The original generated plan was:
An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols:~ update in-place-/+ destroy and then create replacement
Terraform will perform the following actions:
module.inspector_production.aws_cloudwatch_event_target.inspector_event_target[0] will be updated in-place ~ resource “aws_cloudwatch_event_target” “inspector_event_target” { ~ arn = “arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd/template/0-fogfWsaM” → (known after apply) id = “production-inspector-schedule-terraform-20200728192114154000000001” role_arn = “arn:aws:iam::XXXXXXX:role/production-inspector-event-role” rule = “production-inspector-schedule” target_id = “terraform-20200728192114154000000001” }
module.inspector_production.aws_inspector_assessment_template.assessment[0] must be replaced-/+ resource “aws_inspector_assessment_template” “assessment” { ~ arn = “arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd/template/0-fogfWsaM” → (known after apply) duration = 3600 ~ id = “arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd/template/0-fogfWsaM” → (known after apply) name = “production-assessment-template” ~ rules_package_arns = [ # forces replacement “arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p”, + “arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc”, “arn:aws:inspector:us-west-2:758058086616:rulespackage/0-rD1z6dpl”, ] ~ tags = { + “Contact” = “xyz” “CostCenter” = “61610-57” “DeleteMe” = “0000-00-00” + “Environment” = “production” “Initiator” = “Terraform”
Plan: 1 to add, 1 to change, 1 to destroy.
This plan was saved to: aws_inspector_us-west-2.out
I have got following error during terraform apply on first attempt:
$ terraform apply aws_inspector_us-west-2.outmodule.inspector_production.aws_inspector_assessment_template.assessment[0]: Destroying… [id=arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd/template/0-fogfWsaM]module.inspector_production.aws_inspector_assessment_template.assessment[0]: Destruction complete after 1smodule.inspector_production.aws_inspector_assessment_template.assessment[0]: Creating…
Error: error creating Inspector assessment template: InvalidInputException: Name already exists; Name: production-assessment-template ParentOwner: arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd{RespMetadata: {StatusCode: 400,RequestID: “814a5790-8a8b-4231-95e7-87389838167c”},ErrorCode: “ASSESSMENT_TEMPLATE_NAME_ALREADY_TAKEN”,Message_: “Name already exists; Name: production-assessment-template ParentOwner: arn:aws:inspector:us-west-2:XXXXXXX:target/0-lKul04Bd”}
on .terraform/modules/inspector_production/main.tf line 37, in resource “aws_inspector_assessment_template” “assessment”:37: resource “aws_inspector_assessment_template” “assessment” {
make: *** [apply] Error 1
However, after regenerating the plan I was able to apply it again successfully. I suspect we are running into either terraform bug or the creation of a resource is happening before the old resource with the same name is destroyed.