ConditionalCheckFailedException cicd resource_error ai_generated true

Error: Error acquiring the state lock: ConditionalCheckFailedException: The conditional request failed

ID: cicd/terraform-state-lock-error

Also available as: JSON · Markdown · 中文
90%Fix Rate
90%Confidence
1Evidence
2023-09-20First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Terraform 1.5.0 active
AWS Provider 5.10.0 active
DynamoDB active

Root Cause

Terraform failed to acquire the state lock in DynamoDB because another process holds the lock, or the lock item has been modified by a concurrent operation.

generic

中文

Terraform 无法获取 DynamoDB 中的状态锁,因为另一个进程持有锁,或者锁项已被并发操作修改。

Official Documentation

https://developer.hashicorp.com/terraform/language/state/locking

Workarounds

  1. 95% success Identify the lock holder by checking DynamoDB table: aws dynamodb get-item --table-name <lock_table> --key '{"LockID": {"S": "<state_path>"}}'. If the lock is stale, use terraform force-unlock <lock_id> after manual verification. 
    Identify the lock holder by checking DynamoDB table: aws dynamodb get-item --table-name <lock_table> --key '{"LockID": {"S": "<state_path>"}}'. If the lock is stale, use terraform force-unlock <lock_id> after manual verification.
  2. 80% success If the lock is held by a crashed process, wait for the lock timeout (default 15 minutes) and retry, or increase the lock timeout in the backend config. 
    If the lock is held by a crashed process, wait for the lock timeout (default 15 minutes) and retry, or increase the lock timeout in the backend config.

中文步骤

  1. Identify the lock holder by checking DynamoDB table: aws dynamodb get-item --table-name <lock_table> --key '{"LockID": {"S": "<state_path>"}}'. If the lock is stale, use terraform force-unlock <lock_id> after manual verification.
  2. If the lock is held by a crashed process, wait for the lock timeout (default 15 minutes) and retry, or increase the lock timeout in the backend config.

Dead Ends

Common approaches that don't work:

  1. 30% fail

    Force-unlocking without verifying who holds the lock can corrupt state or cause data loss.

  2. 10% fail

    Deleting the DynamoDB lock table removes all locks but also breaks state locking for future operations.