aws_vpc_block_public_access_options stuck in 'default-state', causing Terraform apply failures and tainted resource

[sasydharan]

Terraform and AWS Provider Version

hashicorp/aws v5.89.0

Affected Resource(s) or Data Source(s)

aws_vpc_block_public_access_options

Expected Behavior

The resource aws_vpc_block_public_access_options should transition from default-state or update-in-progress to update-complete within the timeout period, allowing terraform apply to complete successfully without marking the resource as tainted.

Actual Behavior

The resource remains in default-state and does not reach update-complete state, resulting in Terraform timing out after 2 minutes (or configured timeout), marking the resource as tainted. Subsequent terraform apply attempts require destroying and recreating the resource repeatedly.

Relevant Error/Panic Output

Error: waiting for VPC Block Public Access Options (us-east-1) create

  with aws_vpc_block_public_access_options.vpc_public_block[0],
  on main.tf line 6, in resource "aws_vpc_block_public_access_options" "vpc_public_block":
   6: resource "aws_vpc_block_public_access_options" "vpc_public_block" {

timeout while waiting for state to become 'update-complete' (last state: 'update-in-progress', timeout: 45m0s)

Sample Terraform Configuration

Click to expand configuration

resource "aws_vpc_block_public_access_options" "vpc_public_block" {
  internet_gateway_block_mode = "block-bidirectional"

  timeouts {
    create = "45m"
    delete = "45m"
    update = "45m"
  }
}

Steps to Reproduce

1. Deploy the above Terraform resource for aws_vpc_block_public_access_options.
2. Notice Terraform waits and eventually times out while waiting for state to become update-complete.
3. Resource is marked as tainted.
4. Running terraform apply again forces destroy and recreate.
5. Untainting the resource manually avoids forced recreation but does not resolve the underlying state transition issue.

Debug Logging

Click to expand log output

Error: waiting for VPC Block Public Access Options (us-east-1) create
--
 
with module.common_customization.aws_vpc_block_public_access_options.vpc_public_block[0],
on .terraform/modules/common_customization/blocks.tf line 1, in resource "aws_vpc_block_public_access_options" "vpc_public_block":
1: resource "aws_vpc_block_public_access_options" "vpc_public_block" {
 
unexpected state 'default-state', wanted target 'update-complete'. last
error: Default State

GenAI / LLM Assisted Development

No AI has been used for the development of config.

Important Facts and References

• Resource intermittently stuck in default-state during creation or update.
• The update-complete final state is never reached within timeout periods.
• Manual untainting temporarily avoids forced resource replacement.
• Possible bug or mismatch in Terraform AWS Provider's handling of this resource lifecycle states.
  Terraform Provider

Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.