Tags for every resource show needing updates every time I run apply

[gregor2004ua]

So even if I do not make any changes to terraform code and expect to see 0 diffs I get this for every resource created by the module. I must be doing something wrong because I'm sure someone would have complained by now, but can't seem to figure it out. It looks like the Key vs Value pairs just get rotated around in the list of tags.

Here is how I pass common tags in:

module "vpc" {
  source  = "registry.terraform.io/aws-ia/vpc/aws"
  version = "= 3.2.1"

  name = "${var.name}-vpc"
  tags = local.common_tags

  cidr_block = var.cidr_block
  az_count   = var.az_count
  ...
}

And here is how they are defined (merged with top level tags):

locals {
  common_tags = merge(var.common_tags, {
    environment = var.name
  })
}

and the top level module passes these tags in:

locals {
  common_tags = {
    managed_by        = "terraform"
    terraform_project = "core_infra"
  }
}

Any help is appreciated here.

[drewmullen]

That is surprising... we have tests that execute with multiple tags...

That being said, 1 thing I can say is that upgrading to v4 would eliminate this issue. The v4 upgrade process has commands on how to replace the awscc resources with the standard aws resources.

Background: The awscc resources accept tags as a list of maps, which is how aws defines them. The standard aws provider has logic on how to handle ordering, etc and should eliminate this issue.

Here's instructions on the upgrade https://github.com/aws-ia/terraform-aws-vpc/blob/main/UPGRADE-GUIDE-4.0.md

Note you so not have to relocate your tags to default_tags. I only mention here because that's the primary reason you're upgrading

[gregor2004ua]

Thank you. That helped.

are you also planning to upgrade aws-ia/network-hubandspoke/aws to use v4 of this module? That's another one that's giving me this issue now.

[drewmullen]

Yes, awesome. Glad that helped. That is in the works atm by the one and only @pablo19sc

Any feedback on the upgrade process to v4 would be appreciated

[gregor2004ua]

The upgrade went pretty smooth. No issues at all, except the resources that were created by aws-ia/network-hubandspoke/aws I had to filter those out.

One thing you could mention in the instructions is to first upgrade module version to "4.0.0" and run "terraform get" before running the terraform state commands.

I turned your instructions into a script because I had a lot of resources to update and it would take me forever.

#!/bin/zsh

# backup
tf state pull | tee tfstateV3.bak

# upgrade route tables

terraform state list | grep -e "awscc_ec2_route_table" | tee rt_to_replace.txt

cat rt_to_replace.txt |
while read res_path; do
    res_new_path=$(echo $res_path | sed 's/awscc_ec2_route_table/aws_route_table/')

    echo $res_path
    echo $res_new_path

    res_id=$(terraform state show $res_path | grep "id" | head -1 | cut -d'=' -f2 | awk '{$1=$1};1' | tr -d '"')
    echo $res_id
    terraform state rm $res_path
    terraform import $res_new_path $res_id
done

# upgrade route table associations

terraform state list | grep -e "awscc_ec2_subnet_route_table_association" | tee rta_to_replace.txt

cat rta_to_replace.txt |
while read res_path; do
    res_new_path=$(echo $res_path | sed 's/awscc_ec2_subnet_route_table_association/aws_route_table_association/')

    echo $res_path
    echo $res_new_path

    tf_state=$(terraform state show $res_path)
    rt_id=$(echo $tf_state | grep "route_table_id" | head -1 | cut -d'=' -f2 | awk '{$1=$1};1' | tr -d '"')
    subnet_id=$(echo $tf_state | grep "subnet_id" | head -1 | cut -d'=' -f2 | awk '{$1=$1};1' | tr -d '"')

    echo $rt_id
    echo $subnet_id
    terraform state rm $res_path
    terraform import $res_new_path "$subnet_id/$rt_id"
done

you can comment out terraform state rm and terraform import lines in the script for dry run.

[drewmullen]

Oh man. You're awesome. I'll see about incorpating this into the guide

[gregor2004ua]

this is by no means a good looking script, more like a quick throw together, but it worked for me :)

thank you for your help and prompt responses! 🍻