error as I added new output variable to existing infra

[ranvijayj]

Terraform Version

0.11.2

Terraform Configuration Files

main.tf
(commneted part is never used)

# Specify the provider and access details
provider "aws" {
  region = "${var.aws_region}"
}

resource "aws_vpc" "default" {
  cidr_block           = "10.2.0.0/16"
  enable_dns_hostnames = true

  tags {
    Name = "tf_test"
  }
}


# Public Subnet 1

resource "aws_subnet" "tf_test_subnet" {
  vpc_id                  = "${aws_vpc.default.id}"
  cidr_block              = "10.2.0.0/24"
  map_public_ip_on_launch = true

  tags {
    Name = "tf_test_subnet"
    Tier = "web"
  }
}





resource "aws_internet_gateway" "gw" {
  vpc_id = "${aws_vpc.default.id}"

  tags {
    Name = "tf_test_ig"
  }
}

resource "aws_route_table" "r" {
  vpc_id = "${aws_vpc.default.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gw.id}"
  }

  tags {
    Name = "aws_route_table"
  }
}

resource "aws_route_table_association" "a" {
  subnet_id      = "${aws_subnet.tf_test_subnet.id}"
  route_table_id = "${aws_route_table.r.id}"
}




# ELASTIC IP NEEDS TO BE MENTIONED # Now for NAT.. Count can be increased for EC2
# FOr Multiple https://github.com/hashicorp/terraform/issues/5185

resource "aws_eip" "nat" {
    count = "1"
    vpc = true
    depends_on = ["aws_internet_gateway.gw"]
}




# PRIVATE SUBNET

resource "aws_subnet" "tf_test_subnet_private" {
  vpc_id                  = "${aws_vpc.default.id}"
  cidr_block              = "10.2.1.0/24"
  map_public_ip_on_launch = false

  tags {
    Name = "tf_test_subnet_private"
    Tier = "web"
  }
}

# NAT GATEWAY FOR PRIVATE SUBNET

resource "aws_nat_gateway" "gw" {
  subnet_id     = "${aws_subnet.tf_test_subnet.id}"
  allocation_id = "${aws_eip.nat.id}"         
  depends_on = ["aws_internet_gateway.gw"]
  
  tags {
    Name = "tf_nat_gateway"
  }
}



resource "aws_route_table" "r2" {
  vpc_id = "${aws_vpc.default.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_nat_gateway.gw.id}"
  }

  tags {
    Name = "aws_route_table_nat"
  }
}

resource "aws_route_table_association" "b" {
  subnet_id      = "${aws_subnet.tf_test_subnet_private.id}"
  route_table_id = "${aws_route_table.r2.id}"
}



# GET DATA INFO FOR multi subnets

#data "aws_vpc" "target_vpc" {
#filter = {
#    name = "tag:Name"
#    values = ["tf_test"]
#  }
#}
#data "aws_subnet_ids" "target_web_tier_subnet_ids" {
#  vpc_id = "${data.aws_vpc.target_vpc.id}"
#  tags {
#    Tier = "web"
#  }
#
#}
#data "aws_subnet" "app_tier" {
#  count = "${length(data.aws_subnet_ids.target_web_tier_subnet_ids.ids)}"
#  id = "${data.aws_subnet_ids.target_web_tier_subnet_ids.ids[count.index]}"
#}








# Our default security group to access
# the instances over SSH and HTTP
resource "aws_security_group" "default" {
  name        = "instance_sg"
  description = "Used in the terraform"
  vpc_id      = "${aws_vpc.default.id}"

  # SSH access from anywhere
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # HTTP access from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # outbound internet access
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# Our elb security group to access
# the ELB over HTTP
resource "aws_security_group" "elb" {
  name        = "elb_sg"
  description = "Used in the terraform"

  vpc_id = "${aws_vpc.default.id}"

  # HTTP access from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # outbound internet access
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # ensure the VPC has an Internet gateway or this step will fail
  depends_on = ["aws_internet_gateway.gw"]
}



resource "aws_elb" "web" {
  name = "example-elb"

  # The same availability zone as our instance
  subnets = ["${aws_subnet.tf_test_subnet.id}"]

  security_groups = ["${aws_security_group.elb.id}"]

  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 3
    target              = "HTTP:80/"
    interval            = 30
  }

  # The instance is registered automatically

  instances                   = [ "${module.frontend_api.instance_ids}" ]
  cross_zone_load_balancing   = true
  idle_timeout                = 400
  connection_draining         = true
  connection_draining_timeout = 400
}


resource "aws_lb_cookie_stickiness_policy" "default" {
  name                     = "lbpolicy"
  load_balancer            = "${aws_elb.web.id}"
  lb_port                  = 80
  cookie_expiration_period = 600
}





#launch in private / public

module "frontend_api" 
{
  source = "../modules/app-hosts"
  name = "${var.environment}-app"
  count = 1
  ami                   = "ami-7f675e4f"
  instance_type          = "t2.micro"
  key_name               = "terraform_acc"
  monitoring             = true
  subnet_id              = "${aws_subnet.tf_test_subnet.id}"
  vpc_security_group_ids = ["${aws_security_group.default.id}"]
  disk_size         = 50 

#  iam_instance_profile = 
  
  tags = {
    Terraform = "true"
    Environment = "dev"
  }
}


#launch is private

module "backend_api" 
{
  source = "../modules/app-hosts"
  name = "${var.environment}-cel"
  count = 1
  ami                   = "ami-7f675e4f"
  instance_type          = "t2.micro"
  key_name               = "terraform_acc"
  monitoring             = true
   subnet_id              = "${aws_subnet.tf_test_subnet.id}"
  vpc_security_group_ids = ["${aws_security_group.default.id}"]
  disk_size         = 50 

#  iam_instance_profile = 
  
  tags = {
    Terraform = "true"
    Environment = "dev"
  }
}

outputs.tf

output "address" {
  value = "${aws_elb.web.dns_name}"
}


output "public_subnet_ids" {
  value = [
    "${aws_subnet.tf_test_subnet.id}"
  ]
}

output "private_subnet_ids" {
  value = [
    "${aws_subnet.tf_test_subnet_private.id}"
  ]
}

output "vpc_id" {
  
  value = "${aws_vpc.default.id}"
}

Debug Output

Crash Output

https://gist.github.com/ranvijayj/1ded35b16acbb71cbe934e8f429d16b4

AND

Also include as much context as you can about your config, state, and the steps you performed to trigger this error.

• module.backend_api.aws_instance.instance: aws_instance.instance: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.

Expected Behavior

Actual Behavior

Steps to Reproduce

Found a really good way to reproduce

add any new variable to output.tf and ter plan and apply... It will fail with same error..

1. terraform init
2. terraform apply

Additional Context

References

For state management also using s3 and dynamodb as backends...
I removed the s3 backends and just changed the instance count in 1 module but all these changes showed up for no reason

Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  ~ aws_elb.web
      instances.#:                                       "" => <computed>

  ~ aws_route_table.r2
      route.3467256586.cidr_block:                       "" => "0.0.0.0/0"
      route.3467256586.egress_only_gateway_id:           "" => ""
      route.3467256586.gateway_id:                       "" => "nat-05b3deb26eef39c8b"
      route.3467256586.instance_id:                      "" => ""
      route.3467256586.ipv6_cidr_block:                  "" => ""
      route.3467256586.nat_gateway_id:                   "" => ""
      route.3467256586.network_interface_id:             "" => ""
      route.3467256586.vpc_peering_connection_id:        "" => ""
      route.3800590742.cidr_block:                       "0.0.0.0/0" => ""
      route.3800590742.egress_only_gateway_id:           "" => ""
      route.3800590742.gateway_id:                       "" => ""
      route.3800590742.instance_id:                      "" => ""
      route.3800590742.ipv6_cidr_block:                  "" => ""
      route.3800590742.nat_gateway_id:                   "nat-05b3deb26eef39c8b" => ""
      route.3800590742.network_interface_id:             "" => ""
      route.3800590742.vpc_peering_connection_id:        "" => ""

-/+ module.backend_api.aws_instance.instance (new resource required)
      id:                                                "i-0bc6c01a9c7d59dae" => <computed> (forces new resource)
      ami:                                               "ami-7f675e4f" => "ami-7f675e4f"
      associate_public_ip_address:                       "false" => "false"
      availability_zone:                                 "us-west-2c" => <computed>
      disable_api_termination:                           "false" => "false"
      ebs_block_device.#:                                "0" => "1"
      ebs_block_device.3239300295.delete_on_termination: "" => "false" (forces new resource)
      ebs_block_device.3239300295.device_name:           "" => "/dev/sda1" (forces new resource)
      ebs_block_device.3239300295.encrypted:             "" => <computed> (forces new resource)
      ebs_block_device.3239300295.snapshot_id:           "" => <computed> (forces new resource)
      ebs_block_device.3239300295.volume_id:             "" => <computed>
      ebs_block_device.3239300295.volume_size:           "" => "50" (forces new resource)
      ebs_block_device.3239300295.volume_type:           "" => "gp2" (forces new resource)
      ebs_optimized:                                     "false" => "false"
      instance_state:                                    "running" => <computed>
      instance_type:                                     "t2.micro" => "t2.micro"
      ipv6_address_count:                                "0" => "0"
      key_name:                                          "terraform_acc" => "terraform_acc"
      monitoring:                                        "true" => "true"
      network_interface.#:                               "0" => <computed>
      network_interface_id:                              "eni-24fcd720" => <computed>
      placement_group:                                   "" => <computed>
      primary_network_interface_id:                      "eni-24fcd720" => <computed>
      private_dns:                                       "ip-10-2-0-128.us-west-2.compute.internal" => <computed>
      private_ip:                                        "10.2.0.128" => <computed>
      public_dns:                                        "" => <computed>
      public_ip:                                         "" => <computed>
      root_block_device.#:                               "1" => "0"
      root_block_device.0.delete_on_termination:         "false" => "true" (forces new resource)
      security_groups.#:                                 "0" => <computed>
      source_dest_check:                                 "true" => "true"
      subnet_id:                                         "subnet-6d2ae537" => "subnet-6d2ae537"
      tags.%:                                            "3" => "3"
      tags.Environment:                                  "dev" => "dev"
      tags.Name:                                         "dev-cel-1" => "dev-cel-1"
      tags.Terraform:                                    "true" => "true"
      tenancy:                                           "default" => "default"
      user_data:                                         "da39a3ee5e6b4b0d3255bfef95601890afd80709" => "da39a3ee5e6b4b0d3255bfef95601890afd80709"
      volume_tags.%:                                     "0" => <computed>
      vpc_security_group_ids.#:                          "1" => "1"
      vpc_security_group_ids.1952608629:                 "sg-a8c7c9d4" => "sg-a8c7c9d4"

-/+ module.frontend_api.aws_instance.instance (new resource required)
      id:                                                "i-0adbabf5e442b1535" => <computed> (forces new resource)
      ami:                                               "ami-7f675e4f" => "ami-7f675e4f"
      associate_public_ip_address:                       "false" => "false"
      availability_zone:                                 "us-west-2c" => <computed>
      disable_api_termination:                           "false" => "false"
      ebs_block_device.#:                                "0" => "1"
      ebs_block_device.3239300295.delete_on_termination: "" => "false" (forces new resource)
      ebs_block_device.3239300295.device_name:           "" => "/dev/sda1" (forces new resource)
      ebs_block_device.3239300295.encrypted:             "" => <computed> (forces new resource)
      ebs_block_device.3239300295.snapshot_id:           "" => <computed> (forces new resource)
      ebs_block_device.3239300295.volume_id:             "" => <computed>
      ebs_block_device.3239300295.volume_size:           "" => "50" (forces new resource)
      ebs_block_device.3239300295.volume_type:           "" => "gp2" (forces new resource)
      ebs_optimized:                                     "false" => "false"
      instance_state:                                    "running" => <computed>
      instance_type:                                     "t2.micro" => "t2.micro"
      ipv6_address_count:                                "0" => "0"
      key_name:                                          "terraform_acc" => "terraform_acc"
      monitoring:                                        "true" => "true"
      network_interface.#:                               "0" => <computed>
      network_interface_id:                              "eni-e2fed5e6" => <computed>
      placement_group:                                   "" => <computed>
      primary_network_interface_id:                      "eni-e2fed5e6" => <computed>
      private_dns:                                       "ip-10-2-0-6.us-west-2.compute.internal" => <computed>
      private_ip:                                        "10.2.0.6" => <computed>
      public_dns:                                        "" => <computed>
      public_ip:                                         "" => <computed>
      root_block_device.#:                               "1" => "0"
      root_block_device.0.delete_on_termination:         "false" => "true" (forces new resource)
      security_groups.#:                                 "0" => <computed>
      source_dest_check:                                 "true" => "true"
      subnet_id:                                         "subnet-6d2ae537" => "subnet-6d2ae537"
      tags.%:                                            "3" => "3"
      tags.Environment:                                  "dev" => "dev"
      tags.Name:                                         "dev-app-1" => "dev-app-1"
      tags.Terraform:                                    "true" => "true"
      tenancy:                                           "default" => "default"
      user_data:                                         "da39a3ee5e6b4b0d3255bfef95601890afd80709" => "da39a3ee5e6b4b0d3255bfef95601890afd80709"
      volume_tags.%:                                     "0" => <computed>
      vpc_security_group_ids.#:                          "1" => "1"
      vpc_security_group_ids.1952608629:                 "sg-a8c7c9d4" => "sg-a8c7c9d4"```

[ranvijayj]

@mitchellh Could be a major bug.

@phinze I think there was some issue like this before. Please let me know if you need more details

[ranvijayj]

So, I do a terraform plan and apply
then without changing anything I do a terraform plan it still shows changes...

[apparentlymart]

Sorry for this strange failure @ranvijayj, and thanks for reporting it.

Unfortunately the "diffs didn't match during apply" family of errors can be raised for a number of reasons, so it may or may not be related to other cases producing similar messages.

In this case, based on the information in the error output it seems like the diffs for the root_block_device block are no longer present when we try to update the diff during the apply step.

      root_block_device.#:                               "1" => "0"
      root_block_device.0.delete_on_termination:         "false" => "true" (forces new resource)

@jbardin, do you think this could be a symptom of hashicorp/terraform#17117? While the result was different in that bug, it did relate to items being removed from the diff. I'm not totally sure, since indeed it seems like in this case we successfully created the right diff during the plan stage but then some attributes were missed during the follow-up diff.

[jbardin]

@apparentlymart: I don't know if it's the cause, but I think it's related. Only showing delete_on_termination makes sense if it was removed for some reason, as that's the only default field. I'm not sure why it would be the only change however if the count is going from 1 to 0.

[ranvijayj]

Config of ec2 module that I am using: https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws/1.1.0

# EC2 instance
######
resource "aws_instance" "instance" {
  count = "${var.count}"

  ami                    = "${var.ami}"
  instance_type          = "${var.instance_type}"
  user_data              = "${var.user_data}"
  subnet_id              = "${var.subnet_id}"
  key_name               = "${var.key_name}"
  monitoring             = "${var.monitoring}"
  vpc_security_group_ids = ["${var.vpc_security_group_ids}"]
  iam_instance_profile   = "${var.iam_instance_profile}"

  associate_public_ip_address = "${var.associate_public_ip_address}"
  private_ip                  = "${var.private_ip}"
  ipv6_address_count          = "${var.ipv6_address_count}"
  ipv6_addresses              = "${var.ipv6_addresses}"

  ebs_optimized          = "${var.ebs_optimized}"
  volume_tags            = "${var.volume_tags}"
  root_block_device      = "${var.root_block_device}"
  ephemeral_block_device = "${var.ephemeral_block_device}"

   ebs_block_device {
    device_name = "/dev/sda1"
    volume_size = "${var.disk_size}"
    volume_type = "gp2"
    delete_on_termination = false
  }

  source_dest_check                    = "${var.source_dest_check}"
  disable_api_termination              = "${var.disable_api_termination}"
  instance_initiated_shutdown_behavior = "${var.instance_initiated_shutdown_behavior}"
  availability_zone                    = "${var.availability_zone}"
  placement_group                      = "${var.placement_group}"
  tenancy                              = "${var.tenancy}"

  # Note: network_interface can't be specified together with associate_public_ip_address
  # network_interface = "${var.network_interface}"

  tags = "${merge(var.tags, map("Name", format("%s-%d", var.name, count.index+1)))}"
}```



If this helps? but value is still false here. First time apply works fine then later on it shows that this needs to be changed to true. Please do let me know whenever you guys have an update. 

[ranvijayj]

@jbardin I can share my entire code base with you once for this setup. Let me know..

Also, if I change nothing; I just do a terraform plan apply then terraform plan without any changes it still shows the same change to applied like I shared in the first comment.

I even downgraded to terraform 0.11.0 still no help..

[ranvijayj]

Code: https://drive.google.com/open?id=1__aoVg0ksNDz1r7hSfAv2gizr-erWBTu

@apparentlymart

Screencapture: https://drive.google.com/file/d/1RgPYbzyR2HZPgCpFhBpdmHBNLBJcCJ3x/view?usp=sharing

[ranvijayj]

I think I solved it. In the module main.tf
I had defined this

ebs_block_device {
device_name = "/dev/sda1"
volume_size = "${var.disk_size}"
volume_type = "gp2"
delete_on_termination = false
}

Hope you understand what is wrong in the above piece of code? ^^
So that problem is solved.... 👍

Still worth considering so that output of error is proper. While creating there was no error...

But still getting

Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:
  ~ aws_route_table.r2
      route.1831641277.cidr_block:                "0.0.0.0/0" => ""
      route.1831641277.egress_only_gateway_id:    "" => ""
      route.1831641277.gateway_id:                "" => ""
      route.1831641277.instance_id:               "" => ""
      route.1831641277.ipv6_cidr_block:           "" => ""
      route.1831641277.nat_gateway_id:            "nat-0f404343363f0809f" => ""
      route.1831641277.network_interface_id:      "" => ""
      route.1831641277.vpc_peering_connection_id: "" => ""
      route.825327986.cidr_block:                 "" => "0.0.0.0/0"
      route.825327986.egress_only_gateway_id:     "" => ""
      route.825327986.gateway_id:                 "" => "nat-0f404343363f0809f"
      route.825327986.instance_id:                "" => ""
      route.825327986.ipv6_cidr_block:            "" => ""
      route.825327986.nat_gateway_id:             "" => ""
      route.825327986.network_interface_id:       "" => ""
      route.825327986.vpc_peering_connection_id:  "" => ""

even though nothing is changing in route table after plan and apply.

Here is dev -> config.tf ::: https://drive.google.com/open?id=1__aoVg0ksNDz1r7hSfAv2gizr-erWBTu

Public Subnet

Private Subnet

Definitions

@apparentlymart

[jbardin]

@ranvijayj,

Just in case you were attempting to modify the instances, see the final note under the block devices section in the provider docs:

NOTE: Currently, changes to *_block_device configuration of existing resources cannot be automatically detected by Terraform. After making updates to block device configuration, resource recreation can be manually triggered by using the taint command.

If nothing really has changed, and you're on the latest provider release as well, I bet this is a module issue. It looks like that module is trying to map nested data structures to schema elements, which AFAIK just doesn't work (I see you've already files an issue over there as well).

While we're making progress to better support complex data types in the configuration language, assigning schema structures from a variable isn't supported.

[bflad]

Hi folks 👋 A lot has changed in Terraform CLI and SDK since this issue was raised. If there are still problems on more recent versions of both, please open a new issue and we can take a fresh look. Thanks. 👍

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.