Error when updating desired_count for fargate aws_ecs_service

jgeurts commented 4 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

0.12.21

Affected Resource(s)

aws_ecs_service

Terraform Configuration Files

resource "aws_lb" "platform" {
  name               = "platform"
  internal           = false
  load_balancer_type = "application"
  ip_address_type    = "ipv4"
  security_groups    = [aws_security_group.lb.id]
  subnets            = [for subnet in aws_subnet.lb : subnet.id]

  enable_deletion_protection = true

  tags = {
    Name = "platform"
    Type = "Public"
  }
}

resource "aws_lb_target_group" "platform" {
  count = 2

  name        = "platform-tg-${count.index + 1}"
  vpc_id      = var.vpc_id
  protocol    = "HTTP"
  port        = 80
  target_type = "ip"

  stickiness {
    type    = "lb_cookie"
    enabled = false
  }

  health_check {
    path                = "/healthcheck"
    port                = var.container_port
    protocol            = "HTTP"
    timeout             = 5
    healthy_threshold   = 5
    unhealthy_threshold = 3
    matcher             = "200"
  }

  tags = {
    Name = "platform-tg-${count.index + 1}"
    Type = "Public"
  }
}

resource "aws_lb_listener" "platform-https" {
  load_balancer_arn = aws_lb.platform.arn
  port              = 443
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-Ext-2018-06"
  certificate_arn   = var.certificate_arn

  depends_on = [aws_lb_target_group.platform]

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.platform[0].arn
  }

  lifecycle {
    ignore_changes = [
      default_action
    ]
  }
}

locals {
  family         = "platform"
  container_name = "web"
}

resource "aws_cloudwatch_log_group" "platform" {
  name              = "/aws/ecs/platform"
  retention_in_days = 3653

  tags = {
    Name = "platform"
  }
}

resource "aws_ecs_task_definition" "platform" {
  family                   = local.family
  requires_compatibilities = ["FARGATE"]
  cpu                      = var.service.cpu
  memory                   = var.service.memory
  network_mode             = "awsvpc"
  execution_role_arn       = aws_iam_role.ecs_task_execution.arn
  task_role_arn            = aws_iam_role.ecs_task_execution.arn
  container_definitions = jsonencode(
    jsondecode(
      templatefile("${path.module}/taskdef.json", {
        family         = local.family
        container_name = local.container_name
        region         = var.region
        account_id     = var.account_id
        cpu            = var.service.cpu
        memory         = var.service.memory
        image          = var.service.container_image
        log_group      = aws_cloudwatch_log_group.platform.name
        node_env       = var.node_env
        port           = var.container_port
        platform_url   = var.platform_url
        short_url      = var.short_url
        cdn_url        = var.cdn_url
      })
    ).containerDefinitions
  )

  tags = {
    Name = "platform"
    Type = "Private"
  }
}

resource "aws_ecs_cluster" "platform" {
  name = "platform"

  setting {
    name  = "containerInsights"
    value = "enabled"
  }

  tags = {
    Name = "platform"
    Type = "Public"
  }
}

data "aws_lb_listener" "current-platform" {
  arn = aws_lb_listener.platform-https.arn
}

data "aws_ecs_task_definition" "current-platform" {
  task_definition = local.family
}

resource "aws_ecs_service" "platform" {
  count                   = var.delete_platform_ecs_service ? 0 : 1
  name                    = "platform"
  cluster                 = aws_ecs_cluster.platform.arn
  launch_type             = "FARGATE"
  desired_count           = var.service.container_count
  enable_ecs_managed_tags = true
  task_definition         = "${aws_ecs_task_definition.platform.family}:${max(aws_ecs_task_definition.platform.revision, data.aws_ecs_task_definition.current-platform.revision)}"

  depends_on = [aws_lb_target_group.platform]

  load_balancer {
    target_group_arn = data.aws_lb_listener.current-platform.default_action[0].target_group_arn
    container_name   = local.container_name
    container_port   = var.container_port
  }

  network_configuration {
    subnets         = sort([for subnet in aws_subnet.ecs : subnet.id])
    security_groups = [aws_security_group.ecs.id]
  }

  deployment_controller {
    type = "CODE_DEPLOY"
  }

  lifecycle {
    // NOTE: Based on: https://docs.aws.amazon.com/cli/latest/reference/ecs/update-service.html
    // If the network configuration, platform version, or task definition need to be updated, a new AWS CodeDeploy deployment should be created.
    ignore_changes = [
      load_balancer,
      network_configuration,
      task_definition
    ]
  }

  tags = {
    Name = "platform"
    Type = "Private"
  }
}

Debug Output

https://gist.github.com/jgeurts/f4d930608a119e9cd75a7a54b111ee7c

Panic Output

Expected Behavior

It should update the ecs service with only the desired_count value

Actual Behavior

network_configuration was attempted to be updated.

Steps to Reproduce

terraform apply

Important Factoids

n/a

jgeurts commented 4 years ago

Curious if the loop to specify the subnets is causing the issue. I had thought, based on the debug output, that the sort order of the subnet ids was causing terraform to think the values were different.

jgeurts commented 4 years ago

State for the ecs service looks like:

    {
      "module": "module.platform-web",
      "mode": "managed",
      "type": "aws_ecs_service",
      "name": "platform",
      "each": "list",
      "provider": "provider.aws",
      "instances": [
        {
          "index_key": 0,
          "schema_version": 0,
          "attributes": {
            "capacity_provider_strategy": [],
            "cluster": "arn:aws:ecs:us-east-1:848340966175:cluster/platform",
            "deployment_controller": [
              {
                "type": "CODE_DEPLOY"
              }
            ],
            "deployment_maximum_percent": 200,
            "deployment_minimum_healthy_percent": 100,
            "desired_count": 1,
            "enable_ecs_managed_tags": true,
            "health_check_grace_period_seconds": 0,
            "iam_role": "aws-service-role",
            "id": "arn:aws:ecs:us-east-1:848340966175:service/platform/platform",
            "launch_type": "FARGATE",
            "load_balancer": [
              {
                "container_name": "web",
                "container_port": 8080,
                "elb_name": "",
                "target_group_arn": "arn:aws:elasticloadbalancing:us-east-1:848340966175:targetgroup/platform-tg-1/9f95fe83039b0885"
              }
            ],
            "name": "platform",
            "network_configuration": [
              {
                "assign_public_ip": false,
                "security_groups": [
                  "sg-009780f1c0a07fd3b"
                ],
                "subnets": [
                  "subnet-04513c92e9c910d63",
                  "subnet-071d6528a750de464"
                ]
              }
            ],
            "ordered_placement_strategy": [],
            "placement_constraints": [],
            "placement_strategy": [],
            "platform_version": "1.3.0",
            "propagate_tags": "NONE",
            "scheduling_strategy": "REPLICA",
            "service_registries": [],
            "tags": {
              "Name": "platform",
              "Type": "Private"
            },
            "task_definition": "platform:6"
          },
          "private": "bnVsbA==",
          "dependencies": [
            "module.platform-container-repository.aws_ecr_repository.platform",
            "module.platform-web.aws_ecs_cluster.platform",
            "module.platform-web.aws_ecs_task_definition.platform",
            "module.platform-web.aws_lb_target_group.platform",
            "module.platform-web.aws_security_group.ecs",
            "module.platform-web.aws_subnet.lb"
          ]
        }
      ]
    },

justinretzolk commented 3 years ago

Hey @jgeurts 👋 Thank you for taking the time to file this! Given that there's been a number of AWS provider releases since you initially filed it, can you confirm if you're still experiencing this behavior?

jgeurts commented 3 years ago

@justinretzolk Yep, it's still an issue

justinretzolk commented 3 years ago

Hey @jgeurts 👋 Thanks for getting back to me. I started to look into this more and came across another issue that seems to be a duplicate of this - #13658. We like to try to keep discussions consolidated, and while this issue issue is older, the other has a bit more discussion and 👍 reactions that we use to help with prioritization. With that in mind, we’re going to close this issue in favor of #13658.

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-aws