-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Re-creating aws_elasticsearch_domain loses aws_elasticsearch_domain_policy #11188
Comments
Some more details on what happened in my case... The changes I made to the aws_elasticsearch_domain which triggered the domain to be re-recreated were:
The Terraform output for the domain itself indicated that it needed to re-create the domain appropriately, but also deleted the access_policies and didn't restore them:
The Terraform output also indicated that it was blowing away my access policies:
|
Update that I've been able to consistently reproduce this problem by simply changing the |
I found a workaround, for anyone else who might encounter this problem. By removing the separate |
There's a flip-side defect associated with my workaround, in the case where I'm not destroying/re-creating my elasticsearch domain. I observe that when I simply move the policy from an external resource to inline, the policy is again completely lost from the domain. So there are two bugs here:
|
I'm seeing the same behavior, are there any updates on this by any chance? I'd much prefer sticking to using the Thanks! Small update, I have another workaround for this. Adding a data "aws_iam_policy_document" "domain_policy" {
depends_on = [aws_elasticsearch_domain.elasticache]
statement {
...
}
}
resource "aws_elasticsearch_domain_policy" "domain_policy" {
domain_name = aws_elasticsearch_domain.elasticache.domain_name
access_policies = data.aws_iam_policy_document.domain_policy.json
}
resource "aws_elasticsearch_domain" "elasticache" {
...
} Maybe this would be better off either documented or the order of running the dependencies can be handled? |
Hey y'all 👋 Thank you for taking the time to open this issue and for the additional discussion around it. Given that there's been a number of AWS provider releases since the last update, can anyone confirm whether you're still experiencing this behavior? |
The problems persists.
|
The |
I recently made changes to an aws_elasticsearch_domain which triggered terraform to recreate the domain. The domain deletion and creation was successful, but as part of this process the associated aws_elasticsearch_domain_policy was emptied out and the policy was lost. This resulted in the new domain being created in an unusable state.
Applying TF a second time successfully re-created the aws_elasticsearch_domain_policy, but this is a major problem when I push changes to a CI/CD pipeline which expects to only run Terraform once and end up in a functional state.
The text was updated successfully, but these errors were encountered: