awscc_fms_policy - Creating a resource with an invalid property name returns an internal AWS error.

[breathingdust]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment
• The resources and data sources in this provider are generated from the CloudFormation schema, so they can only support the actions that the underlying schema supports. For this reason submitted bugs should be limited to defects in the generation and runtime code of the provider. Customizing behavior of the resource, or noting a gap in behavior are not valid bugs and should be submitted as enhancements to AWS via the CloudFormation Open Coverage Roadmap.

Terraform CLI and Terraform AWS Cloud Control Provider Version

terraform: v1.95
terraform-provider-awscc: v1.13.0

Affected Resource(s)

• awscc_fms_policy

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "awscc_fms_policy" "nacl_policy" {

  policy_name                 = "nacl_policy"
  delete_all_policy_resources = true
  resources_clean_up          = true
  exclude_resource_tags       = false
  remediation_enabled         = false
  resource_type               = "AWS::EC2::Subnet"

  security_service_policy_data = {
    type                 = "NETWORK_ACL_COMMON"
    managed_service_data = "NETWORK_ACL_COMMON"

    policy_option = {
      network_acl_common_policy = {
        network_acl_entry_set = {
          force_remediate_for_first_entries = false,
          force_remediate_for_last_entries  = false,
          first_entries = [{
            egress           = true,
            protocol         = "6",
            rule_action      = "deny",
            cidr_block       = "10.10.0.0/16",
            ipv_6_cidr_block = "::/0",
            icmp_type_code = {
              type = 8,
              code = 0
            }
            port_range = {
              from = 0,
              to   = 65535
            }
          }],
          ## Note this attribute has a typo
          last_enteries = [{
            egress           = true,
            protocol         = "6",
            rule_action      = "deny",
            cidr_block       = "10.10.0.0/16",
            ipv_6_cidr_block = "::/0",
            icmp_type_code = {
              type = 8,
              code = 0
            }
            port_range = {
              from = 0,
              to   = 65535
            }
          }],
        }
      }
    }
  }
}

Expected Behavior

A clear message indicating an unknown property was specified which doesn't expose implementation internals.

Actual Behavior

awscc_fms_policy.nacl_policy: Creating...
╷
│ Error: AWS SDK Go Service Operation Incomplete
│
│   with awscc_fms_policy.nacl_policy,
│   on main.tf line 16, in resource "awscc_fms_policy" "nacl_policy":
│   16: resource "awscc_fms_policy" "nacl_policy" {
│
│ Waiting for Cloud Control API service CreateResource operation completion returned: waiter state transitioned to FAILED. StatusMessage: Cannot invoke "java.util.List.stream()" because
│ the return value of "software.amazon.fms.policy.NetworkAclEntrySet.getLastEntries()" is null. ErrorCode: InternalFailure

Steps to Reproduce

1. terraform apply

[quixoticmonk]

Opened a internal service ticket against the error message returned.