Terraform-provider-aws: Applying a plan with SQS queue with attributes matching an existing queue results in an import not a creation.

Created on 10 Nov 2019 · 2Comments · Source: hashicorp/terraform-provider-aws

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.13
+ provider.aws v2.35.0

Affected Resource(s)

aws_sqs_queue

Terraform Configuration Files

resource "aws_sqs_queue" "queue" {
  name = "my-queue" # a static name not one with a prefix or suffix made unique by variable interpolation 
}

Expected Behavior

Applying this terraform in two seperate root modules that exist within the same account and region should result in an error upon the second apply due to conflicts with the resource created in the first apply in relation to the uniqueness of the name attribute.

Actual Behavior

aws_sqs_queue.queue: Creating...
aws_sqs_queue.queue: Creation complete after 1s [id=https://sqs.eu-west-1.amazonaws.com/[redacted]/my-queue]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Terraform claims the resource has been created, yet it's actually just updated the state file with the details of the existing resource. This is effectively equivalent to a terraform import.

Steps to Reproduce

Reference (via modules) or copy above code into two root modules
run terraform apply in the first root module directory
run terraform apply in the second root module directory

Alternatively step 2 could be replaced with a manual creation of the queue with same attributes & name. It does not matter how the initial queue was created, only that it exists when step 3 is executed.

Important Factoids

The reason this behaviour is observed is because the AWS API for SQS will only return a http status code of 400 for a CreateQueue request if the attributes of the requested queue do not match that of the existing. See the docs...

QueueAlreadyExists
A queue with this name already exists. Amazon SQS returns this error only if the request includes attributes whose values differ from those of the existing queue.
HTTP Status Code: 400
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html

For this reason could be argued that this is not a bug, that is if the view is taken that the terraform provider should match the AWS API in behaviour. However I believe it is a bug as it's not what I expect to happen when I run terraform. If I run an apply and it completes, I believe terraform has created all the resources (in that particular invocation) that were listed in the plan and if I then run destroy I should not need to worry that something created by someone else previously could be affected.

bug servicsqs

Source

opetch

👍8

Most helpful comment

Just ran into this issue last night. I'd be insterested in working on this myself (I've been curious to know more about the terraform codebase anyway), but probably I'd need some pointers on where to look, or even know if this something accessible to someone not familiar with the codebase?

For context, my story:
I was trying to create a dead-letter queue for an already existing queue. Accidentally, I copied the resource block, and forgot to change the name. After I saw what I did, but still hadn't fully understood what happened, I destroyed the newly created resource, which of course, deleted the original queue.
For this reason, I'd consider this a possibly dangerous behaviour