Terraform imports existing aws resources when running terraform apply

[mhumeSF]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.13.3 + terraform-provider-aws_v3.20.0_x5

Affected Resource(s)

• aws_lb (that I know of)

Steps to Reproduce

Copy the configuration below to folders x and y. Run terraform apply in each folder and they both succeed and now manage the same resource. This is bad because the resource was not created in the second folder but is written to state. Any further changes to aws_lb.test in y folder will affect the aws_lb.test originally created in x folder.

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
}

data "aws_vpc" "default" {
  filter {
    name   = "tag:Name"
    values = ["default"]
  }
}

data "aws_subnet_ids" "private" {
  vpc_id = data.aws_vpc.default.id
  filter {
    name   = "tag:Name"
    values = ["*private*"]
  }
}

resource "aws_lb" "test" {
  name               = "test-lb-tf"
  internal           = false
  load_balancer_type = "network"
  subnets            = data.aws_subnet_ids.private.ids

  tags = {
    Environment = "test"
  }
}

Expected Behavior

When running terraform apply in the second folder, terraform should return an error reporting it cannot create a duplicate resource.

Actual Behavior

Terraform reports it has created the aws load balancer and writes it to state.

Important Factoids

This looks due to the aws api operation being idempotent

This operation is idempotent, which means that it completes at most one time. If you attempt to create multiple load balancers with the same settings, each call succeeds.

https://docs.aws.amazon.com/sdk-for-go/api/service/elbv2/#ELBV2.CreateLoadBalancer

[ewbankkit]

Hi @mhumeSF 👋 Thank you for submitting this and this is an excellent use case of somewhere that Terraform and the Terraform AWS Provider could be much more helpful since in many cases they have enough information to return an error upfront during planning instead of unexpected behavior during apply.

I believe this falls under the provider-wide enhancement proposal of #14394, so by adding this link here it will add a reference to that issue so we can include it as a use case when thinking about the implementation details. Since this is likely something we will want more broadly across many resources, I'm going to close this particular issue to consolidate discussions, efforts, and prioritization on the topic while the reference would serve as the cue to make this specific resource one of the initial implementations. I would suggest those 👍 upvoting and subscribing here to do so on #14394 so we can appropriately gauge interest. Please feel free to provide feedback there.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.