### Terraform Version ```shell v1.14.0 ``` ### Terraform Configuration Files ```terraform ...terraform config... ``` ### Debug Output does not work on v1.14.0 ```terraform import -var-file input.json aws_vpc.default vpc-HIDDEN data.external.git_version: Reading... data.external.git_version: Read complete after 0s [id=-] aws_vpc.default: Importing from ID "vpc-HIDDEN"... data.aws_api_gateway_rest_api.probe: Reading... data.aws_acm_certificate.issued: Reading... module.target_account.data.aws_region.current: Reading... module.target_account.data.aws_caller_identity.current: Reading... aws_vpc.default: Import prepared! Prepared aws_vpc for import aws_vpc.default: Refreshing state... [id=vpc-HIDDEN] module.target_account.data.aws_region.current: Read complete after 0s [id=us-east-1] module.target_account.data.aws_caller_identity.current: Read complete after 0s [id=HIDDEN] data.aws_api_gateway_rest_api.probe: Read complete after 0s [id=HIDDEN] data.aws_acm_certificate.issued: Read complete after 0s [id=arn:aws:acm:us-east-1:HIDDEN:certificate/HIDDEN] module.terraform_state_account.data.aws_caller_identity.current: Reading... module.terraform_state_account.data.aws_region.current: Reading... module.terraform_state_account.data.aws_region.current: Read complete after 0s [id=us-east-1] module.terraform_state_account.data.aws_caller_identity.current: Read complete after 0s [id=HIDDEN] ╷ │ Error: Invalid for_each argument │ │ on ../modules/peer/main.tf line 23, in resource "aws_route" "ipv4_private_routes": │ 23: for_each = var.destination_cidr_block != "" ? var.private_route_table_ids : {} │ ├──────────────── │ │ var.destination_cidr_block is "10.1.0.0/16" │ │ var.private_route_table_ids is a map of string, known only after apply │ │ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource. │ │ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values. │ │ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge. ╵ ╷ │ Error: Invalid for_each argument │ │ on ../modules/private_dns_zone/main.tf line 12, in resource "aws_route53_record" "private": │ 12: for_each = { │ 13: for record in var.records : │ 14: record.name => record │ 15: } │ ├──────────────── │ │ var.records is a list of object, known only after apply │ │ The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource. │ │ When working with unknown values in for_each, it's better to define the map keys statically in your configuration and place apply-time results only in the map values. │ │ Alternatively, you could use the -target planning option to first apply only the resources that the for_each value depends on, and then apply a second time to fully converge. ╵ ``` works fine on on v1.13.5 ``` terraform import -var-file input.json aws_vpc.default vpc-HIDDEN data.external.git_version: Reading... data.external.git_version: Read complete after 0s [id=-] module.terraform_state_account.data.aws_caller_identity.current: Reading... module.terraform_state_account.data.aws_region.current: Reading... module.terraform_state_account.data.aws_region.current: Read complete after 0s [id=us-east-1] module.terraform_state_account.data.aws_caller_identity.current: Read complete after 0s [id=HIDDEN] aws_vpc.default: Importing from ID "HIDDEN"... data.aws_api_gateway_rest_api.probe: Reading... data.aws_acm_certificate.issued: Reading... aws_vpc.default: Import prepared! Prepared aws_vpc for import module.target_account.data.aws_caller_identity.current: Reading... aws_vpc.default: Refreshing state... [id=vpc-HIDDEN] module.target_account.data.aws_region.current: Reading... module.target_account.data.aws_region.current: Read complete after 0s [id=us-east-1] module.target_account.data.aws_caller_identity.current: Read complete after 0s [id=HIDDEN] data.aws_api_gateway_rest_api.probe: Read complete after 0s [id=HIDDEN] data.aws_acm_certificate.issued: Read complete after 1s [id=arn:aws:acm:us-east-1:HIDDEN:certificate/HIDDEN] Import successful! The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform. ``` ### Expected Behavior As seem in the above v1.13.5 the resource should have successfully been imported ### Actual Behavior It fails given an error which is not helpful as we need these resources to be dynamic. ### Steps to Reproduce terraform import aws_vpc.default vpc-123 ### Additional Context terraform apply works fine in both versions. I believe the issue is when you are importing and tfstate is not fully flushed out. ### References _No response_ ### Generative AI / LLM assisted development? _No response_