Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Aws_fis_experiment_template allows log group arn, but log group requires experiment ID in name to create, causing circular reference #40984

Open
flyingbeefhead opened this issue Jan 17, 2025 · 1 comment
Open

[Bug]: Aws_fis_experiment_template allows log group arn, but log group requires experiment ID in name to create, causing circular reference #40984

flyingbeefhead opened this issue Jan 17, 2025 · 1 comment
Labels
bug Addresses a defect in current functionality. needs-triage Waiting for first response or review from a maintainer. service/fis Issues and PRs that pertain to the fis service. service/logs Issues and PRs that pertain to the logs service.

Comments

@flyingbeefhead
Copy link

Terraform Core Version

1.10.4

AWS Provider Version

5.83.1

Affected Resource(s)

aws_fis_experiment_template
aws_cloudwatch_log_group

Expected Behavior

creating an aws_fis_experiment_template resource allows log configuration to specify an existing cloudwatch log group arn.
creating the cloudwatch log group requires defining the name to be "/aws/fix/". Any other name fails during the apply of the aws_fis_experiment_template with an invalid log group. This is a requirement by AWS.

I cannot use the resource aws_fis_experiment_template.id in the creation of the aws_cloudwatch_log_group resource and the aws_cloudwatch_log_group.arn in the creation of the aws_fis_experiment_template. This causes a circular reference during the validate stage.

I would expect the aws_fis_experiment_template to create the log group if needed since the experiment ID is required as part of the creation log group naming.

Actual Behavior

The validate stage complains of a circular reference and fails.

Relevant Error/Panic Output Snippet



Terraform Configuration Files


resource "aws_cloudwatch_log_group" "cw_fis_fazfailure_log_group" {

name = "/aws/fis/${aws_fis_experiment_template.fis_azfailure.id}"

retention_in_days = 0

}


resource "aws_fis_experiment_template" "fis_azfailure" {

description = "${data.aws_ssm_parameter.account_name.value}-fis-azfailure-experiment-${data.aws_ssm_parameter.aws_region_abbrv.value}"

role_arn    = aws_iam_role.fis_iamr.arn


stop_condition {

source = "none"

}


action {

name        = "action-disrupt-network-connectivity"

action_id   = "aws:network:disrupt-connectivity"


target {
  key   = "Subnets"
  value = "target-disrupt-network-connectivity"
}

parameter {
  key   = "duration"
  value = "PT15M"
}

parameter {
  key   = "scope"
  value = "all"
}



}


target {

name           = "target-disrupt-network-connectivity"

resource_type  = "aws:ec2:subnet"

selection_mode = "ALL"


parameters = {
  "availabilityZoneIdentifier" = "usgw1-az1" #usgw1-az2,usgw1-az3
  "vpc"                        = data.aws_ssm_parameter.vpc_id.value
}



}


experiment_options {

account_targeting = "single-account"

empty_target_resolution_mode = "fail"

#"actionsMode" = "run-all"

}


log_configuration {


log_schema_version = 2

cloudwatch_logs_configuration {
  log_group_arn = aws_cloudwatch_log_group.cw_fis_azfailure_log_group.arn
}

s3_configuration {
  bucket_name = aws_s3_bucket.fis_s3_bucket.id
  prefix = "fis-reports" 
}



}

}


Steps to Reproduce


Try to run the above. It will fail during the validate.


Debug Output


Here is the error using the above code.


│ Error: Cycle: aws_fis_experiment_template.fis_azfailure, aws_cloudwatch_log_group.cw_fis_azfailure_log_group


This is what is returned if I use a different name for the log group that does not include the experiment ID. This happens even if the log group exists already using the name below.


aws_fis_experiment_template.fis_azfailure: Modifying... [id=EXT2F6Tk6b6sAnzU]


│ Error: updating FIS Experiment Template (EXT2F6Tk6b6sAnzU): operation error fis: UpdateExperimentTemplate, https response error StatusCode: 400, RequestID: fdc4f858-1db7-4e7b-8a00-989bb05fa20d, ValidationException: The logGroupArn "arn:aws-us-gov:logs:us-gov-west-1:111111111111:log-group:/aws/fis/fis-azfailure-experiment-gw1" in cloudWatchLogsLogConfiguration is not valid.


│   with aws_fis_experiment_template.fis_azfailure,

│   on experiments.tf line 1, in resource "aws_fis_experiment_template" "fis_azfailure":

│    1: resource "aws_fis_experiment_template" "fis_azfailure" {


Panic Output


No response


Important Factoids


No response


References


No response


Would you like to implement a fix?


None

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
            

    

      
    

    


      

          @flyingbeefhead
flyingbeefhead




          added
  the 

  bug

  Addresses a defect in current functionality.
 label


      Jan 17, 2025

    

  



    

    

      
    

    


      

          @github-actions
github-actions
bot



            added
      

  service/fis

  Issues and PRs that pertain to the fis service.

      

  service/logs

  Issues and PRs that pertain to the logs service.

  labels


      Jan 17, 2025

    

  








      

  
      



  

  @github-actions

    
      GitHub Actions
    




  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      



      

  


  

    

  





      


        


  
    

      
          
Community Note


Voting for Prioritization


    

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
    • 

  • Please see our prioritization guide for information on how we prioritize.
    • 

  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
    • 



Volunteering to Work on This Issue


    

  • If you are interested in working on this issue, please leave a comment.
    • 

  • If this would be your first contribution, please review the contribution guide.
    • 


      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            

    

      
    

    


      

          @github-actions
github-actions
bot



          added
  the 

  needs-triage

  Waiting for first response or review from a maintainer.
 label


      Jan 17, 2025

    

  












  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    bug

  Addresses a defect in current functionality.
  

    needs-triage

  Waiting for first response or review from a maintainer.
  

    service/fis

  Issues and PRs that pertain to the fis service.
  

    service/logs

  Issues and PRs that pertain to the logs service.








      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




          
    
No branches or pull requests







    
  




      

    

  
      

  

    

      1 participant
    

    

        
          @flyingbeefhead