Terraform-provider-aws: DynamoDB: "The provided key element does not match the schema" when using aws_dynamodb_table_item with range_key
When I use aws_dynamodb_table_item with a DynamoDB table that has a range_key, then Terraform will give the error "ValidationException: The provided key element does not match the schema". I tried to use the AWS CLI and the AWS SDK (boto3) to see if the problem was in AWS itself, but the AWS CLI and SDK are working fine. Both Linux and Windows are affected. See my github repository for the tests, the terraform files and the results: https://github.com/FrederiqueRetsema/TerraformDynamoDBIssue
Look first at the example_TT directory (and read the README.md file for more information about the other directories/tests that I did)
When the range_key is commented out in the table definition, then everything works fine (but then there is, of course, no range_key defined). I also tried to create a table using the CLI or SDK and then use terraform to add a record to it, this leads to the same problem. There are no problems when Terraform creates the table and when the CLI/SDK are inserting the record.
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform version: 0.12.24
AWS provider version: 2.54.0
Affected Resource(s)
DynamoDB: aws_dynamodb_table_item
Terraform Configuration Files
#########################################################################
# VARIABLES
#########################################################################
variable "aws_access_key" {}
variable "aws_secret_key" {}
#########################################################################
# PROVIDERS
#########################################################################
provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
region = "eu-west-1"
}
#########################################################################
# RESOURCES
#########################################################################
resource "aws_dynamodb_table" "mytable" {
name = "mytable_TT"
billing_mode = "PROVISIONED"
read_capacity = 1
write_capacity = 1
hash_key = "hashKey"
range_key = "rangeKey"
attribute {
name = "hashKey"
type = "S"
}
attribute {
name = "rangeKey"
type = "S"
}
}
resource "aws_dynamodb_table_item" "mytable-item" {
table_name = aws_dynamodb_table.mytable.name
hash_key = aws_dynamodb_table.mytable.hash_key
item = <<ITEM
{
"hashKey" : {"S": "myhashkey"},
"rangeKey" : {"S": "myrangekey"},
"noKey" : {"S": "nokey"}
}
ITEM
}
Debug Output
See the output in my github repository https://github.com/FrederiqueRetsema/TerraformDynamoDBIssue .
First look in the directory example_linux_TT or example_windows_TT (this is the situation where Terraform is used for both creation of the table and adding a row).
Panic Output
N/A
Expected Behavior
The record should have been added without an error message.
The table should be deleted when terraform destroy is used
Actual Behavior
The record was added with an error message "The provided key element does not match the schema".
This error is also shown at terraform destroy, the record and the table are not deleted.
Steps to Reproduce
terraform init -var-file=../../terraform.tfvars
terraform plan -out=./terraform.tfplans -var-file=../../terraform.tfvars
terraform apply "./terraform.tfplans"
terraform destroy -var-file=../../terraform.tfvars
Important Factoids
Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? ---> No
References
FrederiqueRetsema
All 7 comments
Also tested for AWS provider version 2.55.0, same results
FrederiqueRetsema
on 28 Mar 2020
Also tested for AWS provider version 2.56.0, same results
FrederiqueRetsema
on 3 Apr 2020
Same problem here with AWS provider v2.60.0 and Terraform v0.12.24:
Error: Error retrieving DynamoDB table item: ValidationException: The provided key element does not match the schema
status code: 400, request id: O2AAUME0K4L7E876MM67NVJ9MJVV4KQNSO5AEMVJF66Q9ASUAAJG
j-fraga
on 5 May 2020
I think the issue is that the range_key attribute is missing for the aws_dynamodb_table_item. It should be:
resource "aws_dynamodb_table_item" "mytable-item" {
table_name = aws_dynamodb_table.mytable.name
hash_key = aws_dynamodb_table.mytable.hash_key
range_key = aws_dynamodb_table.mytable.range_key
item = <<ITEM
{
"hashKey" : {"S": "myhashkey"},
"rangeKey" : {"S": "myrangekey"},
"noKey" : {"S": "nokey"}
}
ITEM
}
merrygobyebye
on 21 May 2020
@merrygobyebye thank you. It solved my problem.
jaynathani-tamr
on 21 May 2020
Hi folks 👋 As mentioned above, the range_key in the aws_dynamodb_table_item resource must be configured if a range key is part of the DynamoDB Table configuration. We try to denote that in the resource documentation:
range_key- (Optional) Range key to use for lookups and identification of the item. Required if there is range key defined in the table.
Please reach out if we can improve this documentation further.
bflad
on 26 May 2020
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 25 Jun 2020
Related issues
joelittlejohn
·
3Comments
ghost
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments