Pin AWS provider to v6.31.0 — ASG capacity check bug in v6.32.0

[Smana]

Problem

After upgrading to AWS provider v6.32.0, all Auto Scaling Group creations fail with:

Error: waiting for Auto Scaling Group (name) capacity satisfied: couldn't find resource (21 retries)

This affects both the Tailscale subnet router (network stack) and OpenBao (openbao/cluster stack).

Root Cause

Bug introduced in AWS provider v6.32.0 (hashicorp/terraform-provider-aws#46437).

The autoscaling service was migrated from helper/retry to an internal retry package for go-vcr support. The old code checked if res == nil to detect "not found", while the new code uses reflect.Value.IsZero(). The statusGroupCapacity function returns struct{}{} which is NOT nil but IS the zero value for an empty struct. Consequently, every poll was incorrectly treated as "not found", hitting the 20-retry hard limit.

Fix: hashicorp/terraform-provider-aws#46452 (merged Feb 12, 2026). Will ship in v6.33.0.

Workaround

Pin AWS provider to < 6.32.0 in all stacks until v6.33.0 is released:

aws = {
  source  = "hashicorp/aws"
  version = "~> 6.0, < 6.32.0"
}

Or untaint any affected ASGs:

tofu untaint 'module.tailscale_subnet_router.aws_autoscaling_group.this'
tofu untaint 'module.openbao_asg.aws_autoscaling_group.idc[0]'

Action Items

• Pin AWS provider to < 6.32.0 or wait for v6.33.0
• Upgrade to v6.33.0 once released and verify fix