DataSource aws_vpc_endpoint errors with private_dns_only_for_inbound_resolver_endpoint

[RichYoungHaven]

Terraform Core Version

1.4.6

AWS Provider Version

5.8, 5.7

Affected Resource(s)

data "aws_vpc_endpoint"

Expected Behavior

VPC Endpoint is returned as with provider ~4

Actual Behavior

Plan fails to build

Relevant Error/Panic Output Snippet

The following error is returned:

Error: setting dns_options: Invalid address to set: []string{"dns_options", "0", "private_dns_only_for_inbound_resolver_endpoint"}

  with data.aws_vpc_endpoint.k8s_infra_s3_interface,
  on _environment-local.tf line 133, in data "aws_vpc_endpoint" "k8s_infra_s3_interface":
 133: data "aws_vpc_endpoint" "k8s_infra_s3_interface" {

Terraform Configuration Files

# ################################################################################
 VPC Module
# ################################################################################

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.0.0"

  name = local.vpc_name
  cidr = local.vpc_cidr

  #Added variables to limit the changes to the VPC's
  map_public_ip_on_launch       = true
  manage_default_security_group = false
  manage_default_route_table    = false
  manage_default_network_acl    = false

  azs             = local.azs
  public_subnets  = local.public_subnets
  private_subnets = local.private_subnets

  enable_ipv6 = false

  enable_nat_gateway = true
  single_nat_gateway = true

  enable_dns_hostnames = true
  enable_dns_support   = true

  create_database_subnet_group       = true
  create_database_subnet_route_table = true

  enable_vpn_gateway = true

  enable_flow_log                                 = true
  flow_log_traffic_type                           = "REJECT"
  create_flow_log_cloudwatch_iam_role             = true
  create_flow_log_cloudwatch_log_group            = true
  flow_log_cloudwatch_log_group_retention_in_days = 7

  public_subnet_tags = {
    "kubernetes.io/cluster/${local.eks.blue.cluster_name}" : "shared"
    "kubernetes.io/cluster/${local.eks.green.cluster_name}" : "shared"
    "kubernetes.io/role/elb" : "1"
  }

  private_subnet_tags = {
    "kubernetes.io/cluster/${local.eks.blue.cluster_name}" : "shared"
    "kubernetes.io/cluster/${local.eks.green.cluster_name}" : "shared"
    "kubernetes.io/role/internal-elb" : "1"
  }

  tags = local.k8_tags
}

################################################################################
 VPC Endpoints Module
################################################################################

module "vpc_endpoints" {
  source  = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
  version = "5.0.0"

  vpc_id             = module.vpc.vpc_id
  security_group_ids = [module.security_group_internal_any.security_group_id]

  endpoints = {
    s3-gateway = {
      service         = "s3"
      service_type    = "Gateway"
      route_table_ids = flatten([module.vpc.intra_route_table_ids, module.vpc.private_route_table_ids, module.vpc.public_route_table_ids])
      tags = {
        "Name"             = "${var.module_name}-s3-gateway-endpoint"
      }
    }
    s3-interface = {
      service             = "s3"
      private_dns_enabled = true
      subnet_ids          = module.vpc.private_subnets

      tags = {
        "Name"             = "${var.module_name}-s3-interface-endpoint"
      }
    }
  }

  tags = local.k8_tags
}

################################################################################
Data Source
################################################################################

data "aws_vpc_endpoint" "k8s_infra_s3_gateway" {
  vpc_id = data.aws_vpc.k8s_infra.id
  id     = "<VPCE Id goes here>" # k8s-infra s3 gateway endpoint
}

Steps to Reproduce

1. Create a VPC
2. Create an S3 endpoint (gateway and interface) with private_dns_enabled and private_dns_only_for_inbound_resolver_endpoint enabled
3. Create a "aws_vpc_endpoint" datasource to that endpoint

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[github-actions]

This functionality has been released in v5.9.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.