AWS Terraform most_recent filtering on different ACM certificate statues is not supported

Question

Have recently started getting Error: most_recent filtering on different ACM certificate statues is not supported while deploying AWS terraform that previously deployed.

No changes have been made and I can't find much on this error through google.

Code producing the error:

data "aws_acm_certificate" "primary" {
  domain      = local.primary_ssl_cert_domain
  types       = ["AMAZON_ISSUED"]
  most_recent = true
}

By "Have recently started" you mean that it worked before, or you added `most_recent = true` now to your code? — Marcin, Jul 13 '22 at 01:37
It's always been there. Was working yesterday, not working today. Wondering if it's a bug in AWS? — Moffen, Jul 13 '22 at 01:53

score 2 · Answer 1 · answered Jul 13 '22 at 11:02

The error message derives from this line in the provider code. The recently executed code checks the certificate details of the discovered filtered certificates at that point, and then compares among them for the "most recent". Not also that the error message is a typo and actually should say:

Error: most_recent filtering on different ACM certificate statuses is not supported

This is easier to understand. The ACM certificate documentation displays the information about the statuses. The problem you have is that your filters matched multiple certificates, and AWS is unable to further filter by "most recent" because the discovered certificates have different statuses. It would make sense that this would "suddenly stop working" because you could easily have one or more certificates that changed status in a day.

You would need to either modify your discovered certificates to have the same status, or modify your filters to only discover certificates with the same status prior to the "most recent" filtering.

AWS Terraform most_recent filtering on different ACM certificate statues is not supported

1 Answers1