aws_datasync_agent: activation timeout regression in v6.42.0 with VPC endpoint (no_redirect= parameter)

[cedvra]

Terraform and AWS Provider Version

## Terraform Version
1.x

## AWS Provider Version
- Broken: 6.42.0
- Working: 6.41.0 (and 6.27.x)

Affected Resource(s) or Data Source(s)

aws_datasync_agent

Expected Behavior

ataSync agent activates successfully when using a VPC Interface Endpoint for DataSync (com.amazonaws.<region>.datasync).

Actual Behavior

aws_datasync_agent creation fails with context deadline exceeded during the activation HTTP call to the agent on port 80, even after waiting several minutes.

Relevant Error/Panic Output

Sample Terraform Configuration

Click to expand configuration

# VPC Interface Endpoint for DataSync
resource "aws_vpc_endpoint" "datasync" {
  vpc_id              = aws_vpc.main.id
  service_name        = "com.amazonaws.eu-west-1.datasync"
  vpc_endpoint_type   = "Interface"
  subnet_ids          = [aws_subnet.private.id]
  security_group_ids  = [aws_security_group.datasync_endpoint.id]
  private_dns_enabled = true
}

# EC2 instance running the DataSync agent AMI
resource "aws_instance" "datasync_agent" {
  ami           = "ami-xxxxxxxxxxxxxxxxx" # AWS DataSync agent AMI
  instance_type = "m5.2xlarge"
  subnet_id     = aws_subnet.private.id

  vpc_security_group_ids = [aws_security_group.datasync_agent.id]

  depends_on = [aws_vpc_endpoint.datasync]
}

resource "time_sleep" "wait_for_agent" {
  create_duration = "3m"
  depends_on      = [aws_instance.datasync_agent]
}

# Activation — times out with provider 6.42.0, works with 6.41.0
resource "aws_datasync_agent" "this" {
  ip_address = aws_instance.datasync_agent.private_ip
  name       = "my-datasync-agent"

  depends_on = [time_sleep.wait_for_agent]
}

Steps to Reproduce

1. Deploy a DataSync agent (basic mode) on EC2 in a VPC
2. Configure a VPC Interface Endpoint for DataSync
3. Use provider version 6.42.0
4. Run terraform apply → activation times out

Works correctly with provider 6.41.0.

Debug Logging

Click to expand log output

GenAI / LLM Assisted Development

n/a

Important Facts and References

Root Cause (hypothesis)

Provider 6.42.0 appears to add a no_redirect= query parameter to the activation HTTP request sent to the agent. With this parameter, the agent synchronously replies with the DataSync activation key (200). Without that parameter, the agent instead returns a 302 redirect with the key in the Location header. This parameter changes the call behaviour and probably Terraform expects a '302' but receives any.

Therefore, this synchronous call adds latency that can exceed the provider's HTTP timeout, causing context deadline exceeded.

The change is not documented in the 6.42.0 CHANGELOG under aws_datasync_agent.

Workaround

Pin provider to ~> 6.41.0:

required_providers {
  aws = {
    source  = "hashicorp/aws"
    version = "~> 6.41.0"
  }
}

### Would you like to implement a fix?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.