I am getting the following error while trying to create an ECS cluster, at the capacity provider creation phase.
2022-01-05T09:15:20.480-0800 [INFO] plugin.terraform-provider-aws_v3.70.0_x5: 2022/01/05 09:15:20 [DEBUG] [aws-sdk-go] DEBUG: Request ecs/CreateCapacityProvider Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: ecs.us-east-1.amazonaws.com
User-Agent: APN/1.0 HashiCorp/1.0 Terraform/0.12.31 (+https://www.terraform.io) terraform-provider-aws/3.70.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.42.23 (go1.16; darwin; amd64)
Content-Length: 370
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI2AFJ6MZHHPZ2HTA/20220105/us-east-1/ecs/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=e3f52e06669323c64df6ca485fcb7fae41c6941237fb5dbb0ba6e63478a6eb28
Content-Type: application/x-amz-json-1.1
X-Amz-Date: 20220105T171520Z
X-Amz-Target: AmazonEC2ContainerServiceV20141113.CreateCapacityProvider
Accept-Encoding: gzip
{"autoScalingGroupProvider":{"autoScalingGroupArn":"arn:aws:autoscaling:us-east-1:009710336282:autoScalingGroup:2a7b4cd4-919c-4f59-b33d-bc9486033e17:autoScalingGroupName/terraform-20220105170805411900000007","managedScaling":{"maximumScalingStepSize":1000,"minimumScalingStepSize":1,"status":"ENABLED","targetCapacity":80}},"name":"app-client-capacity-provider"}
-----------------------------------------------------: timestamp=2022-01-05T09:15:20.479-0800
2022/01/05 09:15:20 [TRACE] dag/walk: vertex "aws_appautoscaling_policy.ecs_service_policy_scaling" is waiting for "aws_appautoscaling_target.ecs_service_target"
2022-01-05T09:15:21.075-0800 [INFO] plugin.terraform-provider-aws_v3.70.0_x5: 2022/01/05 09:15:21 [DEBUG] [aws-sdk-go] DEBUG: Response ecs/CreateCapacityProvider Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 500
Connection: close
Content-Length: 85
Content-Type: application/x-amz-json-1.1
Date: Wed, 05 Jan 2022 17:15:20 GMT
X-Amzn-Requestid: 67bc83ad-103a-451d-baf5-4697df2e44cb
-----------------------------------------------------: timestamp=2022-01-05T09:15:21.075-0800
2022-01-05T09:15:21.075-0800 [INFO] plugin.terraform-provider-aws_v3.70.0_x5: 2022/01/05 09:15:21 [DEBUG] [aws-sdk-go] {"__type":"ServerException","message":"Service Unavailable. Please try again later."}: timestamp=2022-01-05T09:15:21.075-0800
no details about the error, any idea what might be wrong here?
here is a snippet from my terraform for capacity provider:
... (other stuff like ASG launch template etc)
resource "aws_autoscaling_group" "cluster-asg" {
desired_capacity = 3
min_size = 3
max_size = 50
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1c"]
launch_template {
id = aws_launch_template.as_launch_template.id
version = "$Latest"
}
tag {
key = "AmazonECSManaged"
value = true
propagate_at_launch = true
}
}
resource "aws_ecs_capacity_provider" "capacity_provider" {
name = "app-client-capacity-provider"
auto_scaling_group_provider {
auto_scaling_group_arn = aws_autoscaling_group.cluster-asg.arn
managed_scaling {
instance_warmup_period = 120
maximum_scaling_step_size = 1000
minimum_scaling_step_size = 1
status = "ENABLED"
target_capacity = 80
}
}
}
resource "aws_ecs_cluster" "cluster" {
name = "app-client" # Naming the cluster
capacity_providers = [aws_ecs_capacity_provider.capacity_provider.name]
}
I fixed this by creating the cluster without capacity provider first then modifying it to have one.
Related
I am trying to create an AWS EKS cluster using terraform and in the sequence of steps, I have a step to create a security group where I get an error to which I couldn't get a solution.
Could you guys have a look and help me understand why is this error occurring.
Using terraform version v0.13.1
Request & Response Logs:
2020-09-03T17:10:09.598+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: Action=CreateSecurityGroup&GroupDescription=Managed+by+Te
rraform&GroupName=sg-worker_group_mgmt_two2020090311400XXXXXXXXXXXX&Version=2016-11-15&VpcId=vpc-XXXXXXXX
2020-09-03T17:10:09.598+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: -----------------------------------------------------
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: 2020/09/03 17:10:10 [DEBUG] [aws-sdk-go] DEBUG: Response
ec2/CreateSecurityGroup Details:
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: ---[ RESPONSE ]--------------------------------------
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: HTTP/1.1 400 Bad Request
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: Connection: close
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: Transfer-Encoding: chunked
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: Date: Thu, 03 Sep 2020 11:40:09 GMT
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: Server: AmazonEC2
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5:
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5:
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: -----------------------------------------------------
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: 2020/09/03 17:10:10 [DEBUG] [aws-sdk-go] <?xml version="1
.0" encoding="UTF-8"?>
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: <Response><Errors><Error><Code>InvalidParameterValue</Cod
e><Message>Value (sg-worker_group_mgmt_two2020090311400XXXXXXXXXXXX) for parameter GroupName is invalid. Group names may not be in the
format sg-*.</Message></Error></Errors><RequestID>5XXXX-0XXX-4c55-aXXa-b34f3XXXXX</RequestID></Response>
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: 2020/09/03 17:10:10 [DEBUG] [aws-sdk-go] DEBUG: Validate
Response ec2/CreateSecurityGroup failed, attempt 0/25, error InvalidParameterValue: Value (sg-worker_group_mgmt_two2020090311400XXXXXXXXXXXX) for parameter GroupName is invalid. Group names may not be in the format sg-*.
2020-09-03T17:10:10.360+0530 [DEBUG] plugin.terraform-provider-aws_v3.4.0_x5: status code: 400, request id: 5XXXX-0XXX-4c55-aXXa-b34f3XXXXX
2020/09/03 17:10:10 [DEBUG] aws_security_group.worker_group_mgmt_two: apply errored, but we're indicating that via the Error pointer rather than returning it: Error creating Security Group: InvalidParameterValue: Value (sg-worker_group_mgmt_two2020090311400XXXXXXXXXXXX) for parameter GroupName is invalid. Group names may not be in the format sg-*.
status code: 400, request id: 5XXXX-0XXX-4c55-aXXa-b34f3XXXXX
Terraform code:
resource "aws_security_group" "sg-worker_group_mgmt_one" {
name_prefix = "sg-worker_group_mgmt_one"
vpc_id = "${data.aws_vpc.vpc-dev-cluster.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"xxx.xx.0.0/16",
]
}
}
resource "aws_security_group" "sg-worker_group_mgmt_two" {
name_prefix = "sg-worker_group_mgmt_two"
vpc_id = "${data.aws_vpc.vpc-dev-cluster.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"xxx.xx.0.0/16",
]
}
}
resource "aws_security_group" "sg-all_worker_mgmt" {
name_prefix = "sg-all_worker_management"
vpc_id = "${data.aws_vpc.vpc-dev-cluster.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [
"xxx.xx.xx.0/17",
"xxx.xx.0.0/16",
]
}
}
resource "aws_security_group" "sg-eks_cluster" {
name = "${var.cluster_sg_name}"
description = "Cluster communication with worker nodes"
vpc_id = "${data.aws_vpc.vpc-dev-cluster.id}"
tags = {
Name = "${var.cluster_sg_name}"
}
}
resource "aws_security_group_rule" "sg-cluster_inbound" {
description = "Allow worker nodes to communicate with the cluster API Server"
from_port = 443
protocol = "tcp"
security_group_id = "${aws_security_group.sg-eks_cluster.id}"
source_security_group_id = "${aws_security_group.sg-eks_nodes.id}"
to_port = 443
type = "ingress"
}
resource "aws_security_group_rule" "sg-cluster_outbound" {
description = "Allow cluster API Server to communicate with the worker nodes"
from_port = 1024
protocol = "tcp"
security_group_id = "${aws_security_group.sg-eks_cluster.id}"
source_security_group_id = "${aws_security_group.sg-eks_nodes.id}"
to_port = 65535
type = "egress"
}
resource "aws_security_group" "sg-eks_nodes" {
name = "${var.nodes_sg_name}"
description = "Security group for all nodes in the cluster"
vpc_id = "${data.aws_vpc.vpc-dev-cluster.id}"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.nodes_sg_name}"
"kubernetes.io/cluster/${var.eks_cluster_name}" = "owned"
}
}
resource "aws_security_group_rule" "nodes" {
description = "Allow nodes to communicate with each other"
from_port = 0
protocol = "-1"
security_group_id = "${aws_security_group.sg-eks_nodes.id}"
source_security_group_id = "${aws_security_group.sg-eks_nodes.id}"
to_port = 65535
type = "ingress"
}
resource "aws_security_group_rule" "nodes_inbound" {
description = "Allow worker Kubelets and pods to receive communication from the cluster control plane"
from_port = 1025
protocol = "tcp"
security_group_id = "${aws_security_group.sg-eks_nodes.id}"
source_security_group_id = "${aws_security_group.sg-eks_cluster.id}"
to_port = 65535
type = "ingress"
}
The AWS documentation for CreateSecurityGroup mentions the following restrictions on the name:
Constraints: Up to 255 characters in length. Cannot start with sg-.
Normally the AWS provider would have a validation for this so it would show up from either the plan or validate commands. Unfortunately it currently only has a validation checking the length.
To fix your error you'll need to change the name of your security group to remove the sg- prefix.
I've raised https://github.com/terraform-providers/terraform-provider-aws/pull/15011 to fix this so in future it can be detected before running the apply.
I am trying to use terraform as start to automate infrastructure provisioning. I already have VPC, subnets defined. I could not solve this problem i have gone through similar questions posted on stack overflow to check the AMI's is available in region or check the VPC tenancy. Unfortunately these solution are not working for me. Here is my simple configuration main.tf
provider "aws" {
region = "eu-west-2"
}
resource "aws_instance" "test-instance1" {
ami = "ami-07dc734dc14746eab"
ebs_optimized = true
instance_type = "t2.micro"
root_block_device {
volume_type = "gp2"
volume_size = 260
delete_on_termination = true
}
ebs_block_device {
device_name = "/dev/sda1"
delete_on_termination = true
volume_size = 260
volume_type = "gp2"
}
}
Here is the complete output of terraform apply.
Master $ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.test-instance1 will be created
+ resource "aws_instance" "test-instance1" {
+ ami = "ami-07dc734dc14746eab"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ ebs_optimized = true
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ network_interface_id = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tenancy = (known after apply)
+ volume_tags = (known after apply)
+ vpc_security_group_ids = (known after apply)
+ ebs_block_device {
+ delete_on_termination = true
+ device_name = "/dev/sda1"
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = 260
+ volume_type = "gp2"
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = true
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = 260
+ volume_type = "gp2"
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.test-instance1: Creating...
Error: Error launching source instance: Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
status code: 400, request id: 1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5
on main.tf line 5, in resource "aws_instance" "test-instance1":
5: resource "aws_instance" "test-instance1" {
Master $
I also enabled logs and set it to TRACE. Here is the complete debug.
2020/05/11 22:48:38 [DEBUG] aws_instance.test-instance1: applying the planned Create change
2020/05/11 22:48:38 [TRACE] GRPCProvider: ApplyResourceChange
2020-05-11T22:48:38.524+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "ephemeral_block_device" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "metadata_options" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "security_groups" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "network_interface" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "network_interface" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "vpc_security_group_ids" from ComputedKeys
2020-05-11T22:48:38.525+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "volume_tags" from ComputedKeys
2020-05-11T22:48:38.540+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] setting computed for "ipv6_addresses" from ComputedKeys
2020-05-11T22:48:38.547+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] Describing AMI "ami-07dc734dc14746eab" to get root block device name
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:38 [DEBUG] [aws-sdk-go] DEBUG: Request ec2/DescribeImages Details:
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: POST / HTTP/1.1
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Host: ec2.eu-west-2.amazonaws.com
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: User-Agent: aws-sdk-go/1.30.21 (go1.13.7; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.24 (+https://www.terraform.io)
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Content-Length: 72
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: X-Amz-Date: 20200511T171838Z
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Accept-Encoding: gzip
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Action=DescribeImages&ImageId.1=ami-07dc734dc14746eab&Version=2016-11-15
2020-05-11T22:48:38.553+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: -----------------------------------------------------
2020-05-11T22:48:39.761+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:39 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DescribeImages Details:
2020-05-11T22:48:39.761+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: ---[ RESPONSE ]--------------------------------------
2020-05-11T22:48:39.761+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: HTTP/1.1 200 OK
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Connection: close
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Transfer-Encoding: chunked
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Content-Type: text/xml;charset=UTF-8
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Date: Mon, 11 May 2020 17:18:39 GMT
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Server: AmazonEC2
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Vary: accept-encoding
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: X-Amzn-Requestid: 87d3ddcf-aacd-43fe-a7c2-3efb44d6d76b
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: -----------------------------------------------------
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:39 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <DescribeImagesResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <requestId>87d3ddcf-aacd-43fe-a7c2-3efb44d6d76b</requestId>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imagesSet>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <item>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imageId>ami-07dc734dc14746eab</imageId>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imageLocation>099720109477/ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1</imageLocation>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imageState>available</imageState>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imageOwnerId>099720109477</imageOwnerId>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <creationDate>2019-02-13T12:48:49.000Z</creationDate>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <isPublic>true</isPublic>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <architecture>x86_64</architecture>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <imageType>machine</imageType>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <sriovNetSupport>simple</sriovNetSupport>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <name>ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-20190212.1</name>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <description>Canonical, Ubuntu, 18.04 LTS, amd64 bionic image build on 2019-02-12</description>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <rootDeviceType>ebs</rootDeviceType>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <rootDeviceName>/dev/sda1</rootDeviceName>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <blockDeviceMapping>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <item>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <deviceName>/dev/sda1</deviceName>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <ebs>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <snapshotId>snap-0160fe9487706c145</snapshotId>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <volumeSize>8</volumeSize>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <deleteOnTermination>true</deleteOnTermination>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <volumeType>gp2</volumeType>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <encrypted>false</encrypted>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </ebs>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </item>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <item>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <deviceName>/dev/sdb</deviceName>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <virtualName>ephemeral0</virtualName>
2020-05-11T22:48:39.762+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </item>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <item>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <deviceName>/dev/sdc</deviceName>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <virtualName>ephemeral1</virtualName>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </item>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </blockDeviceMapping>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <virtualizationType>hvm</virtualizationType>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <hypervisor>xen</hypervisor>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <enaSupport>true</enaSupport>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <platformDetails>Linux/UNIX</platformDetails>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <usageOperation>RunInstances</usageOperation>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </item>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </imagesSet>
2020-05-11T22:48:39.763+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: </DescribeImagesResponse>
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:39 [DEBUG] Run configuration: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: BlockDeviceMappings: [{
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: DeviceName: "/dev/sda1",
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Ebs: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: DeleteOnTermination: true,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: VolumeSize: 260,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: VolumeType: "gp2"
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: }
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: },{
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: DeviceName: "/dev/sda1",
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Ebs: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: DeleteOnTermination: true,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: VolumeSize: 260,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: VolumeType: "gp2"
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: }
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: }],
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: DisableApiTermination: false,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: EbsOptimized: true,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: HibernationOptions: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Configured: false
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: },
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: IamInstanceProfile: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Name: ""
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: },
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: ImageId: "ami-07dc734dc14746eab",
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: InstanceType: "t2.micro",
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: MaxCount: 1,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: MinCount: 1,
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Monitoring: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Enabled: false
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: },
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Placement: {
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: AvailabilityZone: "",
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: GroupName: ""
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: }
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: }
2020-05-11T22:48:39.782+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:39 [DEBUG] Waiting for state to become: [success]
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:39 [DEBUG] [aws-sdk-go] DEBUG: Request ec2/RunInstances Details:
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: POST / HTTP/1.1
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Host: ec2.eu-west-2.amazonaws.com
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: User-Agent: aws-sdk-go/1.30.21 (go1.13.7; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.24 (+https://www.terraform.io)
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Content-Length: 645
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: X-Amz-Date: 20200511T171839Z
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Accept-Encoding: gzip
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Action=RunInstances&BlockDeviceMapping.1.DeviceName=%2Fdev%2Fsda1&BlockDeviceMapping.1.Ebs.DeleteOnTermination=true&BlockDeviceMapping.1.Ebs.VolumeSize=260&BlockDeviceMapping.1.Ebs.VolumeType=gp2&BlockDeviceMapping.2.DeviceName=%2Fdev%2Fsda1&BlockDeviceMapping.2.Ebs.DeleteOnTermination=true&BlockDeviceMapping.2.Ebs.VolumeSize=260&BlockDeviceMapping.2.Ebs.VolumeType=gp2&DisableApiTermination=false&EbsOptimized=true&HibernationOptions.Configured=false&IamInstanceProfile.Name=&ImageId=ami-07dc734dc14746eab&InstanceType=t2.micro&MaxCount=1&MinCount=1&Monitoring.Enabled=false&Placement.AvailabilityZone=&Placement.GroupName=&Version=2016-11-15
2020-05-11T22:48:39.790+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: -----------------------------------------------------
2020/05/11 22:48:40 [TRACE] dag/walk: vertex "root" is waiting for "meta.count-boundary (EachMode fixup)"
2020/05/11 22:48:40 [TRACE] dag/walk: vertex "meta.count-boundary (EachMode fixup)" is waiting for "aws_instance.test-instance1"
2020/05/11 22:48:40 [TRACE] dag/walk: vertex "provider.aws (close)" is waiting for "aws_instance.test-instance1"
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:41 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/RunInstances Details:
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: ---[ RESPONSE ]--------------------------------------
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: HTTP/1.1 400 Bad Request
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Connection: close
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Transfer-Encoding: chunked
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Date: Mon, 11 May 2020 17:18:41 GMT
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: Server: AmazonEC2
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4:
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: -----------------------------------------------------
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:41 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: <Response><Errors><Error><Code>Unsupported</Code><Message>The requested configuration is currently not supported. Please check the documentation for supported configurations.</Message></Error></Errors><RequestID>1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5</RequestID></Response>
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: 2020/05/11 22:48:41 [DEBUG] [aws-sdk-go] DEBUG: Validate Response ec2/RunInstances failed, attempt 0/25, error Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
2020-05-11T22:48:41.622+0530 [DEBUG] plugin.terraform-provider-aws_v2.61.0_x4: status code: 400, request id: 1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5
2020/05/11 22:48:41 [DEBUG] aws_instance.test-instance1: apply errored, but we're indicating that via the Error pointer rather than returning it: Error launching source instance: Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
status code: 400, request id: 1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/05/11 22:48:41 [TRACE] EvalMaybeTainted: aws_instance.test-instance1 encountered an error during creation, so it is now marked as tainted
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/05/11 22:48:41 [TRACE] EvalWriteState: removing state object for aws_instance.test-instance1
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalApplyProvisioners
2020/05/11 22:48:41 [TRACE] EvalApplyProvisioners: aws_instance.test-instance1 has no state, so skipping provisioners
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalMaybeTainted
2020/05/11 22:48:41 [TRACE] EvalMaybeTainted: aws_instance.test-instance1 encountered an error during creation, so it is now marked as tainted
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalWriteState
2020/05/11 22:48:41 [TRACE] EvalWriteState: removing state object for aws_instance.test-instance1
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalIf
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalIf
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalWriteDiff
2020/05/11 22:48:41 [TRACE] <root>: eval: *terraform.EvalApplyPost
2020/05/11 22:48:41 [ERROR] <root>: eval: *terraform.EvalApplyPost, err: Error launching source instance: Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
status code: 400, request id: 1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5
2020/05/11 22:48:41 [ERROR] <root>: eval: *terraform.EvalSequence, err: Error launching source instance: Unsupported: The requested configuration is currently not supported. Please check the documentation for supported configurations.
status code: 400, request id: 1db1f3f0-88c5-4d71-bf9d-43f3a987b5c5
2020/05/11 22:48:41 [TRACE] [walkApply] Exiting eval tree: aws_instance.test-instance1
2020/05/11 22:48:41 [TRACE] vertex "aws_instance.test-instance1": visit complete
2020/05/11 22:48:41 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2020/05/11 22:48:41 [TRACE] dag/walk: upstream of "provider.aws (close)" errored, so skipping
2020/05/11 22:48:41 [TRACE] dag/walk: upstream of "root" errored, so skipping
2020/05/11 22:48:41 [TRACE] statemgr.Filesystem: not making a backup, because the new snapshot is identical to the old
2020/05/11 22:48:41 [TRACE] statemgr.Filesystem: no state changes since last snapshot
2020/05/11 22:48:41 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
2020/05/11 22:48:41 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2020/05/11 22:48:41 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
2020-05-11T22:48:41.683+0530 [DEBUG] plugin: plugin exited
My guess is that t2 type instances do not support EBS Optimized volumes per https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-optimized.html#ebs-optimization-support. Try removing ebs_optimized or setting it to false.
instance_type = "t2.micro"
change to
instance_type = "t3.micro"
is OK for me.
I'm attempting to create a new s3 bucket and getting a conflict though I know the bucket name is new, unique, and has been many hours (8+) since that name was in use. Details attached. I've even tried with a new name that I know was never a bucket in my account (and likely never a bucket).
The name in the logs below is made up and not the one I was using, which was unique and namespaced to my domain.
If I use the aws s3 cli to make the bucket (i.e. aws s3 mb s3://{same-bucket-name} --region us-east-2) where {same-bucket-name} is the name of the bucket I want to create, it works fine.
2019-07-07T00:12:19.463-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [DEBUG] Trying to create new S3 bucket: "my-unique-s3-bucket-name"
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [DEBUG] [aws-sdk-go] DEBUG: Request s3/CreateBucket Details:
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: ---[ REQUEST POST-SIGN ]-----------------------------
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: PUT /my-unique-s3-bucket-name HTTP/1.1
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Host: s3.us-east-2.amazonaws.com
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: User-Agent: aws-sdk-go/1.20.12 (go1.12.5; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.2
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Content-Length: 153
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Authorization: AWS4-HMAC-SHA256 Credential=MYCREDS/20190707/us-east-2/s3/aws4_request, SignedHeaders=content-length;host;x-amz-acl;x-amz-content-sha256;x-amz-date, Signature=b5acd2dbcaf09eda51b4ea8448f1991d26c8eb8249a85e7ac28044864df377b9
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: X-Amz-Acl: public-read
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: X-Amz-Content-Sha256: 70cae86320841ea73b0bdc759f99920c7caa405e61af2742575750c6586272c9
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: X-Amz-Date: 20190707T041219Z
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Accept-Encoding: gzip
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4:
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: <CreateBucketConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><LocationConstraint>us-east-2</LocationConstraint></CreateBucketConfiguration>
2019-07-07T00:12:19.464-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: -----------------------------------------------------
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [DEBUG] [aws-sdk-go] DEBUG: Response s3/CreateBucket Details:
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: ---[ RESPONSE ]--------------------------------------
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: HTTP/1.1 409 Conflict
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Connection: close
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Transfer-Encoding: chunked
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Content-Type: application/xml
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Date: Sun, 07 Jul 2019 04:12:19 GMT
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: Server: AmazonS3
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: X-Amz-Id-2: v5M1x31BcVCS4DLIgqmCR4KRHipO3ZRbTSXF1PCS9+q9nyT8O5/3s04Z22o8t4x8JZ0HF9HWkO4=
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: X-Amz-Request-Id: 835B636D828335A1
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4:
2019-07-07T00:12:19.697-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4:
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: -----------------------------------------------------
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: <Error><Code>OperationAborted</Code><Message>A conflicting conditional operation is currently in progress against this resource. Please try again.</Message><RequestId>835B636D828335A1</RequestId><HostId>v5M1x31BcVCS4DLIgqmCR4KRHipO3ZRbTSXF1PCS9+q9nyT8O5/3s04Z22o8t4x8JZ0HF9HWkO4=</HostId></Error>
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [DEBUG] [aws-sdk-go] DEBUG: Validate Response s3/CreateBucket failed, attempt 0/25, error OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: status code: 409, request id: 835B636D828335A1, host id: v5M1x31BcVCS4DLIgqmCR4KRHipO3ZRbTSXF1PCS9+q9nyT8O5/3s04Z22o8t4x8JZ0HF9HWkO4=
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [WARN] Got an error while trying to create S3 bucket my-unique-s3-bucket-name: OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: status code: 409, request id: 835B636D828335A1, host id: v5M1x31BcVCS4DLIgqmCR4KRHipO3ZRbTSXF1PCS9+q9nyT8O5/3s04Z22o8t4x8JZ0HF9HWkO4=
2019-07-07T00:12:19.698-0400 [DEBUG] plugin.terraform-provider-aws_v2.18.0_x4: 2019/07/07 00:12:19 [TRACE] Waiting 10s before next try
If the bucket did previously exist then there is an indeterminate amount of time before that bucket name is released.
Unfortunately the AWS docs aren't very specific here:
Important
If you want to continue to use the same bucket name, don't delete the
bucket. We recommend that you empty the bucket and keep it. After a
bucket is deleted, the name becomes available to reuse, but the name
might not be available for you to reuse for various reasons. For
example, it might take some time before the name can be reused, and
some other account could create a bucket with that name before you do.
You can talk to AWS support to confirm what's happening (and check that another AWS account doesn't have the bucket) but ultimately you just need to wait. If the S3 bucket matches a domain name that you control and you intend to use it for website hosting and someone else already has that S3 bucket then there is a process for getting that bucket name back to you, just as there is with CloudFront CNAMEs which are also globally unique.
You should also be able to check if the bucket name is available by running the following command:
aws s3api head-bucket --bucket [bucket name]
Ages back when we briefly tried deleting S3 buckets in test environments over night (along with everything else) we would occasionally see this error for over 48 hours while sometimes the bucket name was available again within a few hours. Unfortunately, AWS provide no guarantees here.
I try to set up controller service account for Dataflow. In my dataflow options I have:
options.setGcpCredential(GoogleCredentials.fromStream(
new FileInputStream("key.json")).createScoped(someArrays));
options.setServiceAccount("xxx#yyy.iam.gserviceaccount.com");
But I'm getting:
WARNING: Request failed with code 403, performed 0 retries due to IOExceptions,
performed 0 retries due to unsuccessful status codes, HTTP framework says
request can be retried, (caller responsible for retrying):
https://dataflow.googleapis.com/v1b3/projects/MYPROJECT/locations/MYLOCATION/jobs
Exception in thread "main" java.lang.RuntimeException: Failed to create a workflow
job: (CODE): Current user cannot act as
service account "xxx#yyy.iam.gserviceaccount.com.
Causes: (CODE): Current user cannot act as
service account "xxx#yyy.iam.gserviceaccount.com.
at org.apache.beam.runners.dataflow.DataflowRunner.run(DataflowRunner.java:791)
at org.apache.beam.runners.dataflow.DataflowRunner.run(DataflowRunner.java:173)
at org.apache.beam.sdk.Pipeline.run(Pipeline.java:311)
at org.apache.beam.sdk.Pipeline.run(Pipeline.java:297)
...
Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "(CODE): Current user cannot act as service account
xxx#yyy.iam.gserviceaccount.com. Causes: (CODE): Current user
cannot act as service account xxx#yyy.iam.gserviceaccount.com.",
"reason" : "forbidden"
} ],
"message" : "(CODE): Current user cannot act as service account
xxx#yyy.iam.gserviceaccount.com. Causes: (CODE): Current user
cannot act as service account xxx#yyy.iam.gserviceaccount.com.",
"status" : "PERMISSION_DENIED"
}
Am I missing some Roles or permissions?
Maybe someone is going to find it helpful:
For controller it was: Dataflow Worker and Storage Object Admin (that was found in Google's documentation).
For executor it was: Service Account User.
I've been hitting this error and thought it worth sharing my experiences (partly because I suspect I'll encounter this again in the future).
The terraform code to create my dataflow job is:
resource "google_dataflow_job" "wordcount" {
# https://stackoverflow.com/a/59931467/201657
name = "wordcount"
template_gcs_path = "gs://dataflow-templates/latest/Word_Count"
temp_gcs_location = "gs://${local.name-prefix}-functions/temp"
parameters = {
inputFile = "gs://dataflow-samples/shakespeare/kinglear.txt"
output = "gs://${local.name-prefix}-functions/wordcount/output"
}
service_account_email = "serviceAccount:${data.google_service_account.sa.email}"
}
The error message:
Error: googleapi: Error 400: (c3c0d991927a8658): Current user cannot act as service account serviceAccount:dataflowdemo#redacted.iam.gserviceaccount.com., badRequest
was returned from running terraform apply. Checking out the logs provided a lot more info:
gcloud logging read 'timestamp >= "2020-12-31T13:39:58.733249492Z" AND timestamp <= "2020-12-31T13:45:58.733249492Z"' --format="csv(timestamp,severity,textPayload)" --order=asc
which returned various log records, including this:
Permissions verification for controller service account failed. IAM role roles/dataflow.worker should be granted to controller service account dataflowdemo#redacted.iam.gserviceaccount.com.
so I granted that missing role grant
gcloud projects add-iam-policy-binding $PROJECT \
--member="serviceAccount:dataflowdemo#${PROJECT}.iam.gserviceaccount.com" \
--role="roles/dataflow.worker"
and ran terraform apply again. This time I got the same error in the terraform output but there were no errors to be seen in the logs.
I then followed the advice given at https://cloud.google.com/dataflow/docs/concepts/access-control#creating_jobs to also grant the roles/dataflow.admin:
gcloud projects add-iam-policy-binding $PROJECT \
--member="serviceAccount:dataflowdemo#${PROJECT}.iam.gserviceaccount.com" \
--role="roles/dataflow.admin"
but there was no discernible difference from the previous attempt.
I then tried turning on terraform debug logging which provided this info:
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: ---[ REQUEST ]---------------------------------------
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: POST /v1b3/projects/redacted/locations/europe-west1/templates?alt=json&prettyPrint=false HTTP/1.1
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Host: dataflow.googleapis.com
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: User-Agent: google-api-go-client/0.5 Terraform/0.14.2 (+https://www.terraform.io) Terraform-Plugin-SDK/2.1.0 terraform-provider-google/dev
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Content-Length: 385
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Content-Type: application/json
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: X-Goog-Api-Client: gl-go/1.14.5 gdcl/20201023
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Accept-Encoding: gzip
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: {
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "environment": {
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "serviceAccountEmail": "serviceAccount:dataflowdemo#redacted.iam.gserviceaccount.com",
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "tempLocation": "gs://jamiet-demo-functions/temp"
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: },
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "gcsPath": "gs://dataflow-templates/latest/Word_Count",
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "jobName": "wordcount",
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "parameters": {
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "inputFile": "gs://dataflow-samples/shakespeare/kinglear.txt",
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "output": "gs://jamiet-demo-functions/wordcount/output"
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: }
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: }
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:13.129Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: -----------------------------------------------------
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: 2020/12/31 16:04:14 [DEBUG] Google API Response Details:
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: ---[ RESPONSE ]--------------------------------------
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: HTTP/1.1 400 Bad Request
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Connection: close
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Transfer-Encoding: chunked
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Alt-Svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Cache-Control: private
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Content-Type: application/json; charset=UTF-8
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Date: Thu, 31 Dec 2020 16:04:15 GMT
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Server: ESF
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Vary: Origin
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Vary: X-Origin
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: Vary: Referer
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: X-Content-Type-Options: nosniff
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: X-Frame-Options: SAMEORIGIN
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: X-Xss-Protection: 0
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: 1f9
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: {
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "error": {
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "code": 400,
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "message": "(dbacb1c39beb28c9): Current user cannot act as service account serviceAccount:dataflowdemo#redacted.iam.gserviceaccount.com.",
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "errors": [
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: {
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "message": "(dbacb1c39beb28c9): Current user cannot act as service account serviceAccount:dataflowdemo#redacted.iam.gserviceaccount.com.",
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "domain": "global",
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "reason": "badRequest"
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: }
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: ],
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: "status": "INVALID_ARGUMENT"
orm-provider-google_v3.51.0_x5: }
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: }
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: 0
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5:
2020-12-31T16:04:14.647Z [DEBUG] plugin.terraform-provider-google_v3.51.0_x5: -----------------------------------------------------
The error being returned from dataflow.googleapis.com is clearly evident:
Current user cannot act as service account serviceAccount:dataflowdemo#redacted.iam.gserviceaccount.com
At this stage I am puzzled as to why I can see an error being returned from the Google's dataflow API but there is nothing in the GCP logs indicating that an error occurred.
Then tho I had a bit of a lightbulb moment. Why does that error message mention "service account serviceAccount"? Then it hit me, I'd defined the service account incorrectly. Terraform code should have been:
resource "google_dataflow_job" "wordcount" {
# https://stackoverflow.com/a/59931467/201657
name = "wordcount"
template_gcs_path = "gs://dataflow-templates/latest/Word_Count"
temp_gcs_location = "gs://${local.name-prefix}-functions/temp"
parameters = {
inputFile = "gs://dataflow-samples/shakespeare/kinglear.txt"
output = "gs://${local.name-prefix}-functions/wordcount/output"
}
service_account_email = data.google_service_account.sa.email
}
I corrected it and it worked straight away. User error!!!
I then set about removing the various permissions that I'd added:
gcloud projects remove-iam-policy-binding $PROJECT \
--member="serviceAccount:dataflowdemo#${PROJECT}.iam.gserviceaccount.com" \
--role="roles/dataflow.admin"
gcloud projects remove-iam-policy-binding $PROJECT \
--member="serviceAccount:dataflowdemo#${PROJECT}.iam.gserviceaccount.com" \
--role="roles/dataflow.worker"
and terraform apply still worked. However, after removing the grant of role roles/dataflow.worker the job failed with error:
Workflow failed. Causes: Permissions verification for controller service account failed. IAM role roles/dataflow.worker should be granted to controller service account dataflowdemo#redacted.iam.gserviceaccount.com.
so clearly the documentation regarding the appropriate roles to grant (https://cloud.google.com/dataflow/docs/concepts/access-control#creating_jobs) is spot on.
As may be apparent, I started writing this post before I knew what the problem was and I thought it might be useful to document my investigation somewhere. Now that I've finished the investigation and the problem turns out to be one of PEBCAK its probably not so relevant to this thread anymore, and certainly shouldn't be accepted as an answer. Nevertheless, there is probably some useful information in here about how to go about investigating issues with terraform calling Google APIs, and it also reiterates the required role grants, so I'll leave it here in case it ever turns out to be useful.
I just hit this problem again so posting my solution up here as I fully expect I'll get bitten by this again at some point.
I was getting error:
Error: googleapi: Error 403: (a00eba23d59c1fa3): Current user cannot act as service account dataflow-controller-sa#myproject.iam.gserviceaccount.com. Causes: (a00eba23d59c15ac): Current user cannot act as service account dataflow-controller-sa#myproject.iam.gserviceaccount.com., forbidden
I was deploying the dataflow job, via terraform, using a different service account, deployer#myproject.iam.gserviceaccount.com
The solution was to grant that service account the roles/iam.serviceAccountUser role:
gcloud projects add-iam-policy-binding myproject \
--member=serviceAccount:deployer#myproject.iam.gserviceaccount.com \
--role=roles/iam.serviceAccountUser
For those that prefer custom IAM roles over predefined IAM roles the specific permission that was missing was iam.serviceAccounts.actAs.
Issue Got Resolved!
Go to GCP -> Console -> IAM -> ServiceAccount Email -> Add Permission -> Service Account User. as below
I am currently setting up an Nginx server on a "Google Compute Engine" behind Google's Load Balancer/CDN combo:
Website visitor <---> CDN <---> Load Balancer <---> Nginx on Google Compute Engine
I would like to redirect the visitor from https://www.example.org/ to either https://www.example.org/de/ or https://www.example.org/en/ depending on the value of the "Accept-Language" HTTP-Header in the client's request. For this purpose, I am using the following code in the nginx.conf configuration file:
set $language_suffix "en";
if ($http_accept_language ~* "^de") {
set $language_suffix "de";
}
location = / {
add_header Vary "Accept-Language";
return 303 https://www.example.org/$language_suffix/;
}
But, above config leads to a 502 error:
~> curl -I https://www.example.org/
HTTP/2 502
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
content-length: 332
date: Mon, 11 Jun 2018 09:57:55 GMT
alt-svc: clear
How can I fix this?
UPDATE:
XXX.XXX.XXX.XXX - "HEAD https://www.XXXXXXX.com/" 502 106 "curl/7.60.0" {
httpRequest: {
cacheLookup: true
remoteIp: "XXX.XXX.XXX.XXX"
requestMethod: "HEAD"
requestSize: "38"
requestUrl: "https://www.XXXXXXX.com/"
responseSize: "106"
status: 502
userAgent: "curl/7.60.0"
}
insertId: "XXXXXXXXXXXXX"
jsonPayload: {
#type: "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry"
statusDetails: "failed_to_pick_backend"
}
logName: "projects/crack-triode-XXXXXXXX/logs/requests"
receiveTimestamp: "2018-06-11T03:33:10.864056419Z"
resource: {
labels: {
backend_service_name: ""
forwarding_rule_name: "XXX-werbserver-ipv4-https"
project_id: "crack-triode-XXXXXXXX"
target_proxy_name: "XXX-werbserver-loadbalancer-target-proxy-2"
url_map_name: "XXX-werbserver-loadbalancer"
zone: "global"
}
type: "http_load_balancer"
}
severity: "WARNING"
spanId: "XXXXXXXXXXXXXX"
timestamp: "2018-06-11T03:33:10.088466141Z"
trace: "projects/crack-triode-XXXXXXXX/traces/XXXXXXXXXXXXXXX"
}
You have to change the request uri from / to some else, that returns HTTP-Status 200. I am now using /robots.txt. The setting can be changed at:
https://console.cloud.google.com/compute/healthChecks