Skip to content
This repository has been archived by the owner on Jan 25, 2023. It is now read-only.

AWS Provider >=3.0.0 ASG inline load_balancers removing attached load balancers #210

Closed
andrew-womeldorf opened this issue Aug 15, 2020 · 5 comments · Fixed by #211
Closed

AWS Provider >=3.0.0 ASG inline load_balancers removing attached load balancers #210

andrew-womeldorf opened this issue Aug 15, 2020 · 5 comments · Fixed by #211
Labels
enhancement help wanted

Comments

@andrew-womeldorf
Copy link
Contributor

Since the AWS Provider's update to v3.0.0, the relationship between an aws_autoscaling_group and aws_autoscaling_attachment has become more strictly conflicted. Since the vault-cluster module does not define a load balancer, and a load balancer must be attached by an autoscaling attachment from outside the vault-cluster module, the autoscaling groups should ignore changes to the load_balancers and target_group_arns.

In my case, despite the vault-elb module defining the autoscaling attachment, the AWS provider is trying to remove the relationship in favor of the empty inline load_balancers argument. There is a similar issue in the terraform-aws-consul module.

This conflict is documented in the AWS Provider's documentation here, and there is an open issue on the AWS Provider repo.
This was referenced Aug 15, 2020
Merged
Merged
@brikis98
Copy link
Collaborator

This conflict is documented in the AWS Provider's documentation here, and there is an open issue on the AWS Provider repo.

So is this actually a bug we should wait to be fixed? And perhaps pin to AWS Provider < 3.x until it is fixed?

@andrew-womeldorf
Copy link
Contributor Author

The issue I linked is only a week old, so it may be too soon to tell if it's planned on being fixed.

My personal impression is that this is not going to be fixed soon. This was already a documented issue in 2.x. It seems that the inline load_balancers/target_group_arns weren't actively overriding the aws_autoscaling_attachment resource in 2.x like they are now.

@andrew-womeldorf
Copy link
Contributor Author

One more thought in favor of not waiting to see if this is a bug that will be fixed -

This module does not declare any target groups or load balancers for itself - those must be provided by the user with the attachment resources. Unless there are plans to add such resources into this module, I think it's a safe assumption that we will always want to favor the attachment resources, and thus ignoring the inline arguments here is a safe, long-term change.

@teraflik
Copy link

teraflik commented Sep 7, 2020
edited
Loading

This conflict is documented in the AWS Provider's documentation here, and there is an open issue on the AWS Provider repo.

So is this actually a bug we should wait to be fixed? And perhaps pin to AWS Provider < 3.x until it is fixed?

@brikis98 this is not a bug, it is an intended behaviour when using AWS Provider ~ 3.x.

As the documentation mentions everywhere, using same of the inline resource and exclusive resource "causes conflicts" or "unintended resource updates".

I can't comment why it didn't cause problems in AWS provider ~ 2.x, but with provider ~ 3.x, it's working as it should (by causing problems.)

As @andrew-womeldorf said, its a safe assumption that an ASG will either be used with a target group or a load balancer, for example in the vault-elb module.

@brikis98
Copy link
Collaborator

Roger. Hopefully we can get #211 merged soon to fix this.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Ignore changes to load balancers in vault-cluster ASG andrew-womeldorf/terraform-aws-vault
3 participants
@brikis98 @andrew-womeldorf @teraflik