-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_workspaces_directory: Error with workspace_creation_properties #16122
Comments
Hi @fgrebot, Thank you for the feedback. I'll check this issue the next week more precisely as initial directory creation with custom SG should work without any snags. The only failing case I met before – SG and directory belong to different VPCs. Just curious, have you seen the note about Here is what I've got from AWS Support regarding custom SG and default OU update within API:
|
Hi @Tensho, I get the same error as @fgrebot and I do it in the opposite order compared to what @fgrebot said.
So, initially I destroy everything to make sure there is nothing residual left in my environment. Then I comment out the
Also, kind of related, and I know I will probably have to submit another issue for this, but I get another error when I don't specify a default OU as well. Instead of it failing on pre-validating ( because it would be hard to validate against a remote string to ensure the OU exists ) it just gives me:
I can see in the request that gets made by terraform that it is passing the value, because this is the request it make ( x's don't exactly match size of what they are replacing ): {"ResourceId":"d-xxxxxxxxx","WorkspaceCreationProperties":{"CustomSecurityGroupId":"sg-xxxxxxxxxxx","DefaultOu":"","Enab
leInternetAccess":true,"EnableMaintenanceMode":true,"UserEnabledAsLocalAdministrator":true}} More detailsThis is my resource getting created initially ( with them both commented out and it fails with the same error as @fgrebot and as you can probably see I am just pulling straight from the example in the docs): resource "aws_workspaces_directory" "example" {
directory_id = data.terraform_remote_state.directory.outputs.directory_id
subnet_ids = [
data.terraform_remote_state.class_subnets.outputs.subnet_3_id,
data.terraform_remote_state.class_subnets.outputs.subnet_4_id
]
self_service_permissions {
change_compute_type = true
increase_volume_size = true
rebuild_workspace = true
restart_workspace = true
switch_running_mode = true
}
workspace_creation_properties {
# custom_security_group_id = aws_security_group.allow_workspaces_out.id
# default_ou = "OU=AWS,DC=Workgroup,DC=Example,DC=com"
enable_internet_access = true
enable_maintenance_mode = true
user_enabled_as_local_administrator = true
}
depends_on = [
aws_iam_role_policy_attachment.workspaces_default_service_access,
aws_iam_role_policy_attachment.workspaces_default_self_service_access
]
} Then I un-comment out the resource "aws_security_group" "allow_workspaces_out" {
name = "workspaces_default"
description = "Allow all traffic out from workspaces"
vpc_id = data.terraform_remote_state.class_vpc.outputs.vpc_id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "workspaces_default"
}
} but then I get the error with the Invalid parameter value thing that I mentioned above, so I un-comment the default_ou field and everything works successfully. |
@elreydetoda Thank you for the detailed explanation and steps to reproduce. The fix is on the road. |
Awesome! Thank you @Tensho ! I wish I could have helped by submitting code, but I don't know Go pretty much at all 😅 Maybe one day, but thank you so much for helping out with this fix 🙏 |
This has been released in version 3.21.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
There are 2 problems. Both are related to the parameter
custom_security_group_id
.Panic Output
n/a
Expected Behavior
In both scenarios, the AWS Workspaces Directory should have been registered with the following parameter:
According to the Official API documentation of AWS and of the AWS provider, all the parameters provided are flagged optional.
Actual Behavior
The AWS Workspaces Directory is registered but all the parameters given are not taken into account. And because of the error, terraform stops to deploy others resources.
Steps to Reproduce
aws_workspaces_directory
, first WITH then WITHOUT acustom_security_group_id
terraform apply
Important Factoids
References
The text was updated successfully, but these errors were encountered: