[Bug]: Importing versioned SSM parameters broken since v5.50.0

[flostadler]

Terraform Core Version

1.5.7

AWS Provider Version

5.50.0

Affected Resource(s)

aws_ssm_parameter

Expected Behavior

Importing a versioned SSM parameter worked until provider version v5.50.0 but is broken now.
Running:
terraform import aws_ssm_parameter.my_param jwt-signing-secret-key:1 successfully imported the parameter, but executing it on v5.50.0 fails.

Here's the output from v5.49.0:

terraform import aws_ssm_parameter.my_param jwt-signing-secret-key:1
aws_ssm_parameter.my_param: Importing from ID "jwt-signing-secret-key:1"...
aws_ssm_parameter.my_param: Import prepared!
  Prepared aws_ssm_parameter for import
aws_ssm_parameter.my_param: Refreshing state... [id=jwt-signing-secret-key:1]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Actual Behavior

Importing a versioned parameter fails. Output from v5.50.0:

AWS_PROFILE=pulumi-dev-sandbox terraform import aws_ssm_parameter.my_param jwt-signing-secret-key:1
aws_ssm_parameter.my_param: Importing from ID "jwt-signing-secret-key:1"...
aws_ssm_parameter.my_param: Import prepared!
  Prepared aws_ssm_parameter for import
aws_ssm_parameter.my_param: Refreshing state... [id=jwt-signing-secret-key:1]
╷
│ Error: Cannot import non-existent remote object
│
│ While attempting to import an existing object to "aws_ssm_parameter.my_param", the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is
│ correct and that it is associated with the provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

provider "aws" {
region = "us-west-2"
}

terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.51.1"
}
}
}

resource "aws_ssm_parameter" "my_param" {
name = "my-test-param"
type = "SecureString"
value = "bar"
}

Steps to Reproduce

• terraform apply
• terraform state rm aws_ssm_parameter.my_param
• terraform import aws_ssm_parameter.my_param my-test-param:1

Debug Output

2024-06-03T17:43:23.808+0200 [INFO]  Terraform version: 1.5.7
2024-06-03T17:43:23.808+0200 [DEBUG] using github.com/hashicorp/go-tfe v1.26.0
2024-06-03T17:43:23.808+0200 [DEBUG] using github.com/hashicorp/hcl/v2 v2.16.2
2024-06-03T17:43:23.808+0200 [DEBUG] using github.com/hashicorp/terraform-svchost v0.1.0
2024-06-03T17:43:23.808+0200 [DEBUG] using github.com/zclconf/go-cty v1.12.2
2024-06-03T17:43:23.808+0200 [INFO]  Go runtime version: go1.21.1
2024-06-03T17:43:23.808+0200 [INFO]  CLI args: []string{"terraform", "import", "aws_ssm_parameter.my_param", "my-test-param:1"}
2024-06-03T17:43:23.808+0200 [DEBUG] Attempting to open CLI config file: /Users/flo/.terraformrc
2024-06-03T17:43:23.808+0200 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2024-06-03T17:43:23.809+0200 [DEBUG] ignoring non-existing provider search directory terraform.d/plugins
2024-06-03T17:43:23.809+0200 [DEBUG] ignoring non-existing provider search directory /Users/flo/.terraform.d/plugins
2024-06-03T17:43:23.809+0200 [DEBUG] ignoring non-existing provider search directory /Users/flo/Library/Application Support/io.terraform/plugins
2024-06-03T17:43:23.809+0200 [DEBUG] ignoring non-existing provider search directory /Library/Application Support/io.terraform/plugins
2024-06-03T17:43:23.810+0200 [INFO]  CLI command args: []string{"import", "aws_ssm_parameter.my_param", "my-test-param:1"}
2024-06-03T17:43:23.812+0200 [DEBUG] New state was assigned lineage "1dbc97f6-9f7e-3cd3-4c1a-90b1e3d9f6f8"
2024-06-03T17:43:24.079+0200 [DEBUG] checking for provisioner in "."
2024-06-03T17:43:24.087+0200 [DEBUG] checking for provisioner in "/opt/homebrew/bin"
2024-06-03T17:43:24.091+0200 [DEBUG] Building and walking import graph
2024-06-03T17:43:24.092+0200 [DEBUG] ProviderTransformer: "aws_ssm_parameter.my_param (expand)" (*terraform.nodeExpandPlannableResource) needs provider["registry.terraform.io/hashicorp/aws"]
2024-06-03T17:43:24.092+0200 [DEBUG] created provider logger: level=debug
2024-06-03T17:43:24.092+0200 [INFO]  provider: configuring client automatic mTLS
2024-06-03T17:43:24.097+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 args=[.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5]
2024-06-03T17:43:24.109+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 pid=20426
2024-06-03T17:43:24.110+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5
2024-06-03T17:43:24.233+0200 [INFO]  provider.terraform-provider-aws_v5.51.1_x5: configuring server automatic mTLS: timestamp=2024-06-03T17:43:24.231+0200
2024-06-03T17:43:24.238+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: plugin address: address=/var/folders/qb/q9rbqmxn1jqdfps720v2s9h80000gn/T/plugin1057020677 network=unix timestamp=2024-06-03T17:43:24.238+0200
2024-06-03T17:43:24.238+0200 [DEBUG] provider: using plugin: version=5
2024-06-03T17:43:24.546+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-06-03T17:43:24.549+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 pid=20426
2024-06-03T17:43:24.549+0200 [DEBUG] provider: plugin exited
2024-06-03T17:43:24.549+0200 [DEBUG] ReferenceTransformer: "provider[\"registry.terraform.io/hashicorp/aws\"]" references: []
2024-06-03T17:43:24.549+0200 [DEBUG] ReferenceTransformer: "aws_ssm_parameter.my_param (expand)" references: []
2024-06-03T17:43:24.549+0200 [DEBUG] Starting graph walk: walkImport
2024-06-03T17:43:24.551+0200 [DEBUG] created provider logger: level=debug
2024-06-03T17:43:24.551+0200 [INFO]  provider: configuring client automatic mTLS
2024-06-03T17:43:24.554+0200 [DEBUG] provider: starting plugin: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 args=[.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5]
2024-06-03T17:43:24.562+0200 [DEBUG] provider: plugin started: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 pid=20427
2024-06-03T17:43:24.562+0200 [DEBUG] provider: waiting for RPC address: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5
2024-06-03T17:43:24.626+0200 [INFO]  provider.terraform-provider-aws_v5.51.1_x5: configuring server automatic mTLS: timestamp=2024-06-03T17:43:24.626+0200
2024-06-03T17:43:24.630+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: plugin address: address=/var/folders/qb/q9rbqmxn1jqdfps720v2s9h80000gn/T/plugin2470527151 network=unix timestamp=2024-06-03T17:43:24.630+0200
2024-06-03T17:43:24.630+0200 [DEBUG] provider: using plugin: version=5
2024-06-03T17:43:24.957+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Configuring Terraform AWS Provider: tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:147 @module=aws timestamp=2024-06-03T17:43:24.957+0200
2024-06-03T17:43:24.958+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Resolving credentials provider: @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 tf_mux_provider=*schema.GRPCProviderServer @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider timestamp=2024-06-03T17:43:24.958+0200
2024-06-03T17:43:24.958+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Using profile: tf_req_id=e3731db9-2d19-1417-0026-7119a926051c @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider @module=aws.aws-base tf_aws.profile=pulumi-dev-sandbox tf_aws.profile.source=envvar tf_mux_provider=*schema.GRPCProviderServer timestamp=2024-06-03T17:43:24.958+0200
2024-06-03T17:43:24.958+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Loading configuration: @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ConfigureProvider timestamp=2024-06-03T17:43:24.958+0200
2024-06-03T17:43:24.958+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Retrieving credentials: tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 @module=aws.aws-base tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c timestamp=2024-06-03T17:43:24.958+0200
2024-06-03T17:43:24.959+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Request Sent: tf_req_id=e3731db9-2d19-1417-0026-7119a926051c http.url=https://portal.sso.us-west-2.amazonaws.com/federation/credentials?account_id=616138583583&role_name=AdministratorAccess http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.5.7 (+https://www.terraform.io) terraform-provider-aws/5.51.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.27.0 os/macos lang/go#1.22.2 md/GOOS#darwin md/GOARCH#arm64 api/sso#1.20.8" tf_aws.sdk=aws-sdk-go-v2 tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws.aws-base http.request.body= tf_aws.signing_region= net.peer.name=portal.sso.us-west-2.amazonaws.com rpc.system=aws-api tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ConfigureProvider aws.region=us-west-2 http.method=GET http.request.header.amz_sdk_invocation_id=696fef8a-64c2-4e60-baa0-869e433c526e rpc.method=GetRoleCredentials rpc.service=SSO @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 http.request.header.amz_sdk_request="attempt=1; max=3" http.request.header.x_amz_sso_bearer_token=aoaAAAAAGZeQBYq2rg0zpfwuO41Qx91KmAEa8IU2KPwbgEbdQD7G8qXGWZVMh0Be6Bzl87SuOuAd2nAPz6ZG0d0B4Bkd1:MGQCMC1n8IHub6AR0W3h/hipsBIL3SV+68zroHiYN9oh68FUm4UVpdRIMA24k70RkDljngIwN0wVDOp4vzpJNX1ZB1hIQLjuZuAidiz9m45GvNapyrEQWJqfo/t0m7KuOAcxew/p timestamp=2024-06-03T17:43:24.959+0200
2024-06-03T17:43:25.754+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Response Received: tf_aws.signing_region= aws.region=us-west-2 tf_aws.sdk=aws-sdk-go-v2 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c http.response.header.content_type=application/json http.response_content_length=1060 http.response.header.cache_control=no-cache http.response.header.requestid=e7bf16d4-9caa-4823-8e18-37f1865540b3 http.response.header.access_control_expose_headers=[RequestId, x-amzn-RequestId] http.response.header.date="Mon, 03 Jun 2024 15:43:25 GMT" rpc.service=SSO rpc.system=aws-api http.response.header.server="AWS SSO" tf_rpc=ConfigureProvider @module=aws.aws-base http.response.body="{"roleCredentials":{"accessKeyId":"ASIA************C6H3","secretAccessKey":"Uu1b********************************2NOU","sessionToken":"IQoJb3JpZ2luX2VjEAgaCXVzLXdlc3QtMiJGMEQCIBdzYzKJALGh9xvXbtXhS7NSuEpVD2SCFQCPhIM83k64AiBwC3nAIDK87xVjVkMXZ+Tzgy+RRaDTrINjbqujJ78eqSqMAwiR//////////8BEAIaDDYxNjEzODU4MzU4MyIMUx/uWYav5Jf8FsLoKuACPh3DppsxltyCeaLoAtTJD5dsRMAp0HtH9lpao1H22CDVwtkd1jLGwkORIzEqditsLWpwaGrfHrm6BST/jn5QykB3RAVYIT+aV7e42tvTuHlGyQbHp28HvNHYTYTDgQbA3m654ZSqscuL/nlb9MrP5DWj1D7m1sUqzUrMhuvhaScBJEBNDg99F7mNJB0Nyqt6A2VhJn1P7kh48atKxzrcNOutz00V/rHauHVHrqIXqw+dRmnA5HjuXuBuLJq+wQZRmx189Kbz/euZ2dto+TbPGhA6PCY6d5dgcfRMUrvW4W/wTVe3FPze+8YQoamyfmgpvAZ1ZcTRQtZRavECTUyAsqQ6d2ew3w85HY5+CEyuPz0EhoU14/pTs5lz0URQeud5Dh/lXagZ55NagqF3p2j81qa4nTnGgR/ZbrFChTzupmBvkkaQ7IdhuPeRD3oxTlE0rVO7SAQailenr23ySWMH2DCdyfeyBjqnAb0CukoGbGqjKc/dk3KsPIYZJA8Jejw3AgHloNQ7A6bQ05Fx/QqTAJ6r6u5sxTcWxj4TLDP2LCmbU7QjOuFDlbQkYz5RCC94ZwB6PeAw27srXGx0fORKyraZhv9p4jCtRJI54ADED4Tp0W/npyPjT08T6PfFqxGF3bbHpFZ983cptsxN5p+udggpW8er0Ri4o0CaFFsFZbeeytzoCOxfZdXFJV9m6BLm","expiration":1717458204000}}
" http.status_code=200 @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 http.duration=793 http.response.header.x_amzn_requestid=e7bf16d4-9caa-4823-8e18-37f1865540b3 rpc.method=GetRoleCredentials tf_mux_provider=*schema.GRPCProviderServer timestamp=2024-06-03T17:43:25.753+0200
2024-06-03T17:43:25.754+0200 [INFO]  provider.terraform-provider-aws_v5.51.1_x5: Retrieved credentials: tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider @module=aws.aws-base tf_req_id=e3731db9-2d19-1417-0026-7119a926051c @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:39 tf_aws.credentials_source=SSOProvider timestamp=2024-06-03T17:43:25.754+0200
2024-06-03T17:43:25.754+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Loading configuration: @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 @module=aws.aws-base tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider timestamp=2024-06-03T17:43:25.754+0200
2024-06-03T17:43:25.754+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Creating AWS SDK v1 session: @module=aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:171 tf_mux_provider=*schema.GRPCProviderServer timestamp=2024-06-03T17:43:25.754+0200
2024-06-03T17:43:25.754+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Retrieving AWS account details: tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider @module=aws tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/terraform-provider-aws/internal/conns/config.go:186 tf_mux_provider=*schema.GRPCProviderServer timestamp=2024-06-03T17:43:25.754+0200
2024-06-03T17:43:25.755+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: Retrieving caller identity from STS: @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 @module=aws.aws-base tf_rpc=ConfigureProvider tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c timestamp=2024-06-03T17:43:25.755+0200
2024-06-03T17:43:25.755+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Request Sent: http.request.header.x_amz_security_token=***** net.peer.name=sts.us-west-2.amazonaws.com rpc.system=aws-api tf_aws.signing_region= tf_req_id=e3731db9-2d19-1417-0026-7119a926051c @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************C6H3/20240603/us-west-2/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request.header.content_type=application/x-www-form-urlencoded http.request_content_length=43 http.url=https://sts.us-west-2.amazonaws.com/ @module=aws.aws-base http.method=POST http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.5.7 (+https://www.terraform.io) terraform-provider-aws/5.51.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.27.0 os/macos lang/go#1.22.2 md/GOOS#darwin md/GOARCH#arm64 api/sts#1.28.9" tf_aws.sdk=aws-sdk-go-v2 http.request.header.x_amz_date=20240603T154325Z http.request.header.amz_sdk_request="attempt=1; max=25" rpc.method=GetCallerIdentity tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ConfigureProvider aws.region=us-west-2 http.request.body="Action=GetCallerIdentity&Version=2011-06-15
" http.request.header.amz_sdk_invocation_id=5809c73a-21ab-4c4c-aeec-cc2046bf301a rpc.service=STS tf_mux_provider=*schema.GRPCProviderServer timestamp=2024-06-03T17:43:25.755+0200
2024-06-03T17:43:26.541+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Response Received: http.response_content_length=494 rpc.method=GetCallerIdentity http.response.body="<GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
  <GetCallerIdentityResult>
    <Arn>arn:aws:sts::616138583583:assumed-role/AWSReservedSSO_AdministratorAccess_224e23fb315b65cb/[email protected]</Arn>
    <UserId>AROA*************UXEV:[email protected]</UserId>
    <Account>616138583583</Account>
  </GetCallerIdentityResult>
  <ResponseMetadata>
    <RequestId>ca921e96-e098-4c02-8a40-e3ce4e929fd5</RequestId>
  </ResponseMetadata>
</GetCallerIdentityResponse>
" http.response.header.date="Mon, 03 Jun 2024 15:43:26 GMT" http.response.header.x_amzn_requestid=ca921e96-e098-4c02-8a40-e3ce4e929fd5 rpc.service=STS tf_aws.sdk=aws-sdk-go-v2 tf_rpc=ConfigureProvider @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:47 aws.region=us-west-2 http.duration=784 http.status_code=200 rpc.system=aws-api tf_aws.signing_region= tf_mux_provider=*schema.GRPCProviderServer @module=aws.aws-base tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=e3731db9-2d19-1417-0026-7119a926051c http.response.header.content_type=text/xml timestamp=2024-06-03T17:43:26.540+0200
2024-06-03T17:43:26.541+0200 [INFO]  provider.terraform-provider-aws_v5.51.1_x5: Retrieved caller identity from STS: tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:39 @module=aws.aws-base tf_req_id=e3731db9-2d19-1417-0026-7119a926051c tf_rpc=ConfigureProvider timestamp=2024-06-03T17:43:26.541+0200
2024-06-03T17:43:26.545+0200 [DEBUG] ReferenceTransformer: "aws_ssm_parameter.my_param (import id \"my-test-param:1\")" references: []
2024-06-03T17:43:26.552+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: [DEBUG] Waiting for state to become: [success]
2024-06-03T17:43:26.553+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Request Sent: http.request.header.amz_sdk_invocation_id=3af893d5-724f-473c-8218-a761ae998f16 http.request.header.amz_sdk_request="attempt=1; max=25" http.url=https://ssm.us-west-2.amazonaws.com/ rpc.service=SSM http.request.header.x_amz_date=20240603T154326Z tf_aws.sdk=aws-sdk-go-v2 @module=aws aws.region=us-west-2 http.method=POST http.request.header.content_type=application/x-amz-json-1.1 tf_req_id=16ecfcf5-507f-8ffe-8b07-5cfb886ce845 tf_rpc=ReadResource @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:45 net.peer.name=ssm.us-west-2.amazonaws.com http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************C6H3/20240603/us-west-2/ssm/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=*****" http.request_content_length=48 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_ssm_parameter http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.5.7 (+https://www.terraform.io) terraform-provider-aws/5.51.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.27.0 os/macos lang/go#1.22.2 md/GOOS#darwin md/GOARCH#arm64 api/ssm#1.50.3" rpc.method=GetParameter rpc.system=aws-api tf_aws.signing_region= http.request.header.x_amz_target=AmazonSSM.GetParameter http.request.header.x_amz_security_token=***** tf_mux_provider=*schema.GRPCProviderServer http.request.body="{"Name":"my-test-param:1","WithDecryption":true}
" timestamp=2024-06-03T17:43:26.553+0200
2024-06-03T17:43:27.351+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Response Received: @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:45 http.response.body="{"Parameter":{"ARN":"arn:aws:ssm:us-west-2:616138583583:parameter/my-test-param","DataType":"text","LastModifiedDate":1.717429246957E9,"Name":"my-test-param","Selector":":1","Type":"SecureString","Value":"bar","Version":1}}
" http.response.header.server=Server rpc.service=SSM rpc.system=aws-api tf_aws.signing_region= tf_resource_type=aws_ssm_parameter http.response.header.connection=keep-alive http.response.header.date="Mon, 03 Jun 2024 15:43:27 GMT" http.status_code=200 tf_aws.sdk=aws-sdk-go-v2 tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws @module=aws http.duration=797 aws.region=us-west-2 http.response.header.content_type=application/x-amz-json-1.1 http.response.header.x_amzn_requestid=6ba1603e-17ed-47ea-9ce5-e3f27106ad4a rpc.method=GetParameter tf_req_id=16ecfcf5-507f-8ffe-8b07-5cfb886ce845 tf_rpc=ReadResource timestamp=2024-06-03T17:43:27.351+0200
2024-06-03T17:43:27.353+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Request Sent: http.request.header.content_type=application/x-amz-json-1.1 http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.5.7 (+https://www.terraform.io) terraform-provider-aws/5.51.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go-v2/1.27.0 os/macos lang/go#1.22.2 md/GOOS#darwin md/GOARCH#arm64 api/ssm#1.50.3" http.request.header.x_amz_target=AmazonSSM.DescribeParameters @module=aws aws.region=us-west-2 tf_aws.signing_region= tf_resource_type=aws_ssm_parameter http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************C6H3/20240603/us-west-2/ssm/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date;x-amz-security-token;x-amz-target, Signature=*****" http.request.header.x_amz_date=20240603T154327Z http.url=https://ssm.us-west-2.amazonaws.com/ tf_aws.sdk=aws-sdk-go-v2 tf_rpc=ReadResource http.request.body="{"ParameterFilters":[{"Key":"Name","Option":"Equals","Values":["my-test-param:1"]}]}
" http.request.header.x_amz_security_token=***** tf_req_id=16ecfcf5-507f-8ffe-8b07-5cfb886ce845 tf_mux_provider=*schema.GRPCProviderServer http.request.header.amz_sdk_invocation_id=31687db4-ec1d-4588-b851-35575d558a8e http.request.header.amz_sdk_request="attempt=1; max=25" net.peer.name=ssm.us-west-2.amazonaws.com rpc.service=SSM rpc.system=aws-api http.method=POST rpc.method=DescribeParameters tf_provider_addr=registry.terraform.io/hashicorp/aws @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:45 http.request_content_length=84 timestamp=2024-06-03T17:43:27.353+0200
2024-06-03T17:43:27.554+0200 [DEBUG] provider.terraform-provider-aws_v5.51.1_x5: HTTP Response Received: tf_resource_type=aws_ssm_parameter http.response.header.connection=keep-alive http.response.header.server=Server http.status_code=200 tf_aws.signing_region= tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=16ecfcf5-507f-8ffe-8b07-5cfb886ce845 rpc.system=aws-api tf_mux_provider=*schema.GRPCProviderServer http.duration=200 http.response.header.content_type=application/x-amz-json-1.1 http.response.header.date="Mon, 03 Jun 2024 15:43:27 GMT" tf_rpc=ReadResource @caller=github.com/hashicorp/aws-sdk-go-base/[email protected]/logging/tf_logger.go:45 aws.region=us-west-2 http.response.body="{"Parameters":[]}
" rpc.method=DescribeParameters @module=aws http.response.header.x_amzn_requestid=bdcbb980-dfd2-4c72-abe3-ab6fe58b3ba1 rpc.service=SSM tf_aws.sdk=aws-sdk-go-v2 timestamp=2024-06-03T17:43:27.553+0200
2024-06-03T17:43:27.554+0200 [WARN]  provider.terraform-provider-aws_v5.51.1_x5: [WARN] SSM Parameter my-test-param:1 not found, removing from state
2024-06-03T17:43:27.557+0200 [WARN]  Provider "registry.terraform.io/hashicorp/aws" produced an unexpected new value for aws_ssm_parameter.my_param during refresh.
      - Root resource was present, but now absent
2024-06-03T17:43:27.558+0200 [ERROR] vertex "import aws_ssm_parameter.my_param result" error: Cannot import non-existent remote object
2024-06-03T17:43:27.558+0200 [ERROR] vertex "aws_ssm_parameter.my_param (import id \"my-test-param:1\")" error: Cannot import non-existent remote object
2024-06-03T17:43:27.558+0200 [ERROR] vertex "aws_ssm_parameter.my_param (expand)" error: Cannot import non-existent remote object
2024-06-03T17:43:27.574+0200 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2024-06-03T17:43:27.574+0200 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/5.51.1/darwin_arm64/terraform-provider-aws_v5.51.1_x5 pid=20427
2024-06-03T17:43:27.574+0200 [DEBUG] provider: plugin exited

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

Yes

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[stefanfreitag]

I was comparing log files on TRACE level for the provider versions 5.49.0 and 5.52.0 (the issue exists in provider versions >= 5.50.0).

There was one difference in the requests send to AWS:

• in v5.49.0 the array of ParameterFilters looks like

  {"ParameterFilters":[{"Key":"Name","Option":"Equals","Values":["<name of the SSM parameter>"]}]}

• in v5.50.0 the array changes to

   {"ParameterFilters":[{"Key":"Name","Option":"Equals","Values":["<name of the SSM parameter>:<version>"]}]}

  So the version of the parameter is appended to the name of the parameter. In the original description of the issue this can be found as http.request.body="{"ParameterFilters":[{"Key":"Name","Option":"Equals","Values":["my-test-param:1"]}]}

I did try out the impact of that difference using AWS CLI:

• Returns parameter details as expected

  aws ssm describe-parameters --parameter-filters "Key=Name, Option=Equals,Values=<name of the SSM parameter>"

• Returns empty array

  aws ssm describe-parameters --parameter-filters "Key=Name, Option=Equals,Values=<name of the SSM parameter>:<version>"

Maybe this helps to find the cause of the issue.

[ewbankkit]

I can reproduce this with an enhanced acceptance test:

% make testacc TESTARGS='-run=TestAccSSMParameter_updateValue' PKG=ssm
make: Verifying source code with gofmt...
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go1.22.2 test ./internal/service/ssm/... -v -count 1 -parallel 20  -run=TestAccSSMParameter_updateValue -timeout 360m
=== RUN   TestAccSSMParameter_updateValue
=== PAUSE TestAccSSMParameter_updateValue
=== CONT  TestAccSSMParameter_updateValue
    parameter_test.go:98: Step 5/5 error running import: exit status 1
        
        Error: Cannot import non-existent remote object
        
        While attempting to import an existing object to "aws_ssm_parameter.test",
        the provider detected that no object exists with the given id. Only
        pre-existing objects can be imported; check that the id is correct and that
        it is associated with the provider's configured region or endpoint, or use
        "terraform apply" to create a new remote object for this resource.
        
--- FAIL: TestAccSSMParameter_updateValue (40.39s)
FAIL
FAIL	github.com/hashicorp/terraform-provider-aws/internal/service/ssm	45.366s
FAIL
make: *** [testacc] Error 1

Relates #37481.

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.53.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.