Incomplete listener rules from data.aws_lb_listener & Data source request - data.aws_lb_listener_rule

[nicholastcs]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Data source data.aws_lb_listener, which it returns only default_action but not of its full listener rules.

Therefore, I'm unable to retrieve the particular listener rule's target group to generate cloudwatch dashboard (i.e. unhealthy host count).

This can be fix directly on data.aws_lb_listener to retrieve its full listener rules or, implementing new data source of data.aws_lb_listener_rule

New or Affected Resource(s)

• data.aws_lb_listener returning incomplete listener rule.

• Potential new implementation of data source data.aws_lb_listener_rule.

Potential Terraform Configuration

Example of possible configuration of data.aws_lb_listener_rule

data "aws_lb_listener" "lb_listener" {
  load_balancer_arn = data.aws_lb.load_balancer.arn
  port              = 443
}

# unimplemented data source
data "aws_lb_listener_rule" "listener_rule" {
  listener_arn = data.aws_lb_listener.lb_listener.arn
  priority     = "1"
}

output "example_output" {
  value = {
    target_group_arn = data.aws_lb_listener_rule.listener_rule.target_group_arn
  }
}

Workaround

• Possible workaround is to implement a shell execution likely from scottwinkler/shell provider or native Terraform built-in local-exec, retrieving target_group_arn from the listener with AWS CLI. However, it proved to be hacky and doesn't bode well for long term maintenance.

• Retrieve output of target_group_arn possibly from remote state's output, terraform-remote-state.

References

Here is possible linked issue.

• #10514

I'll gladly to provide further info if the provider team needed.

[marcuz]

I have the exact same use-case/issue: ALB created via kubernetes_ingress/kubernetes_ingress_v1 resource and need to get the target_group_arn (or name) to be able to use TargetGroup dimension in an aws_cloudwatch_metric_alarm resource.

[marcuz]

@nicholastcs have you found any other way to achieve the following without actually using aws CLI?

$ aws --region [REDACTED] elbv2 describe-rules --listener-arn arn:aws:elasticloadbalancing:[REDACTED]:[REDACTED]:listener/app/[REDACTED]/[REDACTED] --query 'Rules[0].Actions[0].TargetGroupArn'
"arn:aws:elasticloadbalancing:[REDACTED]:[REDACTED]:targetgroup/[REDACTED]"

I am running out of ideas and I might need to go down the local-exec road. 😞

[marcuz]

Assuming you have your AWS region local.aws_region and ALB rules all using the same target group (Rules[0].Actions[0].TargetGroupArn - easily tuned to match what you need), the following does the trick:

data "aws_lb" "alb" {
  # ...
}

data "aws_lb_listener" "alb" {
  # ...
}

data "external" "alb_targetgroup" {
  program = ["sh", "-c", "aws --region ${local.aws_region} elbv2 describe-rules --listener-arn ${data.aws_lb_listener.alb.arn} --query 'Rules[0].Actions[0].TargetGroupArn' | jq -r '. | {target_group_arn: .}'"]
}

locals {
  target_group_arn = data.external.alb_targetgroup.result["target_group_arn"]
  target_group_arn_suffix = element(
    split(":", local.target_group_arn),
    length(split(":", local.target_group_arn)) - 1
  )
}

resource "aws_cloudwatch_metric_alarm" "UnHealthyHostCount" {
  # ...

  dimensions = {
    LoadBalancer = data.aws_lb.alb.arn_suffix
    TargetGroup  = local.target_group_arn_suffix
  }
}

In case someone needs it. 😄

[nicholastcs]

@marcuz, it is all working and fine, but too much workaround for me.

The best case is provider maintainer to implement them.

[marcuz]

@marcuz, it is all working and fine, but too much workaround for me.

The best case is provider maintainer to implement them.

Absolutely, I am looking forward to get rid of this crap! I needed to unblock this work and this is by far the cleanest solution I came up with. 😄

[piersatdoshii]

In my case I need to be able to dynamically insert a new listener rule before an existing one, so being able to lookup that rule is rather important.