apply)
      + object_lock_legal_hold_status = (known after apply)
      + object_lock_mode              = (known after apply)
      + object_lock_retain_until_date = (known after apply)
      ~ server_side_encryption        = "AES256" -> (known after apply)
      + sse_kms_key_id                = (known after apply)
      ~ storage_class                 = "STANDARD" -> (known after apply)
      ~ tags                          = {} -> (known after apply)
      + version_id                    = (known after apply)
      + website_redirect_location     = (known after apply)
        # (2 unchanged attributes hidden)
    }

  # aws_lambda_function.create_r53_cname will be updated in-place
  ~ resource "aws_lambda_function" "create_r53_cname" {
        id                             = "CreateRoute53CNAME"
      ~ last_modified                  = "2021-05-12T02:53:49.507+0000" -> (known after apply)
      ~ source_code_hash               = "748Qi76r0AcDuO4raBpUGlY6D/n1ULX7NUgfO64SyOQ=" -> (known after apply)
        tags                           = {
            "Terraform"           = "true"
            "Terraform.Workspace" = "default"
        }
        # (17 unchanged attributes hidden)


        # (2 unchanged blocks hidden)
    }

  # null_resource.upload_create_r53_lambda must be replaced
-/+ resource "null_resource" "upload_create_r53_lambda" {
      ~ id       = "3423314569226036676" -> (known after apply)
      ~ triggers = { # forces replacement
          ~ "function_contents" = "07932e6eb48fe68ae84d74e5b9e9f246" -> "2702955807b7396a566ff4caed2e7e09"
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

Changes to Outputs:
  ~ create_r53_cname_hash = {
      ~ body                          = null -> (known after apply)
      ~ bucket_key_enabled            = false -> (known after apply)
      ~ cache_control                 = "" -> (known after apply)
      ~ content_disposition           = "" -> (known after apply)
      ~ content_encoding              = "" -> (known after apply)
      ~ content_language              = "" -> (known after apply)
      ~ content_length                = 9076 -> (known after apply)
      ~ content_type                  = "binary/octet-stream" -> (known after apply)
      ~ etag                          = "0c1996e47e57b8b25003ae534b603fb5" -> (known after apply)
      ~ expiration                    = "" -> (known after apply)
      ~ expires                       = "" -> (known after apply)
      ~ id                            = "policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a" -> (known after apply)
      ~ last_modified                 = "Wed, 12 May 2021 02:47:12 UTC" -> (known after apply)
      ~ metadata                      = {} -> (known after apply)
      ~ object_lock_legal_hold_status = "" -> (known after apply)
      ~ object_lock_mode              = "" -> (known after apply)
      ~ object_lock_retain_until_date = "" -> (known after apply)
      ~ server_side_encryption        = "AES256" -> (known after apply)
      ~ sse_kms_key_id                = "" -> (known after apply)
      ~ storage_class                 = "STANDARD" -> (known after apply)
      ~ tags                          = {} -> (known after apply)
      ~ version_id                    = "" -> (known after apply)
      ~ website_redirect_location     = "" -> (known after apply)
        # (3 unchanged elements hidden)
    }
╷
│ Warning: Resource targeting is in effect
│ 
│ You are creating a plan with the -target option, which means that the result of this plan may not represent all of the changes requested by the current configuration.
│               
│ The -target option is not for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part of an error message.
╵

APPLY

❯ tf apply lambda.tf.plan
null_resource.upload_create_r53_lambda: Destroying... [id=3423314569226036676]
null_resource.upload_create_r53_lambda: Destruction complete after 0s
null_resource.upload_create_r53_lambda: Creating...
null_resource.upload_create_r53_lambda: Provisioning with 'local-exec'...
null_resource.upload_create_r53_lambda (local-exec): Executing: ["/bin/sh" "-c" "sam package --s3-bucket policymap-lambdas20210512022937079100000002 --s3-prefix CreateRoute53CNAME \\\n-t ./../../../lambda/create-route53-cname/template.yml \\\n--debug --region us-east-1 \\\n--output-template-file /tmp/create-route53-cname.yml\n"]
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,528 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,528 | Telemetry endpoint configured to be https://aws-serverless-tools-telemetry.us-west-2.amazonaws.com/metrics
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:14,529 | Sending Telemetry: {'metrics': [{'templateWarning': {'requestId': '262ab576-5ad0-4dd8-9098-728df1af6301', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'warningName': 'CodeDeployWarning', 'warningCount': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,023 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,024 | Sending Telemetry: {'metrics': [{'templateWarning': {'requestId': 'ed1a42aa-750d-437b-95ec-a5249ab6da3c', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'warningName': 'CodeDeployConditionWarning', 'warningCount': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | Using config file: samconfig.toml, config environment: default
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | Expand command line arguments to:
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:15,500 | --template_file=/Users/avalle/development/bitbucket/policymap/infrastructure/lambda/create-route53-cname/template.yml --s3_bucket=policymap-lambdas20210512022937079100000002 --s3_prefix=CreateRoute53CNAME --output_template_file=/tmp/create-route53-cname.yml
null_resource.upload_create_r53_lambda (local-exec): Uploading to CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b  9088 / 9088  (100.00%)
null_resource.upload_create_r53_lambda (local-exec): Successfully packaged artifacts and wrote output template to file /tmp/create-route53-cname.yml.
null_resource.upload_create_r53_lambda (local-exec): Execute the following command to deploy the packaged template
null_resource.upload_create_r53_lambda (local-exec): sam deploy --template-file /tmp/create-route53-cname.yml --stack-name <YOUR STACK NAME>


null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:16,481 | Sending Telemetry: {'metrics': [{'commandRun': {'requestId': '44f29ed2-13b0-4235-8668-074f20743b64', 'installationId': '7f3eb4fa-f246-4b4b-8c50-0edcd0151638', 'sessionId': '61b345d2-7773-4118-81ee-21943b4ec77f', 'executionEnvironment': 'CLI', 'ci': False, 'pyversion': '3.8.9', 'samcliVersion': '1.22.0', 'awsProfileProvided': False, 'debugFlagProvided': True, 'region': 'us-east-1', 'commandName': 'sam package', 'duration': 1953, 'exitReason': 'success', 'exitCode': 0}}]}
null_resource.upload_create_r53_lambda (local-exec): 2021-05-11 22:59:16,942 | HTTPSConnectionPool(host='aws-serverless-tools-telemetry.us-west-2.amazonaws.com', port=443): Read timed out. (read timeout=0.1)
null_resource.upload_create_r53_lambda: Creation complete after 3s [id=6223747194174285962]
data.aws_s3_bucket_object.create_r53_cname_hash: Reading... [id=policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a]
data.aws_s3_bucket_object.create_r53_cname_hash: Read complete after 1s [id=policymap-lambdas20210512022937079100000002/CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b]
╷
│ Warning: Applied changes may be incomplete
│ 
│ The plan was created with the -target option in effect, so some changes requested in the configuration may have been ignored and the output values may not be fully updated. Run the following command to verify that
│ no other changes are pending:
│     terraform plan
│       
│ Note that the -target option is not suitable for routine use, and is provided only for exceptional situations such as recovering from errors or mistakes, or when Terraform specifically suggests to use it as part
│ of an error message.
╵
╷
│ Error: Provider produced inconsistent final plan
│ 
│ When expanding the plan for aws_lambda_function.create_r53_cname to include new values learned so far during apply, provider "registry.terraform.io/hashicorp/aws" produced an invalid new value for .s3_key: was
│ cty.StringVal("CreateRoute53CNAME/56341e34fd3536312881cd0f2aa2aa6a"), but now cty.StringVal("CreateRoute53CNAME/2aa112fb39ea7cd26a93885237213e0b").
│ 
│ This is a bug in the provider, which should be reported in the provider's own issue tracker.

TF Version

❯ tf version
Terraform v0.15.1
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.37.0
+ provider registry.terraform.io/hashicorp/null v3.1.0

Your version of Terraform is out of date! The latest version
is 0.15.3. You can update by downloading from https://www.terraform.io/downloads.html

@Sebbo94BY
Copy link

Sebbo94BY commented Nov 30, 2022
edited
Loading

Are there any updates regarding this issue? Still waiting for a fix. :-/

@justinretzolk justinretzolk mentioned this issue Mar 15, 2023
Closed
@el-chazmo
Copy link

Still facing this in 2023 did anyone ever solve this? Thanks in advance

@justinretzolk
Copy link
Member

Hi all 👋 I believe this may have been resolved with #31887 in version 5.32.0 of the provider. It may be worth testing with that version to see if you're still experiencing this behavior.

@justinretzolk justinretzolk added the waiting-response Maintainers are waiting on response from community or contributor. label Feb 15, 2024
@justinretzolk
Copy link
Member

Since we haven't heard back, I'm going to close this issue. If you're still having trouble, please feel free to open a new issue, referencing this one for context as needed.

@justinretzolk justinretzolk closed this as not planned Won't fix, can't repro, duplicate, stale Nov 11, 2024
@github-actions GitHub Actions
Copy link

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot removed the waiting-response Maintainers are waiting on response from community or contributor. label Nov 11, 2024
@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/lambda Issues and PRs that pertain to the lambda service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@bflad @Sebbo94BY @el-chazmo @jkucan @justinretzolk @missioncloud @JimBeam2019 @ZsoltPath @intechops6