[Bug]: terraform plan modifies aws_globalaccelerator_endpoint_group endpoint_configuration weight on everyplan

[arnvid]

Terraform Core Version

1.5.0

AWS Provider Version

5.3.0

Affected Resource(s)

aws_globalaccelerator_endpoint_group

Expected Behavior

AWS changes value of weight on its on so there is a constant drift.

Actual Behavior

Value is changed back to tf code.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_globalaccelerator_endpoint_group" "public_dr" {
  count                 = var.dr_enable ? 1 : 0
  listener_arn          = aws_globalaccelerator_listener.public_https[0].id
  endpoint_group_region = var.region_dr

  health_check_protocol         = "HTTPS"
  health_check_path             = "/_health_check"
  health_check_interval_seconds = 10
  threshold_count               = 3
  traffic_dial_percentage       = 0

  endpoint_configuration {
    client_ip_preservation_enabled = true
    endpoint_id                    = aws_lb.public_dr[0].arn
    weight                         = 0
  }
}

Steps to Reproduce

Deploy an aws_globalaccelerator with aws_globalaccelerator_endpoint_group in different regions.

Debug Output

No response

Panic Output

No response

Important Factoids

  # module.ptfe_deploy.module.aws.aws_globalaccelerator_endpoint_group.public_dr[0] will be updated in-place
  ~ resource "aws_globalaccelerator_endpoint_group" "public_dr" {
        id                            = "arn:aws:globalaccelerator::xx:accelerator/xxxxxx/endpoint-group/xxxx"
        # (9 unchanged attributes hidden)

      - endpoint_configuration {
          - client_ip_preservation_enabled = true -> null
          - endpoint_id                    = "arn:aws:elasticloadbalancing:eu-west-1:xxxxxx:loadbalancer/app/tfe/xxxxx" -> null
          - weight                         = 128 -> null
        }
      + endpoint_configuration {
          + client_ip_preservation_enabled = true
          + endpoint_id                    = "arn:aws:elasticloadbalancing:eu-west-1:xxxxxx:loadbalancer/app/tfe/xxxxx"
          + weight                         = 0
        }
    }

Possible workaround is to ignore change on endpoint_configuration - tried other options:

Block type "endpoint_configuration" is represented by a set of objects, and set elements do not have addressable keys. To find elements matching specific criteria, use a "for" expression with an "if" clause.

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @arnvid 👋 Thank you for taking the time to raise this! So that we have the necessary information in order to look into this, can you supply debug logs (redacted as needed) as well?

[arnvid]

Hey @justinretzolk - I recreated a smaller version of this vs the 3k line tf deployment this came from with just 2x vpcs 2x ALBs and then the GA. And the weight has yet to be changed from AWS side, now also the weight is not changing on the original deployment. I do have a 12000 line debug log from where the error happens, but I am not sure I am able to redact it properly enough to post here . I can post it through an HashiCorp support ticket as this is part of deploying products if that allows you to get it from there.

[arnvid]

2023-06-15T22:44:28.514+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Upgrading JSON state: tf_mux_provider=*schema.GRPCProviderServer tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.26.1/helper/schema/grpc_provider.go:323 @module=sdk.helper_schema tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=1211112222-2222-222211-1-11111111111 tf_rpc=UpgradeResourceState timestamp=2023-06-15T22:44:28.514+0200
2023-06-15T22:44:28.514+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received downstream response: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_duration_ms=0 diagnostic_error_count=0 diagnostic_warning_count=0 tf_proto_version=5.3 tf_req_id=1211112222-2222-222211-1-11111111111 @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 @module=sdk.proto tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=UpgradeResourceState timestamp=2023-06-15T22:44:28.514+0200
2023-06-15T22:44:28.514+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Served request: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=UpgradeResourceState @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:728 @module=sdk.proto tf_proto_version=5.3 tf_req_id=1211112222-2222-222211-1-11111111111 tf_resource_type=aws_globalaccelerator_endpoint_group timestamp=2023-06-15T22:44:28.514+0200
2023-06-15T22:44:28.516+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received request: tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:737 @module=sdk.proto tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=12111111-1111-1111-11-1-11111111111tf_rpc=ReadResource timestamp=2023-06-15T22:44:28.516+0200
2023-06-15T22:44:28.516+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Sending request downstream: tf_req_id=12111111-1111-1111-11-1-11111111111tf_resource_type=aws_globalaccelerator_endpoint_group @module=sdk.proto tf_provider_addr=registry.terraform.io/hashicorp/aws tf_proto_version=5.3 tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 timestamp=2023-06-15T22:44:28.516+0200
2023-06-15T22:44:28.516+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: calling downstream server: tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-mux@v0.10.0/internal/logging/mux.go:16 @module=sdk.mux tf_mux_provider=*schema.GRPCProviderServer timestamp=2023-06-15T22:44:28.516+0200
2023-06-15T22:44:28.516+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Calling downstream: @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.26.1/helper/schema/resource.go:1014 tf_provider_addr=registry.terraform.io/hashicorp/aws @module=sdk.helper_schema tf_mux_provider=*schema.GRPCProviderServer tf_req_id=12111111-1111-1111-11-1-11111111111tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=ReadResource timestamp=2023-06-15T22:44:28.516+0200
2023-06-15T22:44:28.516+0200 [DEBUG] provider.terraform-provider-aws_v5.3.0_x5: HTTP Request Sent: @module=aws aws.operation=DescribeEndpointGroup http.method=POST http.request.header.authorization="AWS4-HMAC-SHA256 Credential=AK*******************/20230615/us-west-2/globalaccelerator/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-target, Signature=*****" http.url=https://globalaccelerator.us-west-2.amazonaws.com/ tf_mux_provider=*schema.GRPCProviderServer http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.5.0 (+https://www.terraform.io) terraform-provider-aws/5.3.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.280 (go1.19.9; darwin; arm64)" net.peer.name=globalaccelerator.us-west-2.amazonaws.com tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=ReadResource @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.30/logger.go:96 aws.service="Global Accelerator" http.flavor=1.1 http.request.header.x_amz_target=GlobalAccelerator_V20180706.DescribeEndpointGroup aws.region=us-west-2 http.request.body="{"EndpointGroupArn":"arn:aws:globalaccelerator::123456789012:accelerator/1231231233-12313e-1333e-a314-141414/listener/141414/endpoint-group/5151414"}
" http.request.header.content_type=application/x-amz-json-1.1 http.request.header.x_amz_date=20230615T204428Z http.request_content_length=157 tf_req_id=12111111-1111-1111-11-1-11111111111aws.sdk=aws-sdk-go timestamp=2023-06-15T22:44:28.516+0200
2023-06-15T22:44:28.794+0200 [DEBUG] provider.terraform-provider-aws_v5.3.0_x5: HTTP Response Received: tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.30/logger.go:144 aws.operation=DescribeEndpointGroup aws.sdk=aws-sdk-go http.response.header.content_type=application/x-amz-json-1.1 http.response.header.x_amzn_requestid=2c62d3e0-61f7-4b7c-a437-1f51d091fd61 http.duration=277 http.status_code=200 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=12111111-1111-1111-11-1-11111111111@module=aws aws.region=us-west-2 http.response.body="{"EndpointGroup":{"EndpointDescriptions":[{"ClientIPPreservationEnabled":true,"EndpointId":"arn:aws:elasticloadbalancing:eu-west-1:123456789012:loadbalancer/app/tfe/123131312313","HealthState":"UNHEALTHY","Weight":128}],"EndpointGroupArn":"arn:aws:globalaccelerator::123456789012:accelerator/1231231233-12313e-1333e-a314-a1313d/listener/14141414/endpoint-group/213182739113","EndpointGroupRegion":"eu-west-1","HealthCheckIntervalSeconds":10,"HealthCheckPath":"/_health_check","HealthCheckPort":443,"HealthCheckProtocol":"HTTPS","PortOverrides":[],"ThresholdCount":3,"TrafficDialPercentage":0.0}}
" tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ReadResource aws.service="Global Accelerator" http.response.header.date="Thu, 15 Jun 2023 20:44:28 GMT" http.response_content_length=605 timestamp=2023-06-15T22:44:28.794+0200
2023-06-15T22:44:28.794+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Called downstream: @module=sdk.helper_schema tf_mux_provider=*schema.GRPCProviderServer tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.26.1/helper/schema/resource.go:1016 tf_req_id=12111111-1111-1111-11-1-11111111111tf_resource_type=aws_globalaccelerator_endpoint_group timestamp=2023-06-15T22:44:28.794+0200
2023-06-15T22:44:28.795+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received downstream response: tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 diagnostic_error_count=0 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_duration_ms=278 tf_req_id=12111111-1111-1111-11-1-11111111111@module=sdk.proto diagnostic_warning_count=0 tf_proto_version=5.3 timestamp=2023-06-15T22:44:28.794+0200
2023-06-15T22:44:28.795+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Served request: @module=sdk.proto tf_proto_version=5.3 tf_rpc=ReadResource @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:761 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=12111111-1111-1111-11-1-11111111111tf_resource_type=aws_globalaccelerator_endpoint_group timestamp=2023-06-15T22:44:28.794+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received request: tf_proto_version=5.3 tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=ValidateResourceTypeConfig @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:679 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=a1211112222-2222-222211-1-11111111 @module=sdk.proto timestamp=2023-06-15T22:44:28.799+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Sending request downstream: @module=sdk.proto tf_req_id=a1211112222-2222-222211-1-11111111 tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ValidateResourceTypeConfig timestamp=2023-06-15T22:44:28.799+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: calling downstream server: @caller=github.com/hashicorp/terraform-plugin-mux@v0.10.0/internal/logging/mux.go:16 @module=sdk.mux tf_mux_provider=*schema.GRPCProviderServer tf_rpc=ValidateResourceTypeConfig timestamp=2023-06-15T22:44:28.800+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Calling downstream: @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.26.1/helper/schema/grpc_provider.go:245 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=ValidateResourceTypeConfig @module=sdk.helper_schema tf_mux_provider=*schema.GRPCProviderServer tf_req_id=a1211112222-2222-222211-1-11111111 timestamp=2023-06-15T22:44:28.800+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Called downstream: tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=a1211112222-2222-222211-1-11111111 tf_rpc=ValidateResourceTypeConfig @module=sdk.helper_schema tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/terraform-plugin-sdk/v2@v2.26.1/helper/schema/grpc_provider.go:247 tf_mux_provider=*schema.GRPCProviderServer timestamp=2023-06-15T22:44:28.800+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received downstream response: @module=sdk.proto diagnostic_error_count=0 diagnostic_warning_count=0 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ValidateResourceTypeConfig tf_resource_type=aws_globalaccelerator_endpoint_group @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 tf_proto_version=5.3 tf_req_duration_ms=0 tf_req_id=a1211112222-2222-222211-1-11111111 timestamp=2023-06-15T22:44:28.800+0200
2023-06-15T22:44:28.800+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Served request: tf_rpc=ValidateResourceTypeConfig @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:699 @module=sdk.proto tf_proto_version=5.3 tf_req_id=a1211112222-2222-222211-1-11111111 tf_resource_type=aws_globalaccelerator_endpoint_group tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp=2023-06-15T22:44:28.800+0200
2023-06-15T22:44:28.801+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received request: @module=sdk.proto tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=1211112222-2222-222211-1-11111111 tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=PlanResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/tf5server/server.go:770 timestamp=2023-06-15T22:44:28.801+0200
2023-06-15T22:44:28.801+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Sending request downstream: tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=PlanResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:17 @module=sdk.proto tf_req_id=1211112222-2222-222211-1-11111111 timestamp=2023-06-15T22:44:28.801+0200
2023-06-15T22:44:28.801+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: calling downstream server: @module=sdk.mux tf_mux_provider=*schema.GRPCProviderServer tf_rpc=PlanResourceChange @caller=github.com/hashicorp/terraform-plugin-mux@v0.10.0/internal/logging/mux.go:16 timestamp=2023-06-15T22:44:28.801+0200
2023-06-15T22:44:28.802+0200 [TRACE] provider.terraform-provider-aws_v5.3.0_x5: Received downstream response: tf_proto_version=5.3 tf_req_id=1211112222-2222-222211-1-11111111 diagnostic_warning_count=0 diagnostic_error_count=0 tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_duration_ms=1 tf_resource_type=aws_globalaccelerator_endpoint_group tf_rpc=PlanResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/tf5serverlogging/downstream_request.go:37 @module=sdk.proto timestamp=2023-06-15T22:44:28.802+0200

[smellyspice]

This is still an issue. I test setting weight = 0 in the CLI and it works perfectly.

This is only an issue when you set weight = 0 in terraform. Anything > 0 works fine.

Use-case: It's not uncommon to bring up instances with TF but not make them live in GA. Would be nice not to send traffic until we're ready.