Using `cname_prefix` in Beanstalk environment always requires replacement of environment

OblateSpheroid commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Have tried on several versions, most recently:

Terraform v0.15.5 on linux_amd64
hashicorp/aws v3.44.0

Affected Resource(s)

aws_elastic_beanstalk_environment

Terraform Configuration Files

provider "aws" {
  region = "us-gov-west-1"
}

resource "aws_elastic_beanstalk_application" "tftest" {
  name        = "tf-test-name"
  description = "tf-test-desc"
}

resource "aws_elastic_beanstalk_environment" "tftest" {
  name                = "test-beanstalk-fix-myapp"
  cname_prefix        =  "test-beanstalk-fix-myapp"
  application         = aws_elastic_beanstalk_application.tftest.name
  solution_stack_name = "64bit Amazon Linux 2018.03 v2.25.0 running Multi-container Docker 19.03.13-ce (Generic)"
  setting {
    namespace = "aws:autoscaling:launchconfiguration"
    name      = "IamInstanceProfile"
    value     = "aws-elasticbeanstalk-ec2-role"
  }
}

Expected Behavior

terraform apply creates 2 resources: aws_elastic_beanstalk_application.tftest and aws_elastic_beanstalk_environment.test. A subsequent terraform plan outputs No changes. Your infrastructure matches the configuration.

Actual Behavior

A subsequent terraform plan gives:

aws_elastic_beanstalk_environment.tftest must be replaced
...
cname_prefix           = "test-beanstalk-fix-myapp" # forces replacement
...

Steps to Reproduce

terraform apply (correctly creates 2 resources)
terraform apply (incorrectly replaces aws_elastic_beanstalk_environment.tftest - very time consuming)

The only work-around I have found is to make cname_prefix null if the environment already exists. For example, if I amend the above code with:

variable "init" {
  type = bool
  default = true
}

resource "aws_elastic_beanstalk_environment" "tftest" {
  name                = "test-beanstalk-fix-myapp"
  cname_prefix        = var.init ? "test-beanstalk-fix-myapp" : null  # edited line
  application         = aws_elastic_beanstalk_application.tftest.name
  solution_stack_name = "64bit Amazon Linux 2018.03 v2.25.0 running Multi-container Docker 19.03.13-ce (Generic)"
  setting {
    namespace = "aws:autoscaling:launchconfiguration"
    name      = "IamInstanceProfile"
    value     = "aws-elasticbeanstalk-ec2-role"
  }
}

I can then run:

export TF_VAR_init=$(if [ -n "$(terraform state list | grep aws_elastic_beanstalk_environment.tftest)" ]; then echo false; else echo true; fi)
terraform apply

And it will show no changes needed. This seems like a hacky way around a simple problem of Terraform not recognizing the cname_prefix does not need to be updated.

Important Factoids

Testing this on a gov cloud account.

florian0410 commented 3 years ago

Maybe linked but using the Beanstalk feature Swap environment URLs cause also the same behavior. https://docs.aws.amazon.com/fr_fr/elasticbeanstalk/latest/dg/using-features.CNAMESwap.html

Once the Swap is over, if you launch an apply terraform try to recreate the resource...

Too bad since we could do Blue green deployment easier if it worked.

michaelsmoody commented 1 year ago

Any chance this has a fix incoming any time soon?

It's unfortunately not possible to ignore ONLY that setting, at least that I've found (and opened a bug about, prior to finding this).

hashicorp / terraform-provider-aws