GavinFrazar
commented
3 weeks ago template changes will trigger a refresh by default, unless you use version = "$Latest" instead of referring to the template latest version:
A refresh will not start when version = "$Latest" is configured in the launch_template block. To trigger the instance refresh when a launch template is changed, configure version to use the latest_version attribute of the aws_launch_template resource.
Thus the fix is to change these config blocks like so:
launch_template {
name = aws_launch_template.proxy.name
- version = "$Latest"
+ version = aws_launch_template.proxy.latest_version
}
What would you like Teleport to do?
As a user editing the Teleport ASG with Terraform (updating config or Teleport version) I want the changes to apply immediately.
What problem does this solve?
Changes in configuration don't trigger an instance refresh, thus are not applied unless machines are deleted/restarted. This causes a lot of confusion and time lost troubleshooting why the configuration change did not apply. This can also cause security issues when users think they have updated to a version containing a security fix while still running vulnerable images.
If a workaround exists, please include it.
Trigger instance rollout manually.
Implementation details
See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group#automatically-refresh-all-instances-after-the-group-is-updated