Updated secrets_manager secrets values manually , now terraform is giving error

arjunrk1616 · January 4, 2024, 11:55am

Hey Team , I have updated the secret values manually in console , later when I run apply in terraform. Getting error while applying. Not able to delete the current version ID also which is conflicting the terraform new ID

IN PLAN : #module.opensearch.aws_secretsmanager_secret_version.users[“readonly”] will be updated in-place
~ resource “aws_secretsmanager_secret_version” “users” {
id = “arn:aws:secretsmanager:ap-southeast-2:123456789:secret:abc|7873FBF4-BB8B-42CC-8E89-7FFDAA8CD0BB”
~ version_stages = [
+ “AWSCURRENT”,
- “AWSPENDING”,
]
# (5 unchanged attributes hidden)
}

WHEN I APPLY THE PLAN :

│ Error: error updating Secrets Manager Secret “arn:aws:secretsmanager:ap-southeast-2:123456789:secret:abc” Version Stage “AWSCURRENT”: InvalidParameterException: The parameter RemoveFromVersionId can’t be empty. Staging label AWSCURRENT is currently attached to version ccc73b1e-7888-4582-929b-04a10ddede58, so you must explicitly reference that version in RemoveFromVersionId.
│
│ with module.opensearch.aws_secretsmanager_secret_version.users[“admin”],
│ on modules\opensearch\secrets.tf line 40, in resource “aws_secretsmanager_secret_version” “users”:
│ 40: resource “aws_secretsmanager_secret_version” “users” {

Code in Terraform

resource “aws_secretsmanager_secret_version” “users” {
for_each = local.os_user_role_map
secret_id = aws_secretsmanager_secret.users[each.key].id
secret_string = jsonencode({
User = each.key,
Password = random_password.users[each.key].result,
Roles = each.value
})
version_stages = [“AWSCURRENT”]
}

StephenB87 · January 5, 2024, 11:09am

Have you tried removing the secrets from the state file and then re-importing the resources in terraform?

arjunrk1616 · January 5, 2024, 11:31am

Hi Stephen ,

Thanks for the response ,

No I havent modified anything in statefile as I thought it might get corrupt.

So can you please brief me how can I delete that particular secrets for (abc) only without deleting other customer secrets

StephenB87 · January 5, 2024, 1:24pm

To remove a secret from the state file will allow that secret to exist in AWS still (it only removes the management from terraform piece). Then you can re-import them.

terraform state rm aws_secretsmanager_secret_version.abc
terraform state rm aws_secretsmanager_secret.abc

arjunrk1616 · January 8, 2024, 4:21am

Thanks Stephan !! Will try this method

Topic		Replies	Views
Confused about aws-secretsmanager-secret-version resource behaviour AWS	1	4758	March 29, 2023
Terraform apply says 0 to destroy but then plan errors with x already scheduled for deletion? AWS	1	586	October 12, 2023
RDS username version change when using secret manager AWS	4	868	June 28, 2023
How to use multiple secretsmanager secret_version in a module? AWS	2	1847	February 7, 2023
Issue creating DMS endpoint with secrets manager for sqlserver using terraform AWS	0	1522	March 20, 2022

Updated secrets_manager secrets values manually , now terraform is giving error

Related topics