what is the best way to solve EntityAlreadyExists error in terraform?

10
votes

I am using terraform v0.12.6 and I run into many errors like:

Error: Error creating Security Group: InvalidGroup.Duplicate: The security group 'security-search-populate' already exists for VPC 'vpc-003e06e33a87c22f5'
    status code: 400, request id: 82acdc81-c324-4672-b9fe-531eb8283ed3

Error: Error creating IAM Role PopulateTaskRole: EntityAlreadyExists: Role with name PopulateTaskRole already exists.
    status code: 409, request id: 49aac94c-d52b-11e9-a535-c19e5ed20660

I know I can solve them by deleting these resources from aws. But I wonder whether there is any better way to solve them.

2
terraform

2 Answers

5
votes

Yes. All duplicates should be imported into terraform and each resource's import may be different.

To import security group sg-903004f8 to terraform resource aws_security_group.elb_sg using your dev profile. You'll need to find the security group id of security-search-populate security group.

AWS_PROFILE=dev terraform import aws_security_group.elb_sg sg-903004f8

To import IAM role PopulateTaskRole to terraform resource aws_iam_role.developer using your dev profile.

AWS_PROFILE=dev terraform import aws_iam_role.developer PopulateTaskRole

After these are imported, you can do a targetted terraform plan to see the differences between what's in source controlled terraform and what's upstream in AWS

AWS_PROFILE=dev terraform plan \
  -target aws_security_group.elb_sg \
  -target aws_iam_role.developer
4
votes

Change property "name" to "name_prefix" solved to me, and doesn't duplicate any roles and/or policies.