search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.87k stars 9.21k forks source link

AWS ALB Error "TargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer" when replacing aws_lb reoure #22005

Open igoratencompass opened 3 years ago

igoratencompass commented 3 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

Affected Resource(s)

Expected Behavior

When changing the type of an existing ALB aws_lb resource from internal to external and vice-versa I expect terraform to seamlessly replace the resource -- since the TragetGroup(s) attached to the Listener(s) do not change I expect for terraform to replace the ALB in correct order without causing a conflict, i.e. destroy the old ALB and it's listeners first (or at least remove the TargetGroups) before it tries to attach them to the new ALB Listener(s). This is not happening from what I can see, I end up with the error given further down in the description.

Actual Behavior

The plan stage correctly recognizes that the ALB and the Listener need replacement:

  # module.alb[0].aws_lb.main must be replaced
+/- resource "aws_lb" "main" {
      ~ arn                        = "<snip>" -> (known after apply)
      ~ arn_suffix                 = "<snip>" -> (known after apply)
      ~ dns_name                   = "internal-<snip>" -> (known after apply)
      ~ id                         = "<snip>" -> (known after apply)
      ~ internal                   = true -> false # forces replacement
  [...]

  # module.alb[0].aws_lb_listener.https[0] must be replaced
+/- resource "aws_lb_listener" "https" {
  [...]

but it fails to get replaced failing with an error during the apply stage:

module.alb[0].aws_lb.main: Creating...
module.alb[0].aws_lb.main: Still creating... [10s elapsed]
module.alb[0].aws_lb.main: Still creating... [20s elapsed]
module.alb[0].aws_lb.main: Still creating... [30s elapsed]
module.alb[0].aws_lb.main: Still creating... [40s elapsed]
module.alb[0].aws_lb.main: Still creating... [50s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m0s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m10s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m20s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m30s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m40s elapsed]
module.alb[0].aws_lb.main: Still creating... [1m50s elapsed]
module.alb[0].aws_lb.main: Still creating... [2m0s elapsed]
module.alb[0].aws_lb.main: Still creating... [2m10s elapsed]
module.alb[0].aws_lb.main: Creation complete after 2m19s [id=arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/app/XXX/YYY]
module.alb[0].aws_lb_listener.https[0]: Creating...
module.alb[0].aws_lb_listener.https[1]: Creating...
â•·
│ Error: error creating ELBv2 Listener (arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/app/XXX/YYY): TargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer: arn:aws:elasticloadbalancing:eu-west-1:123456789012:targetgroup/hap0-EEE/FFF
│   status code: 400, request id: 80f1541c-8aae-43ef-a7fc-e95fa8db5521

which is not surprising since the Listener change is marked as +/- instead of -/+ which I would expect in this situation.

Steps to Reproduce

Create an ALB aws_lb and aws_lb_target_group resource in a VPC, create aws_lb_listener resource and associate it to the ALB and the TargetGroup. The ALB type can be internal (internal = true) or external (internal = false) doesn't matter. Run plan and apply and wait for resources to get created. Then change the internal in the aws_lb resource to the opposite value and repeat the process. I have chosen the internal parameter but can be any change that forces a resource replacement.

Important Factoids

Note that none of the resources created use create_before_destroy lifecycle.

eocern commented 2 years ago

I was just hit by the same issue.

wil-vse commented 2 years ago

Same issue with version Terraform v1.1.7 on darwin_arm64 and Terraform v1.1.8 on darwin_arm64

benmotyka commented 2 years ago

Same issue

babebort commented 2 years ago

up ingress Failed deploy model due to failed to create listener rule: TargetGroupAssociationLimit: The following target groups cannot be associated with more than one load balancer: arn:aws:elasticloadbalancing:eu-central-1:1111111:targetgroup/k8s-default-monorepo-bafd567687/add252b99f892cc7 status code: 400, request id: 4aff53e2-9c52-4dc9-85d0-a8dbd84e5e21

yriahi commented 1 year ago

up. same issue

dsmith-qlik commented 1 year ago

up, it hit me too v1.1.9

igoratencompass commented 1 year ago

@justinretzolk how many up votes does this 1.5 years old bug need in order to get some attention?

dmitriyklyuzov commented 1 year ago

Same issue with the latest version of Terraform

sl-antonybasbug commented 1 year ago

same issue

DanielFedorowsky commented 10 months ago

Experiencing the same issue using CDK. Any workaround?

avielb-navina commented 3 months ago

this helped me: https://repost.aws/questions/QUY2sMSJyDTL-vNbR4Agm0Yw/error-targetgroup-cannot-be-associated-with-more-than-one-load-balancer

there was an already existing target group that i needed to delete