launch_config fails trying to refresh ami id rotated/deleted by AWS

[ssunkari]

Terraform plan fails to run when AWS deleted any images associated to ami-id.
AWS confirmed that they only keep last 4 revisions and its possible to delete any images associated with any ami-id if they find exposed to any security risks.

Terraform is attempting to get ami details (deleted by AWS) to show the diff to the latest ami using below data filter and hence AWS returns [] for the below query
aws ec2 describe-images --image-ids ami-0e539f1b7d4260eec --profile infra-dev --region eu-west-2
{
"Images": []
}

Terraform fails with below error
aws_launch_configuration.as_launch_cfg: No images found for AMI ami-0e539f1b7d4260eec

Terraform Version

Terraform v0.12.13

Affected Resource(s)

data "aws_ami" "ami" {
most_recent = true
owners = ["${var.ami_owner}"]

filter {
name = "name"
values = ["${var.ami_name_filter}"]
}

filter {
name = "virtualization-type"
values = ["hvm"]
}
}

resource "aws_launch_configuration" "as_launch_cfg" {
name_prefix = "${var.app_name}-${var.app_environment}-lc"
image_id = "${data.aws_ami.ami.id}"
instance_type = "${var.instance_type}"
key_name = "${var.ec2_keypair}"
security_groups = ["${concat(list(data.aws_security_group.rdp_security_group.id,data.aws_security_group.http_security_group.id), var.extra_security_groups)}"]
iam_instance_profile = "${var.iam_instance_profile}"
user_data = "${data.template_file.user_data.rendered}"

root_block_device {
volume_type = "${var.root_block_device_volume_type}"
volume_size = "${var.root_block_device_volume_size}"
}

lifecycle {
create_before_destroy = true
}
}

resource "aws_autoscaling_group" "asg" {
name = "${var.app_name}-asg-${var.app_environment}"
launch_configuration = "${aws_launch_configuration.as_launch_cfg.name}"
min_size = "${var.asg_min_instances}"
max_size = "${var.asg_max_instances}"
desired_capacity = "${var.asg_desired_capacity}"
vpc_zone_identifier = ["${data.aws_subnet_ids.ec2_pvt_subnets.ids}"]
depends_on = ["aws_launch_configuration.as_launch_cfg"]

tags = ["${concat(
list(
map("key", "Provisioner", "value", "CodeDeploy", "propagate_at_launch", true),
),
var.extra_tags)
}"]

lifecycle {
create_before_destroy = true
}
}

Expected Behavior

In this case terraform should handle the fact that no images have been found for the ami_id for existing lc and should update the lc with the new ami specified.

Actual Behavior

terraform fails to run the plan when no images have been found for the ami_id for existing lc and a new ami is detected to update the launch config.

Steps to Reproduce

Create a launch Config with a ami-0e539f1b7d4260eec apply to lc to asg
Try updating the launch config with latest ami and run plan, you will get
below error
aws_launch_configuration.as_launch_cfg: No images found for AMI ami-0e539f1b7d4260eec

1. terraform plan

[iancward]

This may be a duplicate of #10182.

[andydix]

Yes, this was fixed via ticket #10182. Update the version of the AWS provider being used and that should fix this.

@ssunkari as this is quite an old post and has been resolved, are you able to close it?

[ssunkari]

@andydix cheers Andy, I haven't tested it myself but I have not seen this error most recently, guess must have been fixed. Thanks for the update. I will close the issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!