-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in using data source aws_ec2_managed_prefix_list and filter from a list of many prefix list ids in Managed prefix lists #26004
Comments
Hey @arunsandu 👋 Thank you for taking the time to raise this! I used your example configuration and was able to retrieve the data as expected. With that in mind, I took a look at Cloudtrail after the fact and noticed something about the log. In my cased, this showed up in Cloudtrail as: "requestParameters": {
"DescribeManagedPrefixListsRequest": {
"Filter": [
{
"Value": {
"tag": 1,
"content": "com.amazonaws.global.cloudfront.origin-facing"
},
"tag": 1,
"Name": "prefix-list-name"
},
{
"Value": {
"tag": 1,
"content": "AWS"
},
"tag": 2,
"Name": "owner-id"
}
]
}
}, I noticed that in your Cloudtrail log, the |
@justinretzolk, I'm a peer of @arunsandu, I think that is a typo. Looking at the cloudtrail log I have the following (sanitzied) {
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "XXXXXX:XXXXX",
"arn": "arn:aws:sts::XXXXXX:assumed-role/XXXXX/XXXXX",
"accountId": "XXXXXX",
"accessKeyId": "XXXXXX",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "XXXXXX",
"arn": "arn:aws:iam::XXXXX:role/XXXXXX",
"accountId": "XXXXX",
"userName": "XXXXX"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2022-07-28T12:01:01Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2022-07-28T12:03:17Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "DescribeManagedPrefixLists",
"awsRegion": "us-east-1",
"sourceIPAddress": "xxxxxxxxx",
"userAgent": "APN/1.0 HashiCorp/1.0 Terraform/1.2.5 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.57 (go1.17.12; darwin; amd64)",
"requestParameters": {
"DescribeManagedPrefixListsRequest": {
"Filter": [
{
"Value": {
"tag": 1,
"content": "com.amazonaws.global.cloudfront.origin-facing"
},
"tag": 1,
"Name": "prefix-list-name"
},
{
"Value": {
"tag": 1,
"content": "AWS"
},
"tag": 2,
"Name": "owner-id"
}
]
}
},
"responseElements": null,
"requestID": "xxxxxxxx",
"eventID": "xxxxxxxxx",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "xxxxxxxxx",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "ec2.us-east-1.amazonaws.com"
}
} |
my apologies, that is a typo. |
Hey @codezninja and @arunsandu 👋 Thank you for confirming that was a typo! On another inspection, I think this may be a bug, so I'm going to mark it as such so that a member of the team or community may take a look at it when possible. For whoever picks this up: The following bit of the debug includes a 2022-07-27T07:36:04.437-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2022-07-27T07:36:04.437-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: <DescribeManagedPrefixListsResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2022-07-27T07:36:04.437-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: <requestId>614274eb-4b98-46f2-9ff1-8cd879d0fe48</requestId>
2022-07-27T07:36:04.439-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: <nextToken>AYABFDzI/ZZPy+V3KN8/ZbRA8J8AAAABAAdhd3Mta21zAEthcm46YXdzOmttczp1cy1lYXN0LTE6NTU5Mjg2NTc2OTY3OmtleS8xY2MyMzEzMS1iYTIxLTQ3OTYtOWQ5Ny1jNGI4NWM4NDQ4OGUAqAECAQB4Y00ENZKPjkk6JVeIWVGcfgR3BW79lXD41cOkutJlC0gBtT1j9p6DAjoDK+WldUrQbAAAAG4wbAYJKoZIhvcNAQcGoF8wXQIBADBYBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDFqX0NH2TS4PpYshhgIBEIArRYTjKFdFpBmqTkZLSv4S6+EbWxrxrefMg4mbCw9a5Z1hF1y6SeAS5jIcuwIAAAAADAAAEAAAAAAAAAAAAAAAAABHkrhtWeDN0VJECRVFTc9g/////wAAAAEAAAAAAAAAAAAAAAEAAAIlDxsbUhEq7BGLPX6zVb/gDAFOs5bZoPs6rL3+E5JuFtwZka3b4sWvlV6NuqL3r5Y7dxX3PX44bG0l68+jKXrPDCQzmz4wGDMRmV3kJSLH4coyAs3xKRoGveJKnI5wBnytH4YpN12H26eFMcpMWNMdZwsSgS7rAqiOLbHvZ5FRDm/aHxUjcAZ28vsDqCBOPenn0rvvQF/KgHSvuRjZCafNLZS9jK3uiUFFh0i1jtqGDRY7aWeK8XX1W+N+NcPJ8YuAAGWgd8/K5wq5+5SL+GNyb20FlrxWQ9t+Xn86TsR7db4qquylsbsbPnMy/5eOsPyWKqIMO7KU9TWxAG5D4Si0Z2BtTVame9VMIQ/Nl9GoSmjcezehhmFeA0Ewiw5tdX9zSf8ShXYUp5rs7BoxDlbjDwT+VYhIk5+p2ewuKw3zBlsb0ic8uqBxudFFzrkexOdc0eR3ZbcYV0QRkDzma4ooOwartHfCJ3oOH35K6lor4KGLnZtfmfsC03yPNIZYLsi8fcpbS+K2b24soAmqsx+c2o2qkGXSTdFoRumHq0i0/Uj96ZJQyUo6S7M6ZhlIyTkqMg+7/SUdtHTdNrUSqcc1hwNet9bOIAeXBvbQGfAqoaoJVW/fjqVFz/XxZfHMwH9ahnv82sx3C+4FyVH+y+m/e5eGUPpn/Ye2OczjFwfEkf1mPQ4daP2vbnn+SMbRlJo6Al+5jjOmBIupIcG1KgB6vepzfuhBAW806ZZTRTPiWc9fklOIUQ==</nextToken>
2022-07-27T07:36:04.439-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: <prefixListSet/>
2022-07-27T07:36:04.439-0700 [DEBUG] provider.terraform-provider-aws_v4.22.0_x5: </DescribeManagedPrefixListsResponse> |
I can confirm @justinretzolk observation with the max results being 100 is the issue. I am not that experienced with the AWS APIs but I would expect that when you provide a server-side filter in the input, the results would be part of the first "page" and not the N next. Anyways that's outside of the provider's scope, other issues might be related to this. |
This functionality has been released in v4.30.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Hi there,
we are not able to use data source for aws_ec2_managed_prefix_list. please note that we have around 600 prefix list id in Managed prefix lists and tried to filter com.amazonaws.global.cloudfront.origin-facing using the prefix-list-name and got the below error.
would like to know if there are any limitations
Upon checking the cloudtrail logs, we found "responseElements": null, for one of cal we made.
Terraform CLI and Terraform AWS Provider Version
Terraform v1.2.4
provider registry.terraform.io/hashicorp/aws v4.22.0
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
Panic Output
ec2_managed_list_api_debuglog.txt
Expected Behavior
use data source for aws_ec2_managed_prefix_list and get the response
Actual Behavior
Steps to Reproduce
data.tf
terraform init
terraform plan
Important Factoids
References
The text was updated successfully, but these errors were encountered: