DevOps
Fix Terraform Error: CloudWatch Log Group Already Exists
Fix terraform CloudWatch Log Group ResourceAlreadyExistsException. Import orphaned log groups, prevent Lambda auto-creation
3 min read
DevOps
Fix Terraform Error - Data Source Not Found
Fix Terraform data source not found errors for AMIs, VPCs, subnets, and security groups. Debug filters, check regions, and handle missing resources.
LLuca Berton2 min read
Quick Answer
#Your data source query matched zero resources. Verify the resource exists in the correct region/account, check filter values for typos and case sensitivity, and use most_recent = true for AMI lookups.
The Error
#Error: no matching EC2 AMI foundError: no matching VPC foundError: Your query returned no results. Please change your search
criteria and try again.What Causes This Error
#1. Wrong Region
#AMIs, VPCs, subnets, and most AWS resources are region-specific. Querying eu-west-1 for an AMI in us-east-1 returns nothing.
2. Case-Sensitive Filter Values
#AWS tag names and values are case-sensitive. "Environment" ≠ "environment".
3. Overly Restrictive Filters
#Multiple filters combine with AND logic — each additional filter narrows results further.
4. Resource Deleted or Not Yet Created
#The resource was removed, or you're querying something that another Terraform run creates.
5. Missing owners for AMI Lookups
#Without owners, the search includes community AMIs. With the wrong owner, it returns nothing.
How to Fix It
#Solution 1: Verify with AWS CLI
## Check if the AMI exists
aws ec2 describe-images --owners 099720109477 \
--filters "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-jammy*" \
--query 'Images | sort_by(@, &CreationDate) | [-1].[ImageId,Name]' \
--region us-east-1
# Check VPCs
aws ec2 describe-vpcs --filters "Name=tag:Name,Values=*prod*" \
--query 'Vpcs[].{ID:VpcId,Name:Tags[?Key==`Name`].Value|[0]}' --output table
# Check subnets
aws ec2 describe-subnets --filters "Name=vpc-id,Values=vpc-123" \
--query 'Subnets[].{ID:SubnetId,AZ:AvailabilityZone,CIDR:CidrBlock}' --output tableSolution 2: Use Wildcards and most_recent
#data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}Solution 3: Debug by Removing Filters
#Start with no filters and add them back one at a time:
# Step 1: Does anything exist?
data "aws_vpcs" "all" {}
output "debug_all_vpcs" { value = data.aws_vpcs.all.ids }
# Step 2: Add first filter
data "aws_vpc" "main" {
filter {
name = "tag:Name"
values = ["production-vpc"]
}
}Solution 4: Fix Region Mismatch
## Explicit provider with correct region
provider "aws" {
region = "us-east-1" # AMIs are region-specific
}
# Or use provider alias for multi-region
provider "aws" {
alias = "us_east"
region = "us-east-1"
}
data "aws_ami" "ubuntu" {
provider = aws.us_east
most_recent = true
owners = ["099720109477"]
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy*"]
}
}Solution 5: Handle Missing Resources Gracefully
## Make the data source optional with count
data "aws_vpc" "existing" {
count = var.vpc_name != "" ? 1 : 0
filter {
name = "tag:Name"
values = [var.vpc_name]
}
}
locals {
vpc_id = var.vpc_name != "" ? data.aws_vpc.existing[0].id : aws_vpc.new.id
}Common AMI Owner IDs
#| OS | Owner ID | Name Pattern |
|---|---|---|
| Ubuntu 22.04 | 099720109477 | ubuntu/images/hvm-ssd/ubuntu-jammy* |
| Amazon Linux 2023 | amazon | al2023-ami-*-x86_64 |
| RHEL 9 | 309956199498 | RHEL-9* |
| Debian 12 | 136693071363 | debian-12-amd64-* |
| Windows 2022 | amazon | Windows_Server-2022-English-Full-Base-* |
Troubleshooting Checklist
#- ✅ Does the resource exist? Verify with AWS CLI
- ✅ Are you in the correct region?
- ✅ Are filter values case-correct?
- ✅ For AMIs: is
ownersset? Ismost_recent = trueset? - ✅ Does removing filters return results?
- ✅ Are you in the correct AWS account?
Prevention Tips
#- Always use
most_recent = truefor AMI data sources - Always set
owners— scopes the search and prevents matching community AMIs - Verify filters with CLI first before using in Terraform
- Add output blocks during development to inspect data source results
- Pin to specific AMI IDs in production for reproducibility
Related Articles
#- Terraform Troubleshooting - Common Errors and Solutions
- How to Use Terraform Data Sources
- Terraform Glossary
Conclusion
#Data source "not found" errors mean your query returned zero results. Check the region, verify filter values with the CLI, fix case sensitivity, and add most_recent = true for AMI lookups. Debug by removing filters one at a time to find which one is too restrictive.
#Terraform#Troubleshooting#DevOps#Error Fix#Infrastructure as Code
Related articles
DevOps
Fix Terraform Error: Cannot Import Into Existing State
Fix terraform import errors when a resource already exists in state. Covers state rm, state show, reimport workflow, import blocks
3 min read
DevOps
Fix Terraform Error: Too Many Command Line Arguments
Fix terraform too many command line arguments errors. Correct -var syntax, quote values with spaces, and learn proper Terraform CLI argument format for plan
3 min read
DevOps
Fix Terraform Error: Invalid Escape Sequence in String
Fix terraform invalid escape sequence errors. Double backslashes for Windows paths, use heredocs for regex, and learn all valid HCL escape sequences.
2 min read