awscc_ecs_task_definition error with provider returned invalid result object

[jackywong-amazon]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

terraform-provider-awscc_v0.52.0_x5

Affected Resource(s)

• awscc_ecs_task_definition

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

resource "awscc_ecs_cluster" "replicate_issue" {
  cluster_name = "example-hello-world-replicate_issue"
}

resource "awscc_ecs_task_definition" "replicate_issue" {
  family                   = "helloworld"
  
  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"
  execution_role_arn        = awscc_iam_role.replicate_issue.arn
  cpu                      = 1024
  memory                   = 2048

  container_definitions = [{
    
      name      = "hello-world"
      image     = "hello-world"
      cpu       = 1024
      memory    = 2048
      essential = true
      port_mappings = [
        {
          container_Port = 80
          host_Port      = 80
        }
    ]
  
}]
depends_on = [awscc_iam_role.replicate_issue]
}

resource "awscc_iam_role" "replicate_issue" {
  role_name = "ecs_Task_ExecutionRole"
 
  assume_role_policy_document = <<EOF
    {
    "Version": "2012-10-17",
    "Statement": [
      {
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "ecs-tasks.amazonaws.com"
        },
        "Effect": "Allow",
        "Sid": ""
      }
    ]
    }
  EOF
  managed_policy_arns = ["arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"]
  
}

resource "aws_ecs_service" "replicate_issue" {
  name            = "hello-world"                          
  cluster         = awscc_ecs_cluster.replicate_issue.arn           
  task_definition = awscc_ecs_task_definition.replicate_issue.id 
  launch_type     = "FARGATE"
  desired_count   = 3 

  network_configuration {
    assign_public_ip = true
    subnets = ["${aws_default_subnet.replicate_issue_a.id}", "${aws_default_subnet.replicate_issue_b.id}", "${aws_default_subnet.replicate_issue_c.id}"]

  }
}
resource "aws_default_vpc" "this" {
}


resource "aws_default_subnet" "replicate_issue_a" {
  availability_zone = "us-east-1a"
}

resource "aws_default_subnet" "replicate_issue_b" {
  availability_zone = "us-east-1b"
}

resource "aws_default_subnet" "replicate_issue_c" {
  availability_zone = "us-east-1d"
}

Debug Output

Panic Output

Expected Behavior

ECS Definition should be created.

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_default_subnet.replicate_issue_a will be created
  + resource "aws_default_subnet" "replicate_issue_a" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_subnet.replicate_issue_b will be created
  + resource "aws_default_subnet" "replicate_issue_b" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_subnet.replicate_issue_c will be created
  + resource "aws_default_subnet" "replicate_issue_c" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "us-east-1d"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = (known after apply)
      + enable_dns64                                   = false
      + enable_lni_at_device_index                     = (known after apply)
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + existing_default_subnet                        = (known after apply)
      + force_destroy                                  = false
      + id                                             = (known after apply)
      + ipv6_cidr_block                                = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + outpost_arn                                    = (known after apply)
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags_all                                       = (known after apply)
      + vpc_id                                         = (known after apply)
    }

  # aws_default_vpc.this will be created
  + resource "aws_default_vpc" "this" {
      + arn                                  = (known after apply)
      + cidr_block                           = (known after apply)
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_classiclink                   = (known after apply)
      + enable_classiclink_dns_support       = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + existing_default_vpc                 = (known after apply)
      + force_destroy                        = false
      + id                                   = (known after apply)
      + instance_tenancy                     = (known after apply)
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags_all                             = (known after apply)
    }

  # aws_ecs_service.replicate_issue will be created
  + resource "aws_ecs_service" "replicate_issue" {
      + cluster                            = (known after apply)
      + deployment_maximum_percent         = 200
      + deployment_minimum_healthy_percent = 100
      + desired_count                      = 3
      + enable_ecs_managed_tags            = false
      + enable_execute_command             = false
      + iam_role                           = (known after apply)
      + id                                 = (known after apply)
      + launch_type                        = "FARGATE"
      + name                               = "hello-world"
      + platform_version                   = (known after apply)
      + scheduling_strategy                = "REPLICA"
      + tags_all                           = (known after apply)
      + task_definition                    = (known after apply)
      + triggers                           = (known after apply)
      + wait_for_steady_state              = false

      + network_configuration {
          + assign_public_ip = true
          + subnets          = (known after apply)
        }
    }

  # awscc_ecs_cluster.replicate_issue will be created
  + resource "awscc_ecs_cluster" "replicate_issue" {
      + arn                                = (known after apply)
      + capacity_providers                 = (known after apply)
      + cluster_name                       = "example-hello-world-replicate_issue"
      + cluster_settings                   = (known after apply)
      + configuration                      = (known after apply)
      + default_capacity_provider_strategy = (known after apply)
      + id                                 = (known after apply)
      + service_connect_defaults           = (known after apply)
      + tags                               = (known after apply)
    }

  # awscc_ecs_task_definition.replicate_issue will be created
  + resource "awscc_ecs_task_definition" "replicate_issue" {
      + container_definitions    = [
          + {
              + command                  = (known after apply)
              + cpu                      = 1024
              + depends_on               = (known after apply)
              + disable_networking       = (known after apply)
              + dns_search_domains       = (known after apply)
              + dns_servers              = (known after apply)
              + docker_labels            = (known after apply)
              + docker_security_options  = (known after apply)
              + entry_point              = (known after apply)
              + environment              = (known after apply)
              + environment_files        = (known after apply)
              + essential                = true
              + extra_hosts              = (known after apply)
              + firelens_configuration   = (known after apply)
              + health_check             = (known after apply)
              + hostname                 = (known after apply)
              + image                    = "hello-world"
              + interactive              = (known after apply)
              + links                    = (known after apply)
              + linux_parameters         = (known after apply)
              + log_configuration        = (known after apply)
              + memory                   = 2048
              + memory_reservation       = (known after apply)
              + mount_points             = (known after apply)
              + name                     = "hello-world"
              + port_mappings            = [
                  + {
                      + app_protocol         = (known after apply)
                      + container_port       = (known after apply)
                      + container_port_range = (known after apply)
                      + host_port            = (known after apply)
                      + name                 = (known after apply)
                      + protocol             = (known after apply)
                    },
                ]
              + privileged               = (known after apply)
              + pseudo_terminal          = (known after apply)
              + readonly_root_filesystem = (known after apply)
              + repository_credentials   = (known after apply)
              + resource_requirements    = (known after apply)
              + secrets                  = (known after apply)
              + start_timeout            = (known after apply)
              + stop_timeout             = (known after apply)
              + system_controls          = (known after apply)
              + ulimits                  = (known after apply)
              + user                     = (known after apply)
              + volumes_from             = (known after apply)
              + working_directory        = (known after apply)
            },
        ]
      + cpu                      = "1024"
      + ephemeral_storage        = (known after apply)
      + execution_role_arn       = (known after apply)
      + family                   = "helloworld"
      + id                       = (known after apply)
      + inference_accelerators   = (known after apply)
      + ipc_mode                 = (known after apply)
      + memory                   = "2048"
      + network_mode             = "awsvpc"
      + pid_mode                 = (known after apply)
      + placement_constraints    = (known after apply)
      + proxy_configuration      = (known after apply)
      + requires_compatibilities = [
          + "FARGATE",
        ]
      + runtime_platform         = (known after apply)
      + tags                     = (known after apply)
      + task_definition_arn      = (known after apply)
      + task_role_arn            = (known after apply)
      + volumes                  = (known after apply)
    }

  # awscc_iam_role.replicate_issue will be created
  + resource "awscc_iam_role" "replicate_issue" {
      + arn                         = (known after apply)
      + assume_role_policy_document = <<-EOT
            {
                "Version": "2012-10-17",
                "Statement": [
                  {
                    "Action": "sts:AssumeRole",
                    "Principal": {
                      "Service": "ecs-tasks.amazonaws.com"
                    },
                    "Effect": "Allow",
                    "Sid": ""
                  }
                ]
                }
        EOT
      + description                 = (known after apply)
      + id                          = (known after apply)
      + managed_policy_arns         = [
          + "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
        ]
      + max_session_duration        = (known after apply)
      + path                        = (known after apply)
      + permissions_boundary        = (known after apply)
      + policies                    = (known after apply)
      + role_id                     = (known after apply)
      + role_name                   = "ecs_Task_ExecutionRole"
      + tags                        = (known after apply)
    }

Plan: 8 to add, 0 to change, 0 to destroy.

### Actual Behavior

awscc_ecs_task_definition.replicate_issue: Creating...
2023-05-24T12:08:17.135+0800 [INFO]  Starting apply for awscc_ecs_task_definition.replicate_issue
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.816+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-05-24T12:08:23.817+0800 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].command. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].depends_on. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].disable_networking. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].dns_search_domains. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].dns_servers. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].docker_labels. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].docker_security_options. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].entry_point. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].environment. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].environment_files. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].extra_hosts. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].firelens_configuration. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].health_check. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].hostname. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].interactive. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].links. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still save
│ the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].linux_parameters. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].log_configuration. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].memory_reservation. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].mount_points. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].app_protocol. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].container_port. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own
│ repository. Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].container_port_range. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own
│ repository. Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].host_port. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].name. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].port_mappings[...].protocol. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].privileged. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].pseudo_terminal. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].readonly_root_filesystem. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].repository_credentials. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository.
│ Terraform will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].resource_requirements. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].secrets. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].start_timeout. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].stop_timeout. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].system_controls. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].ulimits. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will still
│ save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].volumes_from. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform will
│ still save the other known object values in the state.
╵
╷
│ Error: Provider returned invalid result object after apply
│ 
│ After the apply operation, the provider still indicated an unknown value for awscc_ecs_task_definition.replicate_issue.container_definitions[...].working_directory. All values must be known after apply, so this is always a bug in the provider and should be reported in the provider's own repository. Terraform
│ will still save the other known object values in the state.
╵

Steps to Reproduce

terraform apply

1. terraform apply

Important Factoids

I have used the same Terraform script with AWS Provider and create successfully.

References

• #0000

[wellsiau-aws]

Sample debug trace log

2023-06-26T17:21:50.893-0700 [DEBUG] provider.terraform-provider-awscc_v0.54.0_x5: Calling provider defined Type Validate: tf_req_id=90582d52-64f6-16ef-7863-6c27fd5dc058 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/data_value.go:81 @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_resource_type=awscc_ecs_task_definition timestamp=2023-06-26T17:21:50.891-0700
...
2023-06-26T17:21:50.893-0700 [DEBUG] provider.terraform-provider-awscc_v0.54.0_x5: Called provider defined Type Validate: @module=sdk.framework tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_req_id=90582d52-64f6-16ef-7863-6c27fd5dc058 tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/data_value.go:83 tf_resource_type=awscc_ecs_task_definition timestamp=2023-06-26T17:21:50.891-0700
...
2023-06-26T17:21:50.893-0700 [DEBUG] provider.terraform-provider-awscc_v0.54.0_x5: Value switched to prior value due to semantic equality logic: tf_resource_type=awscc_ecs_task_definition @caller=github.com/hashicorp/[email protected]/internal/fwschemadata/value_semantic_equality.go:85 tf_provider_addr=registry.terraform.io/hashicorp/awscc tf_attribute_path=container_definitions[Value({"command":<unknown>,"cpu":1024,"depends_on":<unknown>,"disable_networking":<unknown>,"dns_search_domains":<unknown>,"dns_servers":<unknown>,"docker_labels":<unknown>,"docker_security_options":<unknown>,"entry_point":<unknown>,"environment":<unknown>,"environment_files":<unknown>,"essential":true,"extra_hosts":<unknown>,"firelens_configuration":<unknown>,"health_check":<null>,"hostname":<unknown>,"image":"hello-world","interactive":<unknown>,"links":<unknown>,"linux_parameters":<unknown>,"log_configuration":<unknown>,"memory":2048,"memory_reservation":<unknown>,"mount_points":<unknown>,"name":"hello-world","port_mappings":[{"app_protocol":<unknown>,"container_port":<unknown>,"container_port_range":<unknown>,"host_port":<unknown>,"name":<unknown>,"protocol":<unknown>}],"privileged":<unknown>,"pseudo_terminal":<unknown>,"readonly_root_filesystem":<unknown>,"repository_credentials":<unknown>,"resource_requirements":<unknown>,"secrets":<unknown>,"start_timeout":<unknown>,"stop_timeout":<unknown>,"system_controls":<unknown>,"ulimits":<unknown>,"user":<unknown>,"volumes_from":<unknown>,"working_directory":<unknown>})].memory tf_req_id=90582d52-64f6-16ef-7863-6c27fd5dc058 tf_rpc=ApplyResourceChange @module=sdk.framework timestamp=2023-06-26T17:21:50.892-0700

[wellsiau-aws]

I am unable to replicate the problem when using CCAPI CLI, thus I dont thinks this is an upstream issue

[wellsiau-aws]

started to see the trend, pretty much all optional values on the container_definitions that were not defined in the Terraform configuration will throw an error.

For example if I have:

resource "awscc_ecs_task_definition" "replicate_issue" {
  family                   = "helloworld"
  
  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"
  execution_role_arn        = awscc_iam_role.replicate_issue.arn
  cpu                      = 1024
  memory                   = 2048

  container_definitions = [{
      name      = "hello-world"
      image     = "nginx"
  }]
depends_on = [awscc_iam_role.replicate_issue]
}

Then the error message will complaint about unknown values for :

• command
• cpu
• depends_on
• disable_networking
  etc

Upon inspection of the CCAPI response, I noticed that these optional values are returned as empty list:

aws cloudcontrol get-resource   --type-name AWS::ECS::TaskDefinition   --identifier "arn:aws:ecs:us-east-1:204034886740:task-definition/helloworld:8" | jq -r ".ResourceDescription.Properties" | jq "."
{
  "ExecutionRoleArn": "arn:aws:iam::204034886740:role/ecs_Task_ExecutionRole",
  "Volumes": [],
  "InferenceAccelerators": [],
  "Memory": "2048",
  "PlacementConstraints": [],
  "ContainerDefinitions": [
    {
      "ExtraHosts": [],
      "Secrets": [],
      "VolumesFrom": [],
      "Cpu": 0,
      "EntryPoint": [],
      "DnsServers": [],
      "Image": "nginx",
      "Essential": true,
      "ResourceRequirements": [],
      "EnvironmentFiles": [],
      "Name": "hello-world",
      "MountPoints": [],
      "DependsOn": [],
      "DockerLabels": {},
      "PortMappings": [],
      "DockerSecurityOptions": [],
      "SystemControls": [],
      "Command": [],
      "DnsSearchDomains": [],
      "Environment": [],
      "Links": [],
      "Ulimits": []
    }
  ],
  "Family": "helloworld",
  "Cpu": "1024",
  "RequiresCompatibilities": [
    "FARGATE"
  ],
  "NetworkMode": "awsvpc",
  "Tags": [],
  "TaskDefinitionArn": "arn:aws:ecs:us-east-1:204034886740:task-definition/helloworld:8"
}

[wellsiau-aws]

relates #811, #799

[wellsiau-aws]

Additional debug that I think is relevant

2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply
2023-07-18T22:47:27.145-0700 [ERROR] vertex "awscc_ecs_task_definition.replicate_issue" error: Provider returned invalid result object after apply

Ref: https://github.com/hashicorp/terraform/blob/main/internal/terraform/node_resource_abstract_instance.go#L2379-L2405

[ewbankkit]

Similar:

• awscc_lakeformation_principal_permissions : terraform apply error #1280
• awscc_elasticloadbalancingv2_load_balancer : Provider returned invalid result object after apply #1279
• Not able to create AWS CloudTrail resource with advanced event selector #1039
• When I apply awscc_mediaconnect_flow_source{}, the process does not finish. #811
• Lex bot creating fails due to writeOnlyProperty being expected during refresh #799
• awscc_lakeformation_principal_permissions resource.data_cells_filter GetResource error #719
• Kendra Create Index Error: Value '' at 'identifier' failed to satisfy constraint #545

[wellsiau-aws]

just a note, I tested this and it works well now, thanks @ewbankkit .

there's small typo on the config presented in this issue, where the port_mapping contains invalid attributes

resource "awscc_ecs_task_definition" "replicate_issue" {
  family                   = "helloworld"
  
  requires_compatibilities = ["FARGATE"]
  network_mode             = "awsvpc"
  execution_role_arn        = awscc_iam_role.replicate_issue.arn
  cpu                      = 1024
  memory                   = 2048

  container_definitions = [{
    
      name      = "hello-world"
      image     = "hello-world"
      cpu       = 1024
      memory    = 2048
      essential = true
      port_mappings = [
        {
          container_Port = 80 <== this should be "container_port"
          host_Port      = 80 <== this should be "host_port"
        }
    ] 
}]
depends_on = [awscc_iam_role.replicate_issue]
}