Idempotency issue with metadata_options when http_endpoint is disable on aws_launch_template

[quentin9696]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.2.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.22.0

Affected Resource(s)

• aws_launch_template

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

provider "aws" {
  region = "us-east-1"
}

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"]
}

resource "aws_launch_template" "this" {
  name = "idempotency-issue"

  image_id = data.aws_ami.ubuntu.id

  instance_type = "t3.nano"

  metadata_options {
    http_endpoint          = "disabled"
    instance_metadata_tags = "disabled"
  }
}

resource "aws_autoscaling_group" "this" {
  availability_zones = ["us-east-1a"]
  desired_capacity   = 1
  max_size           = 1
  min_size           = 1

  launch_template {
    id      = aws_launch_template.this.id
    version = "$Latest"
  }
}

Expected Behavior

Run the apply twice shouldn't show any changes.

Actual Behavior

When running the first apply, every thing deploy well. When re-apply without any changes, the plan shows

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_launch_template.this will be updated in-place
  ~ resource "aws_launch_template" "this" {
        id                      = "lt-04807df15aa342535"
      ~ latest_version          = 1 -> (known after apply)
        name                    = "idempotency-issue"
        tags                    = {}
        # (9 unchanged attributes hidden)

      ~ metadata_options {
          + instance_metadata_tags      = "disabled"
            # (3 unchanged attributes hidden)
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Steps to Reproduce

Run the apply twice

1. terraform apply
2. terraform apply

Important Factoids

Have the same issue with when not setting the metadata tags option

resource "aws_launch_template" "this" {
  name = "idempotency-issue"

  image_id = data.aws_ami.ubuntu.id

  instance_type = "t3.nano"

  metadata_options {
    http_endpoint          = "disabled"
  }
}

On the first plan, we can see that instance_metadata_tags is not in (known after apply) state like this

# aws_launch_template.this will be created
  + resource "aws_launch_template" "this" {
      + arn             = (known after apply)
      + default_version = (known after apply)
      + id              = (known after apply)
      + image_id        = "ami-0070c5311b7677678"
      + instance_type   = "t3.nano"
      + latest_version  = (known after apply)
      + name            = "idempotency-issue"
      + name_prefix     = (known after apply)
      + tags_all        = (known after apply)

      + metadata_options {
          + http_endpoint               = "disabled"
          + http_protocol_ipv6          = "disabled"
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
          + instance_metadata_tags      = "disabled"
        }
    }

The aws_instance resource is not affected by this issue

References

[justinretzolk]

Similar: #25909
Similar: #25896
Similar: #25079

[github-actions]

This functionality has been released in v4.61.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.