Notice: `aws_vpc_endpoint_service`: Error: multiple VPC Endpoint Services matched


For those users who are encountering the following error when using the aws_vpc_endpoint_service data source:

 Error: multiple VPC Endpoint Services matched; use additional constraints to reduce matches to a single VPC Endpoint Service
  • AWS have just released a new feature in S3 (PrivateLink) which means that multiple results are now being returned when searching for the S3 endpoint service.
  • Singular data sources in the Terraform AWS Provider (like aws_vpc_endpoint_service) return an error if multiple results are returned.

Configuration changes required to resolve the issue

For provider version v3.10.0 and up

data "aws_vpc_endpoint_service" "s3" {
  service      = "s3"
  service_type = "Gateway"

For provider version before v3.10.0 (including v2.x.x)

If you are unable to update to a recent version of the provider, as a temporary workaround you can also use com.amazonaws.REGION.s3 as an endpoint value in downstream configurations rather than using the datasource. For example:

data "aws_region" "current" {}

# ... other local/resource/output that needs the value ...
... = "com.amazonaws.${}.s3"

Please note that if you are using a Terraform module that relies on this datasource, the module itself will need to be updated. Terraform modules are not maintained by HashiCorp, so you will need to reach out to the module’s maintainers to make that configuration update.

HashiCorp and AWS are actively monitoring the impact of this change, and are working together to explore alternate solutions. This post will be updated as we have more to share.


We have had no choice but to implement this, for anyone looking for an interim solution - this may assist you using external data source and custom bash script.