aws_sns_topic_subscription resource produced new value for was present but now absent

[jochen42]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

$ terraform -v
Terraform v0.12.20

• provider.aws v2.45.0

Affected Resource(s)

• aws_sns_topic_subscription

Terraform Configuration Files

resource "aws_sns_topic_subscription" "oncall-topic-subscription" {
  endpoint               = "https://alert.examlpe.com/somehook"
  protocol               = "HTTPS"
  topic_arn              = aws_sns_topic.oncall-topic.arn
  endpoint_auto_confirms = true
}

Debug Output

Panic Output

Expected Behavior

It's happening after upgrade from Terraform 0.11 to 0.12. Since the topic_subscription is already in state, aws and there aren't any changes, the existing subscription should keep unchanged.

Actual Behavior

Terraform fails with the following message

>> #1530018634 Error:
>> #1530018634 Error: Error: Provider produced inconsistent result after apply
>> #1530018634 Error:
>> #1530018634 Error: When applying changes to aws_sns_topic_subscription.oncall-topic-subscription,
>> #1530018634 Error: provider "registry.terraform.io/-/aws" produced an unexpected new value for
>> #1530018634 Error: was present, but now absent.
>> #1530018634 Error:
>> #1530018634 Error: This is a bug in the provider, which should be reported in the provider's own
>> #1530018634 Error: issue tracker.
>> #1530018634 Error:
>> #1530018634 Error: ============================================
>> #1530018634 Error: Base path: terraform/k28s/20_infrastructure:
>> #1530018634 Error: ERROR: Terraform apply failed
>> #1530018634 Error: ============================================
2020/01/23 15:21:48 exit status 1

Steps to Reproduce

1. terraform apply

Important Factoids

References

• aws_cloudwatch_log_stream resource produced new value for was present but now absent #11611
• aws_appautoscaling_policy resource produced new value for was present but now absent #10549
• Error: Provider produced inconsistent result after apply #9987

[jochen42]

#10473, #10930

[bshilliam]

Hit the same issue. In my case it looked like it was not hitting this retry logic below when it got "pending confirmation" back initially from AWS. So it would end up failing with the same error message as above.

if strings.Contains(protocol, "http") && subscriptionHasPendingConfirmation(output.SubscriptionArn) { ...

And the reason it was skipping this was because I had protocol = "HTTPS" in my aws_sns_topic_subscription definition.

I don't know how it worked with all caps in versions < 0.12. But after changing to protocol = "https" the creation and update works fine in Terraform.

I'm thinking there should be a validation of lowercase values for protocol.

[amarouane-ABDELHAK]

@bshilliam I am having the same problem. Where did you add subscriptionHasPendingConfirmation in output.tf file?

[bshilliam]

@amarouane-ABDELHAK, only change needed was to change from protocol = "HTTPS" to protocol = "https" in my tf file.

[amarouane-ABDELHAK]

Thank you. I have protocol sqs and it is already in lowercase. so this functionsubscriptionHasPendingConfirmation is a terraform internal function?

[bshilliam]

Yea @amarouane-ABDELHAK that was in the internal logic where I found my scenario wasn't triggering properly because of the uppercase HTTP.

[MattMcKeithen]

I've also encountered a similiar issue: #12692

[ghost]

Encountered just now:

Error: Provider produced inconsistent result after apply

When applying changes to module.cloudwatch-log-metric-filters.module.server-log-filter-metric-blah.aws_cloudwatch_log_metric_filter.custom,
provider "registry.terraform.io/-/aws" produced an unexpected new value for
was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own issue tracker.

[dtns2]

Also encountered same issue when re-attaching IAM policies to an IAM role:

Error: Provider produced inconsistent result after apply

When applying changes to
module.iam_role_default.aws_iam_role_policy_attachment.iam_role_policy_attach[3],
provider "registry.terraform.io/-/aws" produced an unexpected new value for
was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

[cedriclecoz]

+1 for the attaching policy to IAM role.

[willcampbell433]

Encountering same issue when attaching policies to IAM role:

Error: Provider produced inconsistent result after apply

When applying changes to aws_iam_role_policy_attachment.db_ops_policy_attach,
provider "aws" produced an unexpected new value for was present, but now
absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

[ychenbioinfo]

Same issue when attaching policies

Error: Provider produced inconsistent result after apply

When applying changes to
aws_iam_role_policy_attachment.attach-ecs-instance-role[2], provider
"registry.terraform.io/-/aws" produced an unexpected new value for was
present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

[magnetik]

Same issue with provider 2.69.0

[dsg9321]

Faced similar issue

Error: Provider produced inconsistent result after apply

When applying changes to aws_s3_bucket_object.principal_policy, provider
"registry.terraform.io/-/aws" produced an unexpected new value for was
present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

Terraform version : 0.12.28

[kabelak]

Same issue.
Terraform: 0.12.20
AWS: 2.70.0

Error: Provider produced inconsistent result after apply
 
When applying changes to
aws_cloudwatch_metric_alarm.webserver_httpd_service[2], provider
"registry.terraform.io/-/aws" produced an unexpected new value for was
present, but now absent.
 
This is a bug in the provider, which should be reported in the provider's own
issue tracker.

[gclough]

Same issue, with the latest AWS provider:

 - Downloading plugin for provider "aws" (hashicorp/aws) 3.6.0...

$ terraform --version
Terraform v0.12.28

ERROR:

 Error: Provider produced inconsistent result after apply
 When applying changes to
 module.postgres-db.aws_cloudwatch_event_rule.auto_minor_version_upgrade[0],
 provider "registry.terraform.io/-/aws" produced an unexpected new value for
 was present, but now absent.
 This is a bug in the provider, which should be reported in the provider's own
 issue tracker.

[sannithibalaji]

faced a similar issue, but when I gave the protocol in a small case (https) it worked fine.

[ignas-sakalauskas-cko]

Just run into the same issue when trying to create cross-account SQS subscription.

[ghost]

This has been released in version 3.35.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!