Problem to create entries at managed prefix list when for_each loop is used

Hello,

I would like to create managed prefix lists at AWS, and I wrote a TF module with use two types of resources:

  • aws_ec2_managed_prefix_list
  • aws_ec2_managed_prefix_list_entry

Each of these resources is controlled by a for_each loop. And the data source for these loops is the map. Simplify code of that module you can find below.

locals {
  prefixes = {
    pfx-pub-test-1 = [
      "1.1.1.0/24",
      "2.2.2.0/24"
    ]
    pfx-pub-test-2 = [
      "3.3.3.0/24",
      "4.4.4.0/24"
    ]
  }
  description = {
    "1.1.1.0/24" = "PFX for test 1.",
    "2.2.2.0/24" = "PFX for test 2.",
    "3.3.3.0/24" = "PFX for test 3.",
    "4.4.4.0/24" = "PFX for test 4."
  }

  entries = flatten([
    for pfx_key, pfx_value in local.prefixes : [for pfx_entry in pfx_value : {
      pfx_name        = pfx_key
      pfx_entry       = pfx_entry
      pfx_description = lookup(local.description, pfx_entry)
    }]
  ])
}

resource "aws_ec2_managed_prefix_list" "this" {
  for_each       = local.prefixes
  name           = each.key
  address_family = "IPv4"
  max_entries    = length(each.value)
}

resource "aws_ec2_managed_prefix_list_entry" "this" {
  for_each = {
    for entry in local.entries : "${entry.pfx_name}-${entry.pfx_entry}" => entry
  }
  cidr           = each.value.pfx_entry
  description    = each.value.pfx_description
  prefix_list_id = aws_ec2_managed_prefix_list.this[each.value.pfx_name].id

  provisioner "local-exec" {
    command = "sleep 2"
  }
}

What is my problem? When I lunched that module with default parallelism terraform in first step create managed prefix list, and then start to create entries but in this example we have two entries. First of them is created properly but the second one finish with error.

aws_ec2_managed_prefix_list.this["pfx-pub-test-2"]: Creating...
aws_ec2_managed_prefix_list.this["pfx-pub-test-2"]: Creation complete after 2s [id=pl-02f3326f2c06033dd]
aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-3.3.3.0/24"]: Creating...
aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-4.4.4.0/24"]: Creating...
aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-4.4.4.0/24"]: Provisioning with 'local-exec'...
aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-4.4.4.0/24"] (local-exec): Executing: ["/bin/sh" "-c" "sleep 2"]
aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-4.4.4.0/24"]: Creation complete after 4s [id=pl-02f3326f2c06033dd,4.4.4.0/24]
╷
│ Error: error creating EC2 Managed Prefix List Entry (pl-02f3326f2c06033dd,3.3.3.0/24): IncorrectState: The request cannot be completed while the prefix list (pl-02f3326f2c06033dd) is in the current state (modify-in-progress). Target state is: (modify-in-progress)
│       status code: 400, request id: 4a8b5d11-7936-40cb-9c2a-eaf19bfbb34d
│ 
│   with aws_ec2_managed_prefix_list_entry.this["pfx-pub-test-2-3.3.3.0/24"],
│   on main.tf line 40, in resource "aws_ec2_managed_prefix_list_entry" "this":
│   40: resource "aws_ec2_managed_prefix_list_entry" "this" {

What can I do different than set parallelism to 1 to resolve that problem?


Regards
TomekC.