search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.76k stars 9.12k forks source link

aws_instance => ebs_block_device => tags changes does not trigger terraform to apply them #19406

Open ArseniiPetrovich opened 3 years ago

ArseniiPetrovich commented 3 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

Terraform v0.14.5

Affected Resource(s)

aws_instance

Terraform Configuration Files

Just a regular vm with following disk block code:

  ebs_block_device {
    device_name = "/dev/sdb"
    volume_size = 100
    volume_type = "gp3"
    delete_on_termination = false

    tags = {
      Name = "blah"
    }
  }

Debug Output

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Panic Output

Expected Behavior

Tags to be added to the disk

Actual Behavior

Nothing has changed

Steps to Reproduce

Create a aws vm instance through terraform with additional disk and no tags. Then try to add disk to that additional disk.

  1. terraform apply

Important Factoids

References

ssinghj commented 3 years ago

We are also experiencing the same issue. I was trying to add tags to 2 different ebs_block_device volumes. terraform apply went well without giving any error. But there was no tag added to any of that volume.

Terraform Configuration Files

#Data volume`
  ebs_block_device {
  volume_size   = "100"
  volume_type   = "gp2"
  device_name   = "/dev/sdf"
  snapshot_id   = "snap-0068b9XXXXXX"
  tags          =  merge( var.default_tags,
                {
                "Name" =  "Vol1",
                "Snapshot" = "true"
                })

}
  #Data volume
  ebs_block_device {
  volume_size   = "100"
  volume_type   = "gp2"
  device_name   = "/dev/sdg"
  snapshot_id   = "snap-0c736cdXXXXXX"
  tags          =  merge( var.default_tags,
                {
                "Name" =  "Vol2",
                "Snapshot" = "true"

                })
}

Debug Output


Terraform has compared your real infrastructure against your configuration and found no
differences, so no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Terraform and Provider Version

Terraform v0.15.5
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v3.42.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0
fransf-wtax commented 2 years ago

Same issue here.

I want to be able to add or change the "Snapshot" tag on my EBS volumes from Terraform as that controls whether and how often they are snapshotted by the Data Lifecycle Manager. Now I can't do that.

To reproduce

Script 1

terraform {
  required_version = ">=1.0.2"

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = ">=3.74.2, <4.0.0"
    }
  }
}

provider "aws" {
  region = "eu-west-1"
}

data "aws_ami" "ubuntu_latest" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-*-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

locals {
  tags = {
    Environment = "nonprod"
  }
}
resource "aws_instance" "this" {
  ami           = data.aws_ami.ubuntu_latest.id
  instance_type = "t3.micro"
  ebs_optimized = true
  hibernation = false
  monitoring = false

  root_block_device {
    volume_size = 10
    volume_type = "gp2"
    encrypted = true
    tags = merge(local.tags, {
      Name      = "test-root-volume"
    })
  }
  ebs_block_device {
    delete_on_termination = false
    encrypted = true
    device_name = "/dev/sdb"
    volume_size = 50
    volume_type = "gp2"
    tags = merge(local.tags, {
      Name = "test-extra-volume"
    })
  }
  tags = merge(local.tags, {
    Name = "test-instance"
  })
}

Script 2

terraform {
  required_version = ">=1.0.2"

  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = ">=3.74.2, <4.0.0"
    }
  }
}

provider "aws" {
  region = "eu-west-1"
}

data "aws_ami" "ubuntu_latest" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-*-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

locals {
  tags = {
    Environment = "nonprod"
  }
}
resource "aws_instance" "this" {
  ami           = data.aws_ami.ubuntu_latest.id
  instance_type = "t3.micro"
  ebs_optimized = true
  hibernation = false
  monitoring = false

  root_block_device {
    volume_size = 10
    volume_type = "gp2"
    encrypted = true
    tags = merge(local.tags, {
      Name      = "test-root-volume"
      Snapshot = "daily"
    })
  }
  ebs_block_device {
    delete_on_termination = false
    encrypted = true
    device_name = "/dev/sdb"
    volume_size = 50
    volume_type = "gp2"
    tags = merge(local.tags, {
      Name = "test-extra-volume"
      Snapshot = "daily"
    })
  }
  tags = merge(local.tags, {
    Name = "test-instance"
  })
}

Steps

  1. Save script 1 into a file (e.g .main.tf) in an empty directory
  2. Run terraform init
  3. Run terraform apply -auto-approve
  4. Replace script 1 with script 2 (this adds tags to both the root_block_device and ebs_block_device)
  5. Run terraform apply -auto-approve

Expected:

Actual:

TRACE log of the second apply run (where the "Snapshot" tag should be added) : https://gist.github.com/fransf-wtax/660c058872f238ff288ca45d8d5c773d

Terraform and provider version

Terraform v1.1.5
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v3.74.2
fransf-wtax commented 2 years ago

OK, so I started looking at the code for this, and as far as I can tell no changes at all on the ebs_block_device sections are applied at all after the instance has been created. You can test this by trying to increase the volume_size ... nothing happens.

The documentation does say:

Block device configurations only apply on resource creation.

but later on it also says:

If you use ebs_block_device on an aws_instance, Terraform will assume management over the full set of non-root EBS block devices for the instance, treating additional block devices as drift.

which seems to be contradicted by both the code and the witnessed behaviour of terraform - it doesn't actually manage anything apart from the root block device, it seems.

Would be helpful if one of the core developers could shed some light on this and either update the documentation or the code to match what the documentation says.

DhruvinSoni30 commented 1 year ago

EBS block device does not support "tags" or "tag" fields. You can check further here:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs_block_device https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_configuration.html#ebs_block_device

misilot commented 1 year ago

@DhruvinSoni30 EBS block device supports tags per https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices, specifically, https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#tags

and when launching a new instance with 

    delete_on_termination = false
    device_name = "/dev/sdf"
    volume_size = 8
    volume_type = "gp3"
    tags = {
        "Name"          = "mysql22_klib",
        "terraform"     = "Managed by Terraform",
        "application"   = "mysql",
        "fstype"        = "ext4",
        "retention"     = "65",
        "snap_interval" = "daily",
        "mountpoint"    = "klib"
    }
  }

present the tags get applied when creating the volume, however once it's created terraform does not detect changes to the tags or even volume_size for that matter.

DhruvinSoni30 commented 1 year ago

Oh yes, my bad! Thanks for correcting it!