[Bug]: Attribute `resources` considered as part of plan

[slackfan]

Terraform Core Version

1.5.4

AWS Provider Version

5.10.0

Affected Resource(s)

resource: aws_eks_node_group attribute: resources

Expected Behavior

A changed value for the attribute resources should not be considered during planning as the resources are an attribute only and cannot be configured as argument at all.

Actual Behavior

The value of the attribute resources is considered as part of the plan, but should not.

Relevant Error/Panic Output Snippet

# module.eks_node_group_config[0].aws_eks_node_group.private_node_group has changed
  ~ resource "aws_eks_node_group" "private_node_group" {
        id              = "fancyname:private_config"
      + resources       = [
          + {
              + autoscaling_groups              = [
                  + {
                      + name = "eks-private_config-50c4db45-0d6f-f179-0aa6-3add7d04bd6f"
                    },
                ]
              + remote_access_security_group_id = ""
            },
        ]
        tags            = {
            "CostCenter" = "slackfan"
        }
        # (7 unchanged attributes hidden)

        # (3 unchanged blocks hidden)
    }

Terraform Configuration Files

I am not aware of any special configuration. See Steps to Reproduce for an actual HCL snippet.

Steps to Reproduce

Deploy a aws_eks_node_group such as the following and during the next apply or plan Terraform tries to recreate the resource, even if actually nothing with the arguments changed.

resource "aws_eks_node_group" "private_node_group" {
  cluster_name    = var.cluster_name
  node_group_name = var.node_group_name
  node_role_arn   = var.node_role_arn
  subnet_ids      = var.subnet_ids
  version         = var.node_group_version
  instance_types = compact(
    [ # Maintain order
      for instance_type in var.node_group_instance_types :
      contains(data.aws_ec2_instance_type_offerings.instance_type_offerings.instance_types, instance_type) ? instance_type : ""
    ]
  )

  launch_template {
    name    = aws_launch_template.eks_node_group_launch_template.name
    version = aws_launch_template.eks_node_group_launch_template.latest_version
  }

  scaling_config {
    desired_size = var.desired_size
    max_size     = var.max_size
    min_size     = var.min_size
  }

  labels = {
    "cluster" = var.cluster_name
  }

  tags = merge(var.tags, {
    Function = "nodegroup"
  })

  dynamic "taint" {
    for_each = length(var.taints) == 0 ? [] : var.taints
    content {
      effect = lookup(
        {
          NoSchedule       = "NO_SCHEDULE"
          NoExecute        = "NO_EXECUTE"
          PreferNoSchedule = "PREFER_NO_SCHEDULE"
      }, taint.value.effect, taint.value.effect)
      key   = taint.value.key
      value = taint.value.value
    }
  }
}

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_node_group#resources

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[justinretzolk]

Hey @slackfan 👋 Thank you for taking the time to raise this! In this case, Terraform is behaving as expected. If drift is detected during the plan phase, the state needs to be updated, even if it's only for read-only attributes. If you'd like to ignore changes to a particular attribute, the ignore_changes meta-argument may be used.

I see that you mentioned that this is causing the resource to be recreated, however, I'm not seeing that in the sample plan output that you provided. If this was causing resource recreation, we'd definitely want to look at that. Are you able to supply logging that shows this attribute causing resource recreation?

[bryantbiggs]

@slackfan are we ok to close this issue now?