aws_availability_zones gets unavailable zones as well

[dene14]

Hi there!

I've got the problem:

• aws_subnet.private_1: Error creating subnet: InvalidParameterValue: Value (us-east-1a) for parameter availabilityZone is invalid. Subnets can currently only be created in the following availability zones: us-east-1c, us-east-1b, us-east-1d, us-east-1e.

AZ were taken by:
data.aws_availability_zones.available.names[0]
data.aws_availability_zones.available.names[1]

The problem is that Amazon names AZ individually and uniquely for every single AWS account. Also, Amazon marks some particular zones for retirement from time to time, that basically means that it's not possible to create any new instance in that zone. And new zones usually added to account. For long-lived (5 or more years old) accounts it's really common thing.

For me now it looks like "aws_availability_zones.available" doesn't really produce a list of available, thus should be considered as a bug.

Thanks!

[apparentlymart]

Hi @dene14. Sorry for the problem here.

This is working as intended but I agree that there is a missing feature here to be able to filter the availability zones by status. I think it should be possible to include an additional filter attribute in the configuration:

data "aws_availability_zones" "available" {
  status = "available"
}

[kwilczynski]

This one is a bit tricky one. I haver never really found a reliable way to detect this without running into an issue first (every time I added a new region). Different accounts get different access (depends often on per/post VPC-enabled availability zones, etc.), as you noted, and to my knowledge there is no API (unless this has changed?) that allows you to get a list of zones your account has an access too reliably e.g. filter pre-VPC and VPC-enabled zones. My older accounts get complete list, whereas new account would only get certain zones for it to use.

The data source uses the "DescribeAvailabilityZones", which is the API call used, can have a filter set to select one of the possible states for the availability zones, for example: available, information, impaired and unavailable: where, for instance, the "impaired" is often set when a zone has na outage. Perhaps setting filter "available" works for new accounts, since my old accounts get complete list, so I always manually set the list anyway.

This sadly setting a filter to e.g. "available", does not really solve the problem that most of people run into, for example:

Value (us-east-1a) for parameter availabilityZone is invalid. Subnets can currently only be created in the following  availability zones: us-east-1c, us-east-1b, us-east-1d.

People came up with a clever ways to devise which one affect them, for example: http://stackoverflow.com/questions/22744467/vpc-capable-availability-zones-in-amazon/22812138#22812138

But it does not really solve the problem for most people with tenured accounts.

[stack72]

Closed via #7965

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.