[Bug]: aws_vpc_ipam_pool_cidr_allocation returns inconsistent results

[pguinard-public-com]

Terraform Core Version

1.3.7

AWS Provider Version

4.51.0

Affected Resource(s)

• resource.aws_vpc_ipam_pool_cidr_allocation

Expected Behavior

cidr, ipam_pool_allocation_id,

terraform console
Acquiring state lock. This may take a few moments...

aws_vpc_ipam_pool_cidr_allocation.resourcename
{
"cidr" = "10.17.0.0/16"
"description" = tostring(null)
"disallowed_cidrs" = toset([
"10.19.0.0/16",
])
"id" = "ipam-pool-alloc-0123456789102315646546465_ipam-pool-89328923892938"
"ipam_pool_allocation_id" = "ipam-pool-alloc-02fc22ddd2f474a39ba575cfc204b643f"
"ipam_pool_id" = "ipam-pool-01234567890123456"
"netmask_length" = 16
"resource_id" = ""
"resource_owner" = "RUNNING_ACCOUNT_NUMBER"
"resource_type" = "custom"
}
exit

Actual Behavior

Actual behavior (sometimes):

aws_vpc_ipam_pool_cidr_allocation.resourcename
{
"cidr" = tostring(null)
"description" = tostring(null)
"disallowed_cidrs" = toset([
"10.19.0.0/16",
])
"id" = "ipam-pool-alloc-0123456789102315646546465_ipam-pool-1231463545646546546"
"ipam_pool_allocation_id" = tostring(null)
"ipam_pool_id" = "ipam-pool-01234567890123456"
"netmask_length" = 16
"resource_id" = tostring(null)
"resource_owner" = tostring(null)
"resource_type" = tostring(null)
}
exit

Relevant Error/Panic Output Snippet

│ Error: reading IPAM Pool CIDR Allocation (ipam-pool-alloc-0123456789102315646546465_ipam-pool-1231463545646546546): couldn't find resource
│
│   with aws_vpc_ipam_pool_cidr_allocation.resourcename,
│   on vpc.tf line 66, in resource "aws_vpc_ipam_pool_cidr_allocation" "resourcename":
│   66: resource "aws_vpc_ipam_pool_cidr_allocation" "resourcename" {

Terraform Configuration Files

Where the error occurs:

data "aws_vpc_ipam_pool" "transit_gateway" {
  filter {
    name   = "description"
    values = ["${var.transit_gateway_account_number} transit gateway"]
  }

  filter {
    name   = "address-family"
    values = ["ipv4"]
  }
}

resource "aws_vpc_ipam_pool_cidr_allocation" "resourcename" {
  ipam_pool_id   = data.aws_vpc_ipam_pool.transit_gateway.id
  netmask_length = 16
  disallowed_cidrs = [
    "10.0.0.0/16" # transit gateway vpc
  ]
}

Setup in a different AWS account:

resource "aws_ram_resource_share" "transit_gateway" {
  name                      = "transit_gateway-${var.environment}"
  allow_external_principals = false
}

resource "aws_ram_resource_association" "ipam_pool" {
  resource_arn       = aws_vpc_ipam_pool.transit_gateway.arn
  resource_share_arn = aws_ram_resource_share.transit_gateway.arn
}

resource "aws_vpc_ipam" "transit_gateway" {
  description = "${var.environment} transit gateway"
  operating_regions {
    region_name = data.aws_region.current.name
  }
}

resource "aws_vpc_ipam_pool" "transit_gateway" {
  description = "${var.environment} transit gateway"
  address_family = "ipv4"
  ipam_scope_id  = aws_vpc_ipam.transit_gateway.private_default_scope_id
  locale         = data.aws_region.current.name
}

resource "aws_vpc_ipam_pool_cidr" "transit_gateway" {
  ipam_pool_id = aws_vpc_ipam_pool.transit_gateway.id
  cidr         = "10.0.0.0/8"
}

Steps to Reproduce

Run terraform apply / destroy / apply / destroy / apply / destroy until the error is triggered.

Debug Output

2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: -----------------------------------------------------
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: <AllocateIpamPoolCidrResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:     <requestId>REMOVED</requestId>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:     <ipamPoolAllocation>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:         <cidr>10.17.0.0/16</cidr>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:         <ipamPoolAllocationId>ipam-pool-alloc-REMOVED</ipamPoolAllocationId>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:         <resourceOwner>REMOVED</resourceOwner>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:         <resourceType>custom</resourceType>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:     </ipamPoolAllocation>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: </AllocateIpamPoolCidrResponse>
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Request ec2/GetIpamPoolAllocations Details:
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: ---[ REQUEST POST-SIGN ]-----------------------------
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: POST / HTTP/1.1
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Host: ec2.us-east-1.amazonaws.com
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.3.7 (+https://www.terraform.io) terraform-provider-aws/4.51.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.182 (go1.19.3; darwin; amd64)
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Content-Length: 158
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Authorization: AWS4-HMAC-SHA256 Credential=REMOVED/20230123/us-east-1/ec2/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=REMOVED
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Content-Type: application/x-www-form-urlencoded; charset=utf-8
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: X-Amz-Date: 20230123T182554Z
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Accept-Encoding: gzip
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Action=GetIpamPoolAllocations&IpamPoolAllocationId=ipam-pool-alloc-REMOVED&IpamPoolId=ipam-pool-REMOVED&Version=2016-11-15
2023-01-23T11:25:54.093-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: -----------------------------------------------------
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: [DEBUG] [aws-sdk-go] DEBUG: Response ec2/GetIpamPoolAllocations Details:
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: ---[ RESPONSE ]--------------------------------------
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: HTTP/1.1 400 Bad Request
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Connection: close
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Transfer-Encoding: chunked
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Cache-Control: no-cache, no-store
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Content-Type: text/xml;charset=UTF-8
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Date: Mon, 23 Jan 2023 18:25:54 GMT
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Server: AmazonEC2
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Strict-Transport-Security: max-age=31536000; includeSubDomains
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: Vary: accept-encoding
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: X-Amzn-Requestid: REMOVED
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5:
2023-01-23T11:25:54.408-0700 [DEBUG] provider.terraform-provider-aws_v4.51.0_x5: -----------------------------------------------------

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[AdamTylerLynch]

Related #28913
Related: #29022

[justinretzolk]

Hey @pguinard-public-com 👋 Thank you for taking the time to raise this! A fix for this has just been merged, and will go out with the release later this week. Given that, I'll go ahead and close this issue. If you think I've done this in error, please do let me know.

[pguinard-public-com]

Hey @pguinard-public-com 👋 Thank you for taking the time to raise this! A fix for this has just been merged, and will go out with the release later this week. Given that, I'll go ahead and close this issue. If you think I've done this in error, please do let me know.

This is what I get for searching open issues! Thank you! 🎉

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.