[Bug]: Unable to remove or modify aws:elasticbeanstalk:sns:topics in elastic beanstalk environment

[jamiegosling]

Terraform Core Version

1.2.7

AWS Provider Version

4.43.0

Affected Resource(s)

aws_elastic_beanstalk_environment

Expected Behavior

Adding an email as a Notification Endpoint works using the following settings block:

setting {
    namespace = "aws:elasticbeanstalk:sns:topics"
    name      = "Notification Endpoint"
    value     = "my@email.address"
    resource = ""
  }

Removing the settings block should remove the email from the environment settings

Actual Behavior

Removing the settings block doesn't remove the email address. It also doesn't seem to be possible to change the notification to a different type, for example with a block like:

  setting {
    namespace = "aws:elasticbeanstalk:sns:topics"
    name      = "Notification Topic ARN"
    value     = var.eb_update_topic
    resource = ""
  }

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

minimal module

resource "aws_elastic_beanstalk_application" "eb_app" {
  name        = "eb-app"
  description = "EB app"

}

resource "aws_elastic_beanstalk_application_version" "_app_version" {
  name        = "application"
  application = "${aws_elastic_beanstalk_application.eb_app.name}"
  description = "application version created by terraform"
  bucket      = "${var.source_bucket.id}"
  key         = data.aws_s3_object.source_zip.key
}

resource "aws_elastic_beanstalk_environment" "polaris_eb_env" {
  name                = "name"
  description         = format("Elastic Beanstalk enviromnet for application")
  application         = aws_elastic_beanstalk_application.eb_app.name
  version_label       = aws_elastic_beanstalk_application_version.eb_app_version.name
  solution_stack_name = "64bit Amazon Linux 2 v3.4.0 running Python 3.8"

  setting {
      namespace = "aws:autoscaling:launchconfiguration"
      name = "IamInstanceProfile"
      value = aws_iam_instance_profile.eb_profile.name
      resource = ""
  }

  setting {
    namespace = "aws:elasticbeanstalk:environment"
    name      = "LoadBalancerType"
    value     = var.loadbalancer_type
    resource = ""
  }
  setting {
    namespace = "aws:ec2:vpc"
    name      = "VPCId"
    value     = var.vpc
    resource = ""
  }
  setting {
    namespace = "aws:ec2:vpc"
    name      = "ELBScheme"
    value     = "internal"
    resource = ""
  }

  setting {
    namespace = "aws:elasticbeanstalk:cloudwatch:logs"
    name = "StreamLogs"
    value = true
    resource = ""
  }

  setting {
    namespace = "aws:ec2:vpc"
    name      = "Subnets"
    value     = join(",", sort(var.subnets))
    resource = ""
  }

    setting {
    namespace = "aws:autoscaling:launchconfiguration"
    name      = "SecurityGroups"
    value     = var.security_groups.id
    resource = ""
  }

    setting {
    namespace = "aws:autoscaling:asg"
    name      = "MinSize"
    value     = var.minsize
    resource = ""
  }

    setting {
    namespace = "aws:autoscaling:asg"
    name      = "MaxSize"
    value     = var.maxsize
    resource = ""
  }

setting {
    namespace = "aws:elasticbeanstalk:sns:topics"
    name      = "Notification Endpoint"
    value     = "my@email.address"
    resource = ""
  }

  depends_on = [
    aws_iam_role.eb_role
  ]
  lifecycle {
    create_before_destroy = true

    replace_triggered_by = [
      null_resource.lb_type
    ]
  }
}

#instance role is required by EB, only created by default if you create EB environment using CLI
resource "aws_iam_instance_profile" "eb_profile" {
  name = "${var.name_prefix}-aws-elasticbeanstalk-ec2-profile"
  role = aws_iam_role.eb_role.name

  depends_on = [
    aws_iam_role.eb_role
  ]
}

resource "aws_iam_role" "eb_role" {
  name = "${var.name_prefix}-aws-eb-ec2-role"
  description = "Required by Elastic Beanstalk to manage resources."

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

resource "aws_iam_role_policy" "eb_policy" {
  name = "${var.name_prefix}-eb-policy"
  role = aws_iam_role.eb_role.id

  policy = {policy here}
}

resource "aws_iam_instance_profile" "eb_profile" {
  name = "${var.name_prefix}-aws-elasticbeanstalk-ec2-profile"
  role = aws_iam_role.eb_role.name

  depends_on = [
    aws_iam_role.eb_role
  ]
}

resource "aws_iam_role" "eb_role" {
  name = "${var.name_prefix}-aws-eb-ec2-role"
  description = "Required by Elastic Beanstalk to manage resources."

  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ec2.amazonaws.com"
        }
      },
    ]
  })
}

resource "aws_iam_role_policy" "eb_policy" {
  name = "${var.name_prefix}-eb-policy"
  role = aws_iam_role.eb_role.id

  policy = {policy here}
}

Steps to Reproduce

Deploy elastic beanstalk environment with setting block with namespace aws:elasticbeanstalk:sns:topics and it will be deployed, remove or modify the block and apply and the changes won't be made

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.