CreateService with `deployment_circuit_breaker` ignores `deployment_minimum_healthy_percent` and `deployment_maximum_percent`

[petr-motejlek]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.2.3
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v4.19.0

Affected Resource(s)

• aws_ecs_service

Terraform Configuration Files

resource "aws_ecs_cluster" "cluster" {
  name = "test-circuit-bug"

  capacity_providers = ["FARGATE"]
}

resource "aws_ecs_task_definition" "task" {
  container_definitions = jsonencode([{
    essential = true
    name = "test-circuit-bug"
    image = "alpine"
    command = ["tail -n0 -F /dev/null"]
    cpu = 256
    memory = 512
  }])
  family = "test-circuit-bug"
  cpu = 256
  memory = 512
  requires_compatibilities = ["FARGATE"]
  network_mode = "awsvpc"
}

data "aws_vpcs" "vpcs" {
  filter {
    name   = "is-default"
    values = ["true"]
  }
}

data "aws_subnets" "subnets" {
  filter {
    name   = "vpc-id"
    values = data.aws_vpcs.vpcs.ids
  }
}

resource "aws_ecs_service" "service" {
  cluster = aws_ecs_cluster.cluster.name
  name = "test-circuit-bug"

  launch_type = "FARGATE"

  network_configuration {
    subnets = data.aws_subnets.subnets.ids
  }

  # Even though the circuit breaker is disabled, the sheer presence of the block will, upon create of the resource,
  # force the minimum and maximum percents to be ignored.
  deployment_circuit_breaker {
    enable   = false
    rollback = false
  }

  desired_count = 3

  deployment_minimum_healthy_percent = 50
  deployment_maximum_percent = 100

  task_definition = aws_ecs_task_definition.task.arn
}

Debug Output

https://gist.github.com/petr-motejlek/2752b9681c1c8cb2514b14f7695c29e0

• apply-with-circuit.log shows the apply for a run with the deployment_circuit_breaker block present
• apply-without-cirtuic-log shows the apply for a run without the block persent

Panic Output

N/A

Expected Behavior

When the deployment_circuit_breaker block is present, the deployment_minimum_healthy_percent and deployment_maximum_percent options should be sent to the CreateService API.

Actual Behavior

When the deployment_circuit_breaker block is present (even completely disabled), the CreateService API is called without the minimum and maximum percentages.

Steps to Reproduce

(With the deployment_circuit_breaker block)

1. terraform plan -- this will display a plan with the desired minimum and maximum percentages
2. terraform apply -- this will create all the resources; the CreateService call will be made without the minimum and maximum percentages (despite the plan)
3. terraform apply -- this will detect a change (the minimum and maximum percentages not being set properly) and will rectify

Important Factoids

I suspect, not having looked at the code, that whatever component generates the CreateService call, does not include the minimum and maximum percentages, by completely overwriting the DeploymentConfiguration field of the API call. I guess instead of an append to the collection, it replaces it.

References

N/A

[applike-ss]

I'm having the same issue and just checked the api docs. They do not specifically state that you would not be allowed to set a circuit breaker configuration and a minimum/maxumim healthyness count. Ref: https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html

I'm seeing this issue through the usage of the cloudposse ecs-service-task module. However i can see in the terraform aws provider code, that this behaviour would always happen when a circuit breaker configuration is set in any way. That is because the deployment configuration is re-set to an empy state instead of being expanded. Ref: https://github.com/hashicorp/terraform-provider-aws/blob/bfcd55c7cde9b2190aa0a18e6110c967e1ad5458/internal/service/ecs/service.go#L481

EDIT: Funnily after re-doing my terraform apply when the ecs-service existed already, suddenly it wants to fix it. So creation vs. updating seem to behave differently here.