Error creating VPC Endpoint: InvalidParameter: private-dns-enabled cannot be set because there is already a conflicting DNS domain for elasticloadbalancing.us-east-1.amazonaws.com in the VPC

[arunabellgutteramesh]

Hello Team,

I'm using TF to create endpoints to AWS services like monitoring, elastic load balancing etc. I'm creating it using something like this:

resource "aws_vpc_endpoint" "endpoints" {
  vpc_id              = var.vpc_id
  subnet_ids          = var.available_subnet_ids
  security_group_ids  = var.sg_id
  service_name        = "com.amazonaws.us-east-1.elasticloadbalancing"
  vpc_endpoint_type   = "Interface"
  private_dns_enabled = true
}

Issue

The issue is, when I re-run this bit more than once, TF throws an error saying :

Error creating VPC Endpoint: InvalidParameter: private-dns-enabled cannot be set because there is already a conflicting DNS domain for elasticloadbalancing.us-east-1.amazonaws.com in the VPC vpc-XXXXX

I understand that we cannot have more than one AWS specific VPC endpoint within a VPC (especially when we use the private DNS). So, TF should understand that this endpoint already exists (as it is stored in the state file) and just refresh state and not attempt to create one or rather just ignore this block when re-run. Is this a bug? Or am i missing something in my code that causes this issue? Any help is appreciated.

[anGie44]

Hi @arunabellgutteramesh, thank you for raising this issue. Just a couple questions for clarification to help reproduce on our end:

1. Which version of the Terraform AWS Provider are using with the config?
2. Is the configuration being re-run after an argument change that forces the new resource e.g. a change in service_name?
3. Or is the configuration being applied, then destroyed, then re-applied?

thanks in advance!

[arunabellgutteramesh]

Hi @anGie44,

1. Version is 0.12.11
2. At most the SG rules may change but not the SG itself.
3. Issue is observed on a simple apply, not destroy and apply. Destroy + apply works fine.

[ewbankkit]

There is a related issue in the Plugin SDK about resource uniqueness:

• Allow provider to define uniqueness of a resource terraform-plugin-sdk#224

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[ddresslerlegalplans]

We are still running into this issue and it looks like this issue is going to be closed soon. Is there a work around until #224 is solved?

[edupo]

We are facing this issue also. What we could find is this answer which say just to wait for the DNS record to be pruned. We are now waiting for that to happen...