Load balancer listener

[darren-reddick]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.5
on linux_amd64

Affected Resource(s)

• aws_lb
• aws_lb_listener

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_lb" "my_lb" {
  name = "mylb"
  internal           = false
  load_balancer_type = "network"
  subnets            = [for subnet in module.vpc.public_subnets : subnet]
  tags = {
    Name = "mylb"
  }
}

resource "aws_lb_listener" "vault_api" {
  load_balancer_arn = aws_lb.my_lb.arn
  port              = "443"
  protocol          = "TCP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.my_tg.arn
  }
}

Debug Output

Panic Output

Expected Behavior

Terraform should have produced a permissions error when tagging the load-balancer

Actual Behavior

Terraform apply fails after creating the load-balancer to create the listener with error:

error describing ELBv2 Listener (arn:aws:elasticloadbalancing:us-east-1:XXXXXXXXX:loadbalancer/net/mylb/YYYYYYYYYY): ValidationError: 'arn:aws:elasticloadbalancing:us-east-1:XXXXXXXXX:loadbalancer/net/mylb/YYYYYYYYYY' is not a valid listener ARN

No listener is created

Steps to Reproduce

1. terraform apply

Important Factoids

This issue was noticed when we tried to create the load-balancer with a role that was missing the elasticloadbalancing:AddTags permissions. We fixed the permissions and the problem was resolved but the original error message threw us. Looking at the source for the load balancer resource shows that there is a conditional block based on a tagging error. This results in an erroneous call to the resourceListenerRead function using the load balancer ARN: https://github.com/hashicorp/terraform-provider-aws/blob/f45acbb107421e24a6778bd6d2867258cce7a85e/internal/service/elbv2/load_balancer.go#L617

I can raise a PR for this to call the correct function: resourceLoadBalancerRead

There is also a question if the CheckISOErrorTagsUnsupported function should be returning true for genuine unauthorized errors?

References

[ewbankkit]

Closed via https://github.com/hashicorp/terraform-provider-aws/pull/24334.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.