error thrown upon subsequent apply of cloudwatchlogsforwarder module

[roshbhatia]

Issue Summary

Error Message

Error: error creating Serverless Application Repository CloudFormation Stack (arn:aws:cloudformation:us-east-1:$REDACTED:stack/serverlessrepo-Auto-Enable-Logs-Subscription-fk7p6hrzd8/0cb5d400-b147-11ec-b7f7-0e3a1717c7b1) change set: unexpected state 'FAILED', wanted target 'CREATE_COMPLETE'. last error: No updates are to be performed.
with module.sumologic.module.cloudwatch_logs.aws_serverlessapplicationrepository_cloudformation_stack.auto_enable_logs_subscription["auto_enable_logs_subscription"]
on .terraform/modules/sumologic.cloudwatch_logs/aws/cloudwatchlogsforwarder/cloudwatchlogsforwarder.tf line 188, in resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable_logs_subscription":

Steps to Reproduce

1. Implement cloudwatchlogsforwarder module locally.
2. Run terraform apply.
3. Verify resources exist and logs stream in.
4. Make changes to a different resource that's not a dependency.
5. Run terraform apply once more.
6. See error and frown.

Resource and Local Versions

In my module:

module "cloudwatch_logs" {
  source = "git::https://github.com/SumoLogic/terraform-sumologic-sumo-logic-integrations.git//aws/cloudwatchlogsforwarder"

  # Email used for Cloudwatch Alerts
  email_id         = var.email_id
  create_collector = true
}

Local version of tf:

infra on  main [$] via 💠 infra on ☁️  (us-east-1) on ☁️
❯ tf version
Terraform v1.1.5
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v3.75.1
+ provider registry.terraform.io/hashicorp/random v3.1.2
+ provider registry.terraform.io/hashicorp/time v0.7.2
+ provider registry.terraform.io/launchdarkly/launchdarkly v2.5.0
+ provider registry.terraform.io/mongodb/mongodbatlas v1.3.0
+ provider registry.terraform.io/sumologic/sumologic v2.14.0

[himsharma01]

Hey @roshbhatia , I'm looking at the issue. Please allow us sometime to investigate.

[himsharma01]

@roshbhatia I have looked into the issue and it is similar to one of the bug we have raised for our AWS Observability Solution[https://github.com/hashicorp/terraform-provider-aws/issues/23874] .

Problem Description

Update is failing due to a bug that “aws_serverlessapplicationrepository_cloudformation_stack” resource is not able to store values of "var.auto_enable_access_logs" (as specified in our code), on each subsequent terraform apply(s) , it detects it as change and creates a new stack-set. When the AWS API is called with a new stack-set it fails abruptly which causes the whole solution to fail while upgrading.

Alternate Approach

While we are waiting for the resolution of this issue, we have documented a work around as below:
In the file: https://github.com/SumoLogic/terraform-sumologic-sumo-logic-integrations/blob/master/aws/cloudwatchlogsforwarder/cloudwatchlogsforwarder.tf

Add the following code block in the
resource "aws_serverlessapplicationrepository_cloudformation_stack" "auto_enable_logs_subscription"

lifecycle { ignore_changes = [ parameters,tags ] }

Limitation

In the lifecycle section, we are ignoring changes in the parameter group for resource “aws_serverlessapplicationrepository_cloudformation_stack”, hence any further update to this parameter group will be ignored and respective changes cannot be made to auto-enable code.

[himsharma01]

@roshbhatia I'm closing this issue. Feel free to comment/re-open for any issues.
Thanks

[axelwass]

Im stil getting this issue. Would rather have a variable that enables the ignore changes.