Error while creating aws elasticache user group

anr.ravi · December 21, 2022, 6:18pm

resource "aws_elasticache_user" "default" {
  user_id       = "defaultUserID"
  user_name     = "default"
  access_string = "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember"
  engine        = "REDIS"
  passwords     = ["abc"]
}



resource "aws_elasticache_user" "test" {
  user_id       = "testUserID"
  user_name     = "testuser"
  access_string = "on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember"
  engine        = "REDIS"
  passwords     = ["abc"]
}


resource "aws_elasticache_user_group" "testgrp" {
  engine        = "REDIS"
  user_group_id = "testgrpGroupId"
  user_ids      = [aws_elasticache_user.default.user_id,aws_elasticache_user.test.user_id]
  lifecycle {
    ignore_changes = [user_ids]
  }  
}

resource "aws_elasticache_user_group_association" "grpAssociation" {
  user_group_id = aws_elasticache_user_group.testgrp.user_group_id
  user_id       = aws_elasticache_user.test.user_id
}

Error:

aws_elasticache_replication_group.redis: Creation complete after 17m53s [id=test-replication-grp]



Error: Provider produced inconsistent final plan
When expanding the plan for aws_elasticache_user_group.testgrp to include
new values learned so far during apply, provider
"registry.terraform.io/hashicorp/aws" produced an invalid new value for
.user_ids: planned set element cty.StringVal("defaultUserID") does not
correlate with any element in actual.
 This is a bug in the provider, which should be reported in the provider's
own issue tracker.

Is there a way to fix this issue?

apparentlymart · December 21, 2022, 11:16pm

Hi @anr.ravi,

As the error message says, this sort of problem is a bug in the provider rather than a bug in your own module, and so the best we can do by changing your Terraform module is to work around the bug.

As a first step I suggest to open a bug report in the repository for the hashicorp/aws provider, because the provider team will probably be able to give more specific suggestions on how to work around it and will hopefully also be able to fix it in a future version of the provider.

I’m not sure exactly what’s happening here, but I assume by the point of this error Terraform should already have finished creating aws_elasticache_user.default and aws_elasticache_user.test, and so it might be helpful to run terraform show and inspect Terraform’s current records of how those two are configured. In particular I’m interested to know if the user_id values tracked in the state exactly matche the values shown in your configuration here, or if the provider has somehow changed them.

It might also help to run terraform plan -refresh-only to create a refresh-only plan and have Terraform report whether the provider is making changes to the user_id values during the refresh step.

If you’re not sure how to interpret the output of those two commands then please share the full resource "aws_elasticache_user" "test" and resource "aws_elasticache_user" "default" entries exactly as Terraform printed them and I can try to interpret them myself and tell you if I see anything suspicious.

anr.ravi · December 22, 2022, 9:50pm

Thanks @apparentlymart

code worked after removing lifecycle block and changing user_ids to all lowercases.

lifecycle {
    ignore_changes = [user_ids]
  }