I am looking for some help to be pointed in the right direction. I am working on a module to create a VPN from an existing VPC and am running into with from AWS when applying the configuration.
Error: Error creating Client VPN network association: ConcurrentMutationLimitExceeded: Cannot initiate another change for this endpoint at this time. Please try again later.
From what I gather, it looks like Terraform is spinning up the network associations in parallel and causing AWS to trip on the simultaneous requests.
This seems pretty "standard" as it is being deployed in us-east-2 across 3 AZs (us-east-2a, us-east-2b, and us-east-2c), so it feels a bit suspect that initiating these 3 calls simultaneously would be the root issue. A workaround with running with less parallelism might work be feels a bit hacky.
resource "aws_ec2_client_vpn_network_association" "main" {
for_each = data.aws_subnet_ids.private.ids
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.main.id
subnet_id = each.key
security_groups = [aws_security_group.vpn_access.id]
}
A fully spike of the module is available here: https://gist.github.com/bobbrez/0e1bcb4ef376c2b7ebfed9061a74ff19
