Terraform-aws-eks: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException
This problem should be related to https://github.com/terraform-providers/terraform-provider-aws/issues/7406, but this problem makes the update impossible.
With the version v5.0.0 I can't apply the changes because:
Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists
status code: 400, request id: 89b8f8a6-820d-836a2f69df1b: The CloudWatch Log Group '/aws/eks/cluster-name/cluster' already exists.
I'm submitting a...
- [X] bug report
- [ ] feature request
- [ ] support request
- [ ] kudos, thank you, warm fuzzy
What is the current behavior?
If this is a bug, how to reproduce? Please include a code sample if relevant.
What's the expected behavior?
Are you able to fix this problem and submit a PR? Link here if you have already.
Environment details
Terraform v0.12.2
provider.aws v2.16.0
- Affected module version: v5.0.0
- OS: MacOS 10.14.5
- Terraform version: v0.12.2
Any other relevant info
lucasvianna
All 5 comments
Yes it's a new resource that will clash with the one that already exists if you have logging already enabled. You can just import the resource to resolve the issue:
terraform import module.your_module.aws_cloudwatch_log_group.this "/aws/eks/cluster-name/cluster"
max-rocket-internet
on 25 Jun 2019
Whenever I run this import, I see a message for "Import complete!" and then during the refresh that runs as the second step of the import I run into #402 where I see in the output |----------------
| aws_security_group.cluster is empty tuple
| var.cluster_security_group_id is "" and a similar error with |----------------
| aws_security_group.workers is empty tuple
| var.worker_security_group_id is "" even though I am definitely passing in cluster_security_group_id and worker_security_group_id
jimmymills
on 26 Jun 2019
I am also facing similar issue. this issue is mostly related to the resources log groups created by AWS. Since terraform has no control on these resources it fails stating log group already exists. I am facing an issues with /aws/lamda/xxxxx
bagarYas
on 1 Jul 2019
@bagarYas what was the resolution? I'm facing this issue with Lambda LogGroups created automatically by the AWS API when a Lambda Function is created, trying to manage them after they were created outside of terraform. I see the message, I import them, I try again and I see the message again.
chewmanfoo
on 10 Jul 2020
If you are providing logs:CreateLogGroup permission, you are explicitly allowing AWS to create the log group under the IAM role/policy. Without that permission AWS wont actually create the log group on your behalf, and the operation would fail internally (and silently except within CloudTrail).
This does mean you need to explicitly create the correct log group in Terraform, but this is already being done, otherwise you wouldn't be seeing the error!
barneyparker
on 5 Nov 2020
Related issues
gb-ckedzierski
路
5Comments
mojochao
路
3Comments
linxcat
路
4Comments
jimmiebtlr
路
3Comments
max-rocket-internet
路
3Comments
Most helpful comment
Yes it's a new resource that will clash with the one that already exists if you have logging already enabled. You can just import the resource to resolve the issue: