Terraform-provider-aws: aws_sns_topic Invalid parameter: TopicArn

Created on 27 Sep 2017 · 8Comments · Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @smailli as hashicorp/terraform#16148. It was migrated here as a result of the provider split. The original body of the issue is below._

Hi guys!

I have a problem !!!!

When I use aws_sns_topic + aws_sns_topic_policy + aws_sns_topic_subscription and remove the configuration file, terraform returns Invalid parameter: TopicArn error.

Terraform Version

$ terraform version
Terraform v0.10.6

Prerequisite

Create two SQS named SQS_NAME0 and SQS_NAME1

Terraform Configuration Files

modules/aws/test/main.tf:

resource "aws_sns_topic" "default_topic" {
  name     = "TOPIC_NAME"
}

resource "aws_sns_topic_policy" "default_policy" {
  depends_on = ["aws_sns_topic.default_topic"]
  arn = "${aws_sns_topic.default_topic.arn}"
  policy = <<POLICY
{
  "Version": "2008-10-17",
  "Id": "__default_policy_ID",
  "Statement": [
    {
      "Sid": "__default_statement_ID",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": [
        "SNS:GetTopicAttributes",
        "SNS:SetTopicAttributes",
        "SNS:AddPermission",
        "SNS:RemovePermission",
        "SNS:DeleteTopic",
        "SNS:Subscribe",
        "SNS:ListSubscriptionsByTopic",
        "SNS:Publish",
        "SNS:Receive"
      ],
      "Resource": "${aws_sns_topic.default_topic.arn}",
      "Condition": {
        "StringEquals": {
          "AWS:SourceOwner": "000000000000"
        }
      }
    }
  ]
}
POLICY
}

resource "aws_sns_topic_subscription" "default_topic_subscription" {
  count = "2"
  depends_on = ["aws_sns_topic.default_topic"]
  topic_arn = "${aws_sns_topic.default_topic.arn}"
  protocol  = "sqs"
  endpoint  = "arn:aws:sqs:us-west-2:000000000000:SQS_NAME${count.index}"
}

Environment

In environment directory create a module file

environment/test.tf:

module "sns-test" {
  source = "../../modules/aws/test"
}

Reproduce

$ terraform apply -target=module.sns-test
$ rm test.tf
$ terraform apply -target=module.sns-test

aws_sns_topic.default_topic: Refreshing state... (ID: arn:aws:sns:us-west-2:000000000000:TOPIC_NAME)
Error refreshing state: 1 error(s) occurred:

* module.sns-test.aws_sns_topic.default_topic: aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn
        status code: 400, request id: xxxxxxxx-yyyy-zzzz-xxxx-zzzzzzzzzzzz

When I run terraform destroy -target=module.sns-test this execution return OK.

But, if I remove the config file, returns Invalid parameter: TopicArn

bug servicsns

Source

hashibot

👍8

Most helpful comment

This is still an issue and I am seeing it when trying to deploy across regions+ across profiles.

Sample Code:

variable region {}
variable profile {}

provider "aws" {
  region                  = "${var.region}"
  shared_credentials_file = "/Users/tf_user/.aws/creds"
  profile                 = "${var.profile}"
}

resource "aws_sns_topic" "default_topic" {
  name = "topic-name"
}

Steps I took:

Set region = us-east-1
profile = dev
Run Terraform Apply
The topic is deployed successfully to east

Set region = us-west-1
profile = dev
Run Terraform Apply
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
A similar error appears and the topic doesn't get created

Next going to the Prod region:
Set region = us-east-1
profile = prod
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
Topic doesn't get created

Set region = us-west-1
profile = prod
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
Topic doesn't get created

Whatever the first region/profile you deploy in is what terraform sets as the default for ALL sns topic creation and it doesn't matter if you change the region/profile in your provider it only will create things in the first region/profile combination provided.
I would expect to be able to deploy with the same topic name in both east/west and dev/prod AWS environments as that is how terraform works for most other resources. Even if I switched topicname to be "test_topic_east" and "test_topic_west" it didn't make a difference. It seems terraform is ignoring all of this (provider region/profile and any subsequent topic names) and just reading directly from the terraform state of the first topic that was set up.
Could someone from the team look into this issue as it is still present in 2019 and it was opened in 2017.

Phansa on 29 Mar 2019

👍19

All 8 comments

May be related to a misconfigured region
https://github.com/boto/boto3/issues/646

Hashfyre on 18 Oct 2017

👍6

FYI terraform state rm helped me to get rid of some orphaned non existing resource and this Invalid parameter: TopicArn error.

jmisur on 25 Feb 2019

👍3 👎1

This is still an issue and I am seeing it when trying to deploy across regions+ across profiles.

Sample Code:

variable region {}
variable profile {}

provider "aws" {
  region                  = "${var.region}"
  shared_credentials_file = "/Users/tf_user/.aws/creds"
  profile                 = "${var.profile}"
}

resource "aws_sns_topic" "default_topic" {
  name = "topic-name"
}

Steps I took:

Set region = us-east-1
profile = dev
Run Terraform Apply
The topic is deployed successfully to east

Set region = us-west-1
profile = dev
Run Terraform Apply
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
A similar error appears and the topic doesn't get created

Next going to the Prod region:
Set region = us-east-1
profile = prod
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
Topic doesn't get created

Set region = us-west-1
profile = prod
aws_sns_topic.default_topic: InvalidParameter: Invalid parameter: TopicArn\
Topic doesn't get created

Phansa on 29 Mar 2019

👍19

We are also now experiencing this in our setup.

MysticalMount on 5 Dec 2019

👍1

For me I update region in lambda function and its worked.
AWS.config.update({region: 'us-west-2'});

Adiii717 on 12 Dec 2019

As @Hashfyre mentioned above, this may be related to misconfigured region - that happened to be the case for me as well.

Ensure that the region you're using for the AWS provider is the region that the SNS topic in question resides in. The error message is misleading - the SNS topic ARN may be valid, but it may just be in a different region.

MarkVLK on 4 Feb 2020

This is still a problem for me, and it is not related to a mis-configured region.

Please see this gist

It involves an SNS topic I create, identified in the output as "aws_sns_topic.jambonz-sns-topic".

I perform the following steps:

terraform apply - successfully creates SNS topic and other infrastructure
terraform show - shows that the SNS topic was successfully created
terraform state list - shows that the SNS topic is in state
terraform destroy - fails with Invalid parameter: TopicArn

Any idea what the problem is?

davehorton on 2 Jun 2020

@Adiii717 how and where do you execute the lambda function?

trajano on 10 Aug 2020

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Plans to support more custom endpoints in provider AWS (lambda, apigateway, ...)

hashibot · 3Comments

On plan, redrive_policy is always marked as modified

hashibot · 3Comments

aws_alb_target_group_attachment does not support list for target_id

hashibot · 3Comments

Failed to destroy AWS node with volume: * aws_volume_attachment.jenkins_disk_attachment: Error waiting for Volume (vol-XXXX) to detach from Instance: i-XXXXX

hashibot · 3Comments

aws_security_group: revoke_rules_on_delete conflict with 'terraform plan'

carmas · 3Comments