Error: orphan resource aws_acm_certificate.default still has a non-empty state after apply; this is a bug in Terraform

[archenroot]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.16

• provider.aws v2.39.0
• provider.local v1.4.0
• provider.null v2.1.2
• provider.template v2.1.2

Affected Resource(s)

aws_acm_certificate

Terraform Configuration Files

resource "aws_acm_certificate" "default" {
provider = aws.virginia
domain_name = "some domain"
subject_alternative_names = ["*.dev.somethings", "some other fqdn"]
validation_method = "DNS"
lifecycle {
create_before_destroy = true
}

}

resource "aws_route53_record" "validation" {
zone_id = data.aws_route53_zone.public_zone.zone_id //"${aws_route53_zone.public_zone.zone_id}"
name = aws_acm_certificate.default.domain_validation_options[0].resource_record_name
type = aws_acm_certificate.default.domain_validation_options[0].resource_record_type
records = [
aws_acm_certificate.default.domain_validation_options[0].resource_record_value]
ttl = "300"

depends_on = [aws_acm_certificate.default]
}

resource "aws_acm_certificate_validation" "default" {
provider = aws.virginia
certificate_arn = aws_acm_certificate.default.arn
validation_record_fqdns = [
aws_route53_record.validation.fqdn,
]

depends_on = [aws_route53_record.validation]
}

---

Debug Output

There is no particular log message visible...

Panic Output

Expected Behavior

It happened on destroy, and expect it should work.

Actual Behavior

Steps to Reproduce

1. Apply with enabled resources, additionally I used this cert resources together with cloudfront_cdn_s3 module by cloudposse.
2. Dissable in code all certs, run apply again, and issue occured.

[jross-ai]

I had a similar issue to you and this seemed to work for me:

hashicorp/terraform#21559 (comment)

[bflad]

Hi folks 👋 Sorry you are running into this frustrating situation.

Given the error message and the related reports that point to multiple resources, this appears to be some bug in Terraform CLI/Core handling of resource states, which the maintainers of the Terraform AWS Provider are not aware of ways for influencing a workaround or potential fix. As such, we are going to close this particular issue since we cannot provide anything actionable towards resolving it ourselves.

Our best recommendations for this are attempting Terraform CLI upgrades (the latest release is 0.12.25), following the upstream issue hashicorp/terraform#21559, or creating a new hashicorp/terraform bug report issue (if that issue does not seem applicable to your environment). Thank you for your patience and understanding here and sorry we did not redirect the followers here sooner.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!