We are invoking the module with various different configurations (E.g. different instance_types, AMIs, etc.) to offer a broad range of runners to our development teams. Sometimes when running terraform plan we get a plan output that isn't related to a change we made to our terraform code (E.g.: a simple update to the versions.tf done by Renovate), see example:
# module.aws-arm64-runner-medium.module.terminate_agent_hook.aws_lambda_function.terminate_runner_instances will be updated in-place
~ resource "aws_lambda_function" "terminate_runner_instances" {
id = "arm64-docker-medium-terminate-instances"
~ last_modified = "2024-08-14T07:10:48.000+0000" -> (known after apply)
~ qualified_arn = "arn:aws:lambda:eu-central-1:<redact>:function:arm64-docker-medium-terminate-instances:25" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:<redact>:function:arm64-docker-medium-terminate-instances:25/invocations" -> (known after apply)
~ source_code_hash = "STtJd0//CpU4WGQcc2ojckEcEHtCrD8W2fpx9E1TL64=" -> "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="
tags = {
"Environment" = "arm64-docker-medium"
"Name" = "arm64-docker-medium"
"monitoring" = "true"
"runner-sizing" = "arm64-docker-medium"
"tf-aws-gitlab-runner:instancelifecycle" = "spot:yes"
}
~ version = "25" -> (known after apply)
# (24 unchanged attributes hidden)
# (4 unchanged blocks hidden)
}
# module.aws-arm64-runner-medium.module.terminate_agent_hook.aws_lambda_permission.current_version_triggers must be replaced
-/+ resource "aws_lambda_permission" "current_version_triggers" {
~ id = "TerminateInstanceEvent" -> (known after apply)
~ qualifier = "25" # forces replacement -> (known after apply) # forces replacement
+ statement_id_prefix = (known after apply)
# (5 unchanged attributes hidden)
}
Expected behavior
Only actual code changes cause a terraform plan output that contains changes related to resources that are being created by the module.
Additional context
It seems that not all lambda functions are effected. By having a look at our most recent invocations of terraform, it seems that only ~2-3 of the total of 10 modules are affected. The plan output is always related to such changes, which then leads to a new version as shown above.
~ last_modified = "2024-07-25T05:00:08.000+0000" -> (known after apply)
~ qualified_arn = "arn:aws:lambda:eu-central-1:<redact>:function:amd64-small-terminate-instances:4" -> (known after apply)
~ qualified_invoke_arn = "arn:aws:apigateway:eu-central-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-central-1:<redact>:function:amd64-small-terminate-instances:4/invocations" -> (known after apply)
~ source_code_hash = "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" -> "STtJd0//CpU4WGQcc2ojckEcEHtCrD8W2fpx9E1TL64="
tibuntu
commented
1 month ago
Describe the bug
We are invoking the module with various different configurations (E.g. different instance_types, AMIs, etc.) to offer a broad range of runners to our development teams. Sometimes when running
terraform planwe get a plan output that isn't related to a change we made to our terraform code (E.g.: a simple update to theversions.tfdone by Renovate), see example:Expected behavior
Only actual code changes cause a terraform plan output that contains changes related to resources that are being created by the module.
Additional context
It seems that not all lambda functions are effected. By having a look at our most recent invocations of terraform, it seems that only ~2-3 of the total of 10 modules are affected. The plan output is always related to such changes, which then leads to a new version as shown above.