Level 1 23 OpenSearch Setup Using Terraform plan does not give back what is in the challenge

Hello,

im using this main.tf file

resource "aws_opensearch_domain" "xfusion-es" {
  domain_name = "xfusion-es"

  engine_version = "Elasticsearch_7.10"

  cluster_config {
    instance_type = "t3.small.search"
    instance_count = 1
    zone_awareness_enabled = false
  }

  ebs_options {
    ebs_enabled = true
    volume_size = 10
    volume_type = "gp2"
  }

  access_policies = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect    = "Allow"
        Principal = "*"
        Action    = "es:*"
        Resource  = "arn:aws:es:us-east-1:000000000000:domain/xfusion-es/*"
      }
    ]
  })

  advanced_options = {
    "rest.action.multi.allow_explicit_index" = "true"
  }

  tags = {
    Name = "xfusion-es"
    Environment = "dev"
  }
}

but I see as output of terraform plan this

Plan: 1 to add, 0 to change, 0 to destroy.

What went wrong ?

@rwobben

I’m not sure what problem you’re facing. Please provide your Terraform code and the output of terraform plan. What validation error are you seeing?

I used this terraform code :

resource "aws_opensearch_domain" "datacenter-es" {
  domain_name = "datacenter-es"

  engine_version = "Elasticsearch_7.10"

  cluster_config {
    instance_type = "t3.small.search"
    instance_count = 1
    zone_awareness_enabled = false
  }

  ebs_options {
    ebs_enabled = true
    volume_size = 10
    volume_type = "gp2"
  }

  access_policies = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect    = "Allow"
        Principal = "*"
        Action    = "es:*"
        Resource  = "arn:aws:es:us-east-1:000000000000:domain/xfusion-es/*"
      }
    ]
  })

  advanced_options = {
    "rest.action.multi.allow_explicit_index" = "true"
  }

  tags = {
    Name = "datacenter-es"
    Environment = "dev"
  }
}

and this is the outcome of terraform plan

terraform plan

Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_opensearch_domain.datacenter-es will be created
  + resource "aws_opensearch_domain" "datacenter-es" {
      + access_policies                   = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "es:*"
                      + Effect    = "Allow"
                      + Principal = "*"
                      + Resource  = "arn:aws:es:us-east-1:000000000000:domain/xfusion-es/*"
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + advanced_options                  = {
          + "rest.action.multi.allow_explicit_index" = "true"
        }
      + arn                               = (known after apply)
      + dashboard_endpoint                = (known after apply)
      + dashboard_endpoint_v2             = (known after apply)
      + domain_endpoint_v2_hosted_zone_id = (known after apply)
      + domain_id                         = (known after apply)
      + domain_name                       = "datacenter-es"
      + endpoint                          = (known after apply)
      + endpoint_v2                       = (known after apply)
      + engine_version                    = "Elasticsearch_7.10"
      + id                                = (known after apply)
      + ip_address_type                   = (known after apply)
      + kibana_endpoint                   = (known after apply)
      + tags                              = {
          + "Environment" = "dev"
          + "Name"        = "datacenter-es"
        }
      + tags_all                          = {
          + "Environment" = "dev"
          + "Name"        = "datacenter-es"
        }

      + advanced_security_options (known after apply)

      + auto_tune_options (known after apply)

      + cluster_config {
          + dedicated_master_enabled = false
          + instance_count           = 1
          + instance_type            = "t3.small.search"
          + zone_awareness_enabled   = false

          + cold_storage_options (known after apply)

          + node_options (known after apply)
        }

      + domain_endpoint_options (known after apply)

      + ebs_options {
          + ebs_enabled = true
          + iops        = (known after apply)
          + throughput  = (known after apply)
          + volume_size = 10
          + volume_type = "gp2"
        }

      + encrypt_at_rest (known after apply)

      + node_to_node_encryption (known after apply)

      + off_peak_window_options (known after apply)

      + software_update_options (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take
exactly these actions if you run "terraform apply" now.

You can try running terraform apply and then check the validation.

I can try it but the challenge is stating this :

Before submitting the task, ensure that terraform plan returns No changes. Your infrastructure matches the configuration.

And that is not what I see
That is why I asked for help

When I do a apply the check is green

Very wierd because the challenge says no changes , I have some changes and still green

The task warns that we should make sure the plan shows no changes after applying. Did you check the plan after you applied it?

no, I applied it and then I submit the solution

Compare also this solution, as well.

Both give the message that 1 thing is added but the when you submit things will be green.
So no idea why rule3 says that apply must give no changes.