Terraform-provider-aws: Cannot import non-existent remote object - aws_acm_certificate

Created on 28 Jun 2019  ·  3Comments  ·  Source: hashicorp/terraform-provider-aws

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

$ terraform -v
Terraform v0.12.3
+ provider.aws v2.17.0

Affected Resource(s)

  • aws_acm_certificate

Terraform Configuration Files

provider "aws" {
  alias  = "acm_provider"
  region = "us-east-1"
}

resource "aws_acm_certificate" "cert" {
  provider          = "aws.acm_provider"
  domain_name       = "${var.domain}"
  validation_method = "DNS"
}

Debug Output

https://gist.github.com/threesquared/0cb3df0226237f4bd9467de50cdf0075

Panic Output

N/A

Expected Behavior

The certificate (which does exist) should be imported into the state.

Actual Behavior

module.web_assets.aws_acm_certificate.cert: Importing from ID "arn:aws:acm:us-east-1:AWS_ACCT_ID:certificate/CERT_ID"...
module.web_assets.aws_acm_certificate.cert: Import complete!
  Imported aws_acm_certificate
module.web_assets.aws_acm_certificate.cert: Refreshing state... [id=arn:aws:acm:us-east-1:AWS_ACCT_ID:certificate/CERT_ID]

Error: Cannot import non-existent remote object

Steps to Reproduce

  1. terraform import module.assets.aws_acm_certificate.cert arn:aws:acm:us-east-1:AWS_ACCT_ID:certificate/CERT_ID

Important Factoids

I am using aws-vault to manage credentials but have not had any issues with this before. I assume the issue is because the cloudfront certificate is in the us-east-1 region. However the provider configured for it is pointing to that region.

References

N/A

servicacm upstream-terraform
Source
picture threesquared
👍8

Most helpful comment

Hi folks 👋 Sorry you ran into trouble here.

If you are attempting to import Terraform resources that use a customized provider instead of the default (e.g. an aliased provider), you will likely need to pass in the terraform import command -provider flag, e.g.

terraform import -provider=aws.acm_provider aws_acm_certificate.cert arn:PARTITION:acm:REGION:ACCOUNTID:certificate/ID

The Terraform import process currently has limited abilities to read any existing Terraform configuration when making decisions about provider configuration such as selecting the appropriate AWS region. If you have further bug reports or feature requests for Terraform import, please note that the logic for the command lives upstream in the Terraform Core repository and issues must be filed there: https://github.com/hashicorp/terraform/issues

Thanks and hope this helps.

picture bflad on 5 Aug 2019
👍4

All 3 comments

So we figured out a small workaround. If we set the provider for the module that contains the aws_acm_certificate resource then it imports:

main.tf

provider "aws" {
  alias  = "acm_provider"
  region = "us-east-1"
}

module "assets" {
  source = "./modules/assets"

  providers = {
    aws = "aws.acm_provider"
  }
}

But then we need to pass in the original provider for any resources in the module that requires it:

modules/assets.tf

provider "aws" {
  alias = "eu-west-1"
  region = "eu-west-1"
}

data "aws_s3_bucket" "bucket" {
  provider = "aws.eu-west-1"
  bucket = "${var.bucket_name}"
}

resource "aws_acm_certificate" "cert" {
  domain_name       = "${var.domain}"
  validation_method = "NONE"
}
threesquared picture threesquared on 3 Jul 2019

Hi folks 👋 Sorry you ran into trouble here.

If you are attempting to import Terraform resources that use a customized provider instead of the default (e.g. an aliased provider), you will likely need to pass in the terraform import command -provider flag, e.g.

terraform import -provider=aws.acm_provider aws_acm_certificate.cert arn:PARTITION:acm:REGION:ACCOUNTID:certificate/ID

The Terraform import process currently has limited abilities to read any existing Terraform configuration when making decisions about provider configuration such as selecting the appropriate AWS region. If you have further bug reports or feature requests for Terraform import, please note that the logic for the command lives upstream in the Terraform Core repository and issues must be filed there: https://github.com/hashicorp/terraform/issues

Thanks and hope this helps.

bflad picture bflad on 5 Aug 2019
👍4

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 2 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments
hashibot picture hashibot  ·  3Comments
ccslamstack picture ccslamstack  ·  3Comments