aws_codedeploy_deployment_group resource error when associated aws_codedeploy_app resource is replaced

[harryw]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.23

• provider.aws v2.52.0

Affected Resource(s)

• aws_codedeploy_deployment_group

Terraform Configuration Files

variable "codedeploy_app_name" {
  default = "codedeploy_error_example"
}
variable "codedeploy_role_name" {
  default = "arn:aws:iam::123456789012:role/your-role-name"
}

resource "aws_codedeploy_app" "app" {
  compute_platform = "Lambda"
  name = var.codedeploy_app_name
}

resource "aws_codedeploy_deployment_group" "deployment_group" {
  app_name = aws_codedeploy_app.app.name
  deployment_group_name = "lambda"
  service_role_arn = var.codedeploy_role_name
  deployment_style {
    deployment_type = "BLUE_GREEN"
    deployment_option = "WITH_TRAFFIC_CONTROL"
  }
  deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"
}

Debug Output

Expected Behavior

When renaming the aws_codedeploy_app resource, the app gets replaced. The aws_codedeploy_deployment_group resource is owned by the app, and so when the app is deleted the deployment group gets deleted also.

The expected behavior is that a replacement of the TF app resource should trigger a replacement of the TF deployment group resource.

Actual Behavior

When the app resource is replaced, TF then tries to modify the dependent deployment group, and this fails because the deployment group no longer exists.

Steps to Reproduce

1. Set the codedeploy_role_name variable to an appropriate value. An IAM role is omitted from this example to keep it small and readable.
2. terraform apply
3. Modify the codedeploy_app_name variable.
4. terraform plan

The plan looks like this:

  # aws_codedeploy_app.app must be replaced
-/+ resource "aws_codedeploy_app" "app" {
        compute_platform = "Lambda"
      ~ id               = "ca505c07-5e8e-4166-8709-752a89efbe5c:codedeploy_error_example" -> (known after apply)
      ~ name             = "codedeploy_error_example" -> "codedeploy_error_example2" # forces replacement
      + unique_id        = (known after apply)
    }

  # aws_codedeploy_deployment_group.deployment_group will be updated in-place
  ~ resource "aws_codedeploy_deployment_group" "deployment_group" {
      ~ app_name               = "codedeploy_error_example" -> "codedeploy_error_example2"
        autoscaling_groups     = []
        deployment_config_name = "CodeDeployDefault.LambdaAllAtOnce"
        deployment_group_name  = "lambda"
        id                     = "f82fc65b-a4f9-4320-9d96-474742a6c9b7"
        service_role_arn       = "arn:aws:iam::123456789012:role/your-role-name"

        deployment_style {
            deployment_option = "WITH_TRAFFIC_CONTROL"
            deployment_type   = "BLUE_GREEN"
        }
    }

Plan: 1 to add, 1 to change, 1 to destroy.

5. terraform apply

The apply results in an error like this:

aws_codedeploy_app.app: Refreshing state... [id=ca505c07-5e8e-4166-8709-752a89efbe5c:codedeploy_error_example]
aws_codedeploy_deployment_group.deployment_group: Refreshing state... [id=f82fc65b-a4f9-4320-9d96-474742a6c9b7]
aws_codedeploy_app.app: Destroying... [id=ca505c07-5e8e-4166-8709-752a89efbe5c:codedeploy_error_example]
aws_codedeploy_app.app: Destruction complete after 1s
aws_codedeploy_app.app: Creating...
aws_codedeploy_app.app: Creation complete after 1s [id=a9364e19-3a8a-483b-92dd-9a32713e75b1:codedeploy_error_example2]
aws_codedeploy_deployment_group.deployment_group: Modifying... [id=f82fc65b-a4f9-4320-9d96-474742a6c9b7]

Error: Error updating CodeDeploy deployment group: DeploymentGroupDoesNotExistException: No Deployment Group found for name: lambda

  on example.tf line 18, in resource "aws_codedeploy_deployment_group" "deployment_group":
  18: resource "aws_codedeploy_deployment_group" "deployment_group" {

References

I've run into this at the same time as another, very similar, issue related to Lambda functions and their associated aliases. Renaming a function triggers a replacement, deleting an associated alias, but then TF tries to modify the deleted alias. That was reported in #10298. A single-line fix was submitted 3 months ago in #11170 as a draft PR, but it was never progressed to a proper PR. It seems likely that the same kind of fix would address this issue.

[justinretzolk]

Hey @harryw 👋 Thank you for taking the time to file this issue! Given that there's been a number of AWS Provider releases since you initially filed it, can you confirm if you're still experiencing this behavior?

[virgofx]

I can confirm this error still persists. Basically, renaming a code deploy group triggers this.

  # aws_codedeploy_deployment_group.default[0] will be updated in-place
  ~ resource "aws_codedeploy_deployment_group" "default" {
      ~ deployment_group_name  = "old" -> "new"

Error: Error updating CodeDeploy deployment group: DeploymentGroupDoesNotExistException: No Deployment Group 
found for name: new

Terraform v1.0.10
provider registry.terraform.io/hashicorp/aws v3.63.0

[ReagentX]

I ran into this issue. It appears that the rename does occur, however, and running terraform apply a second time reports successes.