SNS Topic Subscription delete/create failure when resource name is changed

[ChernikovP]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

bos-pchernikov-mac:tf-sandbox pchernikov$ terraform -v
2019/11/19 10:02:41 [INFO] Terraform version: 0.12.12  
2019/11/19 10:02:41 [INFO] Go runtime version: go1.13.1
2019/11/19 10:02:41 [DEBUG] found provider "terraform-provider-aws_v2.37.0_x4"
2019/11/19 10:02:41 [DEBUG] found valid plugin: "aws", "2.37.0", "/Users/pchernikov/Desktop/tf-sandbox/.terraform/plugins/darwin_amd64/terraform-provider-aws_v2.37.0_x4"
+ provider.aws v2.37.0

Affected Resource(s)

• aws_sns_topic_subscription

Terraform Configuration Files

provider "aws" {
  region = "us-east-2"
}

resource "aws_sns_topic" "foo_bar" {
  name = "foo_bar"
}

resource "aws_sns_topic_subscription" "foo_bar" {
  topic_arn              = "${aws_sns_topic.foo_bar.arn}"
  protocol               = "https"
  endpoint               = "<pagerduty_endpoint>"
  endpoint_auto_confirms = true
}

Steps to Reproduce

1. terraform apply
2. Change aws_sns_topic_subscription from "foo_bar" to "foo_bar_sub"
3. terraform apply

Expected Behavior

No errors

Actual Behavior

aws_sns_topic_subscription.foo_bar: Destroying... [id=arn:aws:sns:us-east-2:187619804665:foo_bar:32190f7a-1a5d-40b5-b0ec-bf3c7b7c6f94]
aws_sns_topic_subscription.foo_bar_sub: Creating...
aws_sns_topic_subscription.foo_bar: Destruction complete after 0s
aws_sns_topic_subscription.foo_bar_sub: Still creating... [10s elapsed]
aws_sns_topic_subscription.foo_bar_sub: Still creating... [20s elapsed]
aws_sns_topic_subscription.foo_bar_sub: Still creating... [30s elapsed]
aws_sns_topic_subscription.foo_bar_sub: Still creating... [40s elapsed]
aws_sns_topic_subscription.foo_bar_sub: Still creating... [50s elapsed]
aws_sns_topic_subscription.foo_bar_sub: Still creating... [1m0s elapsed]
Error: Error fetching subscriptions for SNS topic arn:aws:sns:us-east-2:187619804665:foo_bar: Error finding subscription for topic arn:aws:sns:us-east-2:187619804665:foo_bar with endpoint <pagerduty_endpoint> and protocol https

  on main.tf line 9, in resource "aws_sns_topic_subscription" "foo_bar_sub":
   9: resource "aws_sns_topic_subscription" "foo_bar_sub" {

Debug Output

https://gist.github.com/ChernikovP/985339d5c730481cb87dcc4de54ba6a3

[ChernikovP]

Similar erroneous behavior to #10473, but different final error.

[ChernikovP]

The same behavior is observed with latest versions of terraform and aws provider:

Terraform v0.12.16
+ provider.aws v2.39.0

[ewbankkit]

@ChernikovP Thanks for raising this issue.
As the new resource has a new name, Terraform will treat the old and new resources as being independent and will act on them in parallel, destroying the old SNS subscription and creating the new in parallel and effectively a race condition is being hit.
See https://discuss.hashicorp.com/t/destroy-before-create/3980 for some details.
The way I would approach such a resource renaming would be to use the terraform state mv CLI command to rename the resource in state and then rename in the HCL code.
See also #14394 for a discussion of other thought around resource uniqueness.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!