Terraform-provider-aws: Unable to create AWS DMS Replication Subnet Group

Created on 2 Aug 2018  路  4Comments  路  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @mcred as hashicorp/terraform#18584. It was migrated here as a result of the provider split. The original body of the issue is below._

Terraform Version

Terraform v0.11.7
+ provider.aws v1.29.0
+ provider.http v1.0.1

Terraform Configuration Files

resource "aws_dms_replication_subnet_group" "dms" {
  replication_subnet_group_description = "DMS Replication Subnet Group"
  replication_subnet_group_id          = "dms-repl-group"
  subnet_ids                           = ["${var.db1_subnet_id}", "${var.db2_subnet_id}"]
}

Debug Output

https://gist.github.com/mcred/859def03e1e74cd6211c0bc5e9d42f51

Expected Behavior

Create new AWS DMS Replication Subnet Group.

Actual Behavior

Creates the following error:

module.dms.aws_dms_replication_subnet_group.dms: aws_dms_replication_subnet_group.dms: InvalidParameterValueException: The parameter Filter: replication-subnet-group-id is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters, digits, and hyphens; and must not end with a hyphen or contain two consecutive hyphens.

replication_subnet_group_id follows the criteria.

Steps to Reproduce

  1. terraform plan

Additional Context

The subnet group IDs are valid and being used elsewhere in the project.

bug servicdatabasemigrationservice
Source
picture hashibot[bot]

Most helpful comment

I was able to fix the issue. Here's what happened:

Originally I used the following to create a dms replication subnet group:

resource "aws_dms_replication_subnet_group" "dms" {
  replication_subnet_group_description = "DMS Replication Subnet Group"
  replication_subnet_group_id          = "daf-repl_sub_group"
  subnet_ids                           = ["${var.db1_subnet_id}", "${var.db2_subnet_id}"]
}

The issue with this is that there are underscores for replication_subnet_group_id. So when I first ran terraform plan it did not catch this error. Then when I ran terraform apply, it tried to create the resource, but AWS rejected it. The problem is that the terraform state thought that it was created. So there was an entry in the terraform state with an id of daf-repl_sub_group. All subsequent calls plan and apply failed because AWS will reject the call.

I removed this item from the terraform state file and made sure that it was in sync with my AWS account. Then my new replication subnet group was created without issue.

picture mcred on 2 Aug 2018
👍3 🎉1

All 4 comments

Hi @mcred 馃憢 Sorry you're running into trouble here.

This error is being returned by the DMS API:

InvalidParameterValueException: The parameter Filter: replication-subnet-group-id is not a valid identifier. Identifiers must begin with a letter; must contain only ASCII letters, digits, and hyphens; and must not end with a hyphen or contain two consecutive hyphens.

Was this resource imported, potentially by ARN instead of ID? Can you run terraform state show module.dms.aws_dms_replication_subnet_group.dms on it and confirm the id attribute is not the ARN?

It just seems odd that your configuration wound up in a state where we call the API using an identifier thats invalid. We set it to replication_subnet_group_id on creation here:

https://github.com/terraform-providers/terraform-provider-aws/blob/66de157a8556910e45b6b3c95551452af9bb427b/aws/resource_aws_dms_replication_subnet_group.go#L75

And use that identifier to make the API call here:

https://github.com/terraform-providers/terraform-provider-aws/blob/9debf1a1d12ca53f44e3318c1b880d566bf17b18/aws/resource_aws_dms_replication_subnet_group.go#L86

If the ID is not an ARN, I wonder if the API response is misleading or missing some additional criteria.

bflad picture bflad on 2 Aug 2018

The response from terraform state show module.dms.aws_dms_replication_subnet_group.dms is:

id                                   = daf-repl_sub_group
replication_subnet_group_description = DMS Replication Subnet Group
replication_subnet_group_id          = daf-repl_sub_group
subnet_ids.#                         = 2
subnet_ids.1705850227                = subnet-34e8a14d
subnet_ids.2827182673                = subnet-7a4b2131

So it looks like it got created once, but returned an error. So while running subsequent plans, it fails. Odd. Let me clear it out manually, clean up the state file and try again.

mcred picture mcred on 2 Aug 2018

I was able to fix the issue. Here's what happened:

Originally I used the following to create a dms replication subnet group:

resource "aws_dms_replication_subnet_group" "dms" {
  replication_subnet_group_description = "DMS Replication Subnet Group"
  replication_subnet_group_id          = "daf-repl_sub_group"
  subnet_ids                           = ["${var.db1_subnet_id}", "${var.db2_subnet_id}"]
}

The issue with this is that there are underscores for replication_subnet_group_id. So when I first ran terraform plan it did not catch this error. Then when I ran terraform apply, it tried to create the resource, but AWS rejected it. The problem is that the terraform state thought that it was created. So there was an entry in the terraform state with an id of daf-repl_sub_group. All subsequent calls plan and apply failed because AWS will reject the call.

I removed this item from the terraform state file and made sure that it was in sync with my AWS account. Then my new replication subnet group was created without issue.

mcred picture mcred on 2 Aug 2018
👍3 🎉1

Just had the same thing happen to me. rm'ed the state then ran again with hyphen's instead of underscores in the replication_subnet_group_id and it worked, Terraform v0.12.21. Thanks @mcred !

spencerarogers picture spencerarogers on 19 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

EmmN picture EmmN  路  3Comments
hashibot picture hashibot  路  3Comments
hashibot picture hashibot  路  3Comments
gothrek22 picture gothrek22  路  3Comments
hashibot picture hashibot  路  3Comments