[Bug]: Broken App Runner Observability

[fracampit]

Terraform Core Version

registry.gitlab.com/gitlab-org/terraform-images/stable:latest

AWS Provider Version

5.0.1

Affected Resource(s)

aws_apprunner_service

Expected Behavior

adding the observability_configuration block successfully enables observability on App runner

Actual Behavior

aws_apprunner_service.this: Modifying... [id=arn:aws:apprunner:us-east-2:963242658354:service/beta-preprod-frontend/9b8c69c889d941e5a2d508f92c812be6]
2023-08-03T12:02:13.293Z [ERROR] provider.terraform-provider-aws_v5.0.1_x5: Response contains error diagnostic: tf_resource_type=aws_apprunner_service @caller=github.com/hashicorp/terraform-plugin-go@v0.15.0/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR diagnostic_summary="error updating App Runner Service (arn:aws:apprunner:us-east-2:963242658354:service/beta-preprod-frontend/9b8c69c889d941e5a2d508f92c812be6): InvalidRequestException: No configurations provided in the UpdateService request." tf_provider_addr=registry.terraform.io/hashicorp/aws tf_rpc=ApplyResourceChange tf_proto_version=5.3 tf_req_id=d5f72d83-2e78-3e46-75aa-8848ac05680a timestamp=2023-08-03T12:02:13.293Z
2023-08-03T12:02:13.295Z [ERROR] vertex "aws_apprunner_service.this" error: error updating App Runner Service (arn:aws:apprunner:us-east-2:963242658354:service/beta-preprod-frontend/9b8c69c889d941e5a2d508f92c812be6): InvalidRequestException: No configurations provided in the UpdateService request.
╷
│ Error: error updating App Runner Service (arn:aws:apprunner:us-east-2:963242658354:service/beta-preprod-frontend/9b8c69c889d941e5a2d508f92c812be6): InvalidRequestException: No configurations provided in the UpdateService request.
│ 
│   with aws_apprunner_service.this,
│   on app-runner-frontend.tf line 1, in resource "aws_apprunner_service" "this":
│    1: resource "aws_apprunner_service" "this" {
│ 
╵

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

resource "aws_apprunner_service" "this" {
  service_name = length("${local.name_prefix}-frontend") > 39 ? substr("${local.name_prefix}-frontend", 0, 39) : "${local.name_prefix}-frontend"

  instance_configuration {
    instance_role_arn = aws_iam_role.instance.arn
  }

  source_configuration {
    authentication_configuration {
      access_role_arn = aws_iam_role.ecr.arn
    }
    image_repository {
      image_configuration {
        port = "3000"
        runtime_environment_secrets = {
          NODE_ENV       = aws_ssm_parameter.node_environment.name
          API_BASE_URL   = aws_ssm_parameter.api_gateway_url.name
          SESSION_SECRET = aws_secretsmanager_secret.session_secret.arn
        }
        runtime_environment_variables = {
          OTEL_PROPAGATORS            = "xray"
          OTEL_METRICS_EXPORTER       = "none"
          OTEL_EXPORTER_OTLP_ENDPOINT = "http://localhost:4317"
          OTEL_RESOURCE_ATTRIBUTES    = "service.name=traka-cloud-frontend"
        }
      }
      image_identifier      = "${aws_ecr_repository.this.repository_url}:latest"
      image_repository_type = "ECR"
    }
    auto_deployments_enabled = true
  }

  observability_configuration {
    observability_configuration_arn = aws_apprunner_observability_configuration.this.arn
    observability_enabled           = true
  }

  tags = {
    Name = "${local.name_prefix}-frontend"
  }
}

resource "aws_apprunner_observability_configuration" "this" {
  observability_configuration_name = "some-service"

  trace_configuration {
    vendor = "AWSXRAY"
  }
}

Steps to Reproduce

just deploy the above

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[ewbankkit]

I can reproduce this with a new acceptance test case:

% make testacc TESTARGS='-run=TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration' PKG=apprunner ACCTEST_PARALLELISM=2
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/apprunner/... -v -count 1 -parallel 2  -run=TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration -timeout 360m
=== RUN   TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration
=== PAUSE TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration
=== CONT  TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration
    service_test.go:431: Step 2/2 error: Error running apply: exit status 1

        Error: updating App Runner Service (arn:aws:apprunner:us-west-2:187416307283:service/tf-acc-test-7971785430668016957/d289a03b7176469bb7b6de7f4364882f): operation error AppRunner: UpdateService, https response error StatusCode: 400, RequestID: 0c95d9e6-926c-4f40-a70b-da145e04cbad, InvalidRequestException: No configurations provided in the UpdateService request.

          with aws_apprunner_service.test,
          on terraform_plugin_test.tf line 2, in resource "aws_apprunner_service" "test":
           2: resource "aws_apprunner_service" "test" {

--- FAIL: TestAccAppRunnerService_ImageRepository_addObservabilityConfiguration (197.31s)
FAIL
FAIL    github.com/hashicorp/terraform-provider-aws/internal/service/apprunner  202.788s
FAIL
make: *** [testacc] Error 1

[ewbankkit]

My interpretation of the AWS documentation is that you can't specify a completely new observability_configuration when updating an aws_apprunner_service that didn't have one previously, only update (enable or disable, change the configuration ARN) of an existing observability_configuration.

[dzwicker]

Hi, any news on this. Or Workarounds?

[wheatloaf]

in my experience this can corrupt your config. i got the same error as reported, tried to get my infra to match to unblock myself (e.g. by enabling observability manually in aws), no dice. decided to revert and abandon observability... disabled it in aws, then put configs back to observability = false... and now i still have the same error because it's trying to remove the observability_configuration_arn from my services

     ~ observability_configuration {
          - observability_configuration_arn = "arn:aws:apprunner:us-east-1:<account_id>:observabilityconfiguration/DefaultConfiguration/1/00000000000000000000000000000001" -> null
            # (1 unchanged attribute hidden)
        }

Error: updating App Runner Service (arn:aws:apprunner:us-east-1:<account_id>:service/<service_arn>): operation error AppRunner: UpdateService, https response error StatusCode: 400, RequestID: aea0bb20-e853-4de4-ba18-5ff11691969f, InvalidRequestException: No configurations provided in the UpdateService request.

might have to remake my services? -_-

[akvadrako]

A workaround is to create a fake configuration:

resource "aws_apprunner_service" "example" {
  observability_configuration {
    observability_configuration_arn = aws_apprunner_observability_configuration.xray.arn
    observability_enabled           = false
  }
}

resource "aws_apprunner_observability_configuration" "xray" {
  observability_configuration_name = "xray"

  trace_configuration {
    vendor = "AWSXRAY"
  }
}