aws_db_instance: failed RDS ListTagsForResource retrieving tags by invalid ARN

[mpon]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.7 / terraform-provider-aws v1.27.0

Affected Resource(s)

• aws_db_instance

Terraform Configuration Files

resource "aws_db_instance" "db" {
  identifier        = "example"
  allocated_storage = 100
  engine            = "mysql"
  engine_version    = "5.6.34"
  instance_class    = "db.r3.large"
  name              = "exampledb"
  username          = "example"
  password          = "password"

  vpc_security_group_ids = [
    "${aws_security_group.example.id}",
  ]

  publicly_accessible     = false
  db_subnet_group_name    = "${aws_db_subnet_group.example.id}"
  parameter_group_name    = "${aws_db_parameter_group.example.id}"
  storage_type            = "gp2"
  multi_az                = "true"
  backup_retention_period = "7"
  backup_window           = "18:00-18:30"
  skip_final_snapshot     = true
}

Debug Output

2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: POST / HTTP/1.1
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Host: rds.ap-northeast-1.amazonaws.com
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: User-Agent: aws-sdk-go/1.14.24 (go1.9.2; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.11.7
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Content-Length: 185
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Authorization: AWS4-HMAC-SHA256 Credential=A************/20180718/ap-northeast-1/rds/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=*****************
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: X-Amz-Date: 20180718T024703Z
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Accept-Encoding: gzip
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Action=ListTagsForResource&ResourceName=arn%3Aaws%3Ards%3Aap-northeast-1%3A4**********7%3Adb%3Aarn%3Aaws%3Ards%3Aap-northeast-1%3A4**********7%3Adb%3Aexample&Version=2014-10-31
2018-07-18T11:47:03.492+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: -----------------------------------------------------
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: 2018/07/18 11:47:03 [DEBUG] [aws-sdk-go] DEBUG: Response rds/ListTagsForResource Details:
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: ---[ RESPONSE ]--------------------------------------
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: HTTP/1.1 404 Not Found
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Connection: close
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Content-Length: 408
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Content-Type: text/xml
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: Date: Wed, 18 Jul 2018 02:47:03 GMT
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: X-Amzn-Requestid: f2cbd542-f402-463f-8146-15b8b1f8e1ef
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: -----------------------------------------------------
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: 2018/07/18 11:47:03 [DEBUG] [aws-sdk-go] <ErrorResponse xmlns="http://rds.amazonaws.com/doc/2014-10-31/">
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:   <Error>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:     <Type>Sender</Type>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:     <Code>DBInstanceNotFound</Code>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:     <Message>Could not find a DB Instance matching the resource name: arn:aws:rds:ap-northeast-1:4**********7:db:arn:aws:rds:ap-northeast-1:4**********7:db:example</Message>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:   </Error>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4:   <RequestId>f2cbd542-f402-463f-8146-15b8b1f8e1ef</RequestId>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: </ErrorResponse>
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: 2018/07/18 11:47:03 [DEBUG] [aws-sdk-go] DEBUG: Validate Response rds/ListTagsForResource failed, not retrying, error DBInstanceNotFound: Could not find a DB Instance matching the resource name: arn:aws:rds:ap-northeast-1:4**********7:db:arn:aws:rds:ap-northeast-1:4**********7:db:example
2018-07-18T11:47:03.656+0900 [DEBUG] plugin.terraform-provider-aws_v1.27.0_x4: 	status code: 404, request id: f2cbd542-f402-463f-8146-15b8b1f8e1ef
2018/07/18 11:47:03 [ERROR] root: eval: *terraform.EvalRefresh, err: aws_db_instance.example: Error retrieving tags for ARN: arn:aws:rds:ap-northeast-1:4**********7:db:arn:aws:rds:ap-northeast-1:4**********7:db:example

Panic Output

Expected Behavior

terraform plan exit successfully.

d.Id() has been set AWS RDS full arn, so this arn.Arn will be invalid like arn:aws:rds:ap-northeast-1:4**********7:db:arn:aws:rds:ap-northeast-1:4**********7:db:example.
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_db_instance.go#L1030

Actual Behavior

* aws_db_instance.example: aws_db_instance.example: Error retrieving tags for ARN: arn:aws:rds:ap-northeast-1:4**********7:db:arn:aws:rds:ap-northeast-1:4**********7:db:example

Steps to Reproduce

1. terraform plan

Important Factoids

References

• Raise an error when failing to retrieve RDS instance tags #4943

[bflad]

Hi @mpon 👋 Sorry you're running into trouble.

Is your Terraform being executed across AWS accounts (e.g. assuming a role)? I have been working in this area to fix issues relating to this, both at the provider level and within certain resources.

In the case of RDS, we are manually generating the ARN when the RDS API added the ARNs in their responses at some point. Here's an example fix that I was working on yesterday (includes some other unrelated cleanup too): master...td-aws_db_instance-arn

[mpon]

Hi @bflad 😄 Thanks for your great work!

Is your Terraform being executed across AWS accounts (e.g. assuming a role)?

No, we use a normal IAM user with access key and secret key.

I think your PR #5242 looks good. So, should I close my PR #5230 ?

[bflad]

#5242 has been merged and will release with version 1.29.0 of the AWS provider, likely tomorrow. Since we generally close issues on merge, I'll do that now, but please do let us know if this doesn't solve the problem after updating. 👍

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!