Rafaellinos commented 5 months ago

Terraform Core Version

1.8.1

AWS Provider Version

5.46

Affected Resource(s)

ELBv2

Expected Behavior

Create AWS ALB

Actual Behavior

Error: modifying ELBv2 Load Balancer (arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/my-alb/f771c17d) attributes: InvalidConfigurationRequest: Key client_keep_alive .seconds not valid

Relevant Error/Panic Output Snippet

- OS: Linux 6.8.7-arch1-1
- LocalStack: pro 3.4.0
- AWS CLI: 2.15.40
- terraform: 1.8.1

Terraform Configuration Files

variable "docker_image" {
  description = "The Docker image for the APIs"
  default     = "nginxdemos/nginx-hello"
}

# Region
provider "aws" {
  access_key                  = "test"
  secret_key                  = "test"
  region                      = "us-east-1"
}

# VPC and Subnets
resource "aws_vpc" "my_vpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_subnet" "public_subnet_a" {
  vpc_id                  = aws_vpc.my_vpc.id
  cidr_block              = "10.0.1.0/24"
  availability_zone       = "us-east-1a"
  map_public_ip_on_launch = false
}

resource "aws_subnet" "public_subnet_b" {
  vpc_id                  = aws_vpc.my_vpc.id
  cidr_block              = "10.0.2.0/24"
  availability_zone       = "us-east-1b"
  map_public_ip_on_launch = false
}

resource "aws_subnet" "public_subnet_c" {
  vpc_id                  = aws_vpc.my_vpc.id
  cidr_block              = "10.0.3.0/24"
  availability_zone       = "us-east-1c"
  map_public_ip_on_launch = false
}

# ECS Task Definitions
resource "aws_ecs_task_definition" "tax_api" {
  family                   = "TAX-API"
  container_definitions   = jsonencode([
    {
      name  = "taxApi"
      image = var.docker_image
      memory = 128 
    }
  ])
}

resource "aws_ecs_task_definition" "prodesp_acl" {
  family                   = "PRODESP-ACL"
  container_definitions   = jsonencode([
    {
      name  = "prodespAcl"
      image = var.docker_image
      memory = 128 
    }
  ])
}

resource "aws_ecs_task_definition" "payment_acl" {
  family                   = "PAYMENT-ACL"
  container_definitions   = jsonencode([
    {
      name  = "paymentAcl"
      image = var.docker_image
      memory = 128 
    }
  ])
}

# ECS Cluster
resource "aws_ecs_cluster" "my_cluster" {
  name = "tax-cluster"
}

# ECS Services
resource "aws_ecs_service" "tax_api_service" {
  name            = "tax-api-service"
  cluster         = aws_ecs_cluster.my_cluster.id
  task_definition = aws_ecs_task_definition.tax_api.arn
  desired_count   = 1

  network_configuration {
    subnets          = [aws_subnet.public_subnet_a.id]
    security_groups  = []  # Specify security groups if needed
    assign_public_ip = true
  }
}

resource "aws_ecs_service" "prodesp_acl_service" {
  name            = "prodesp-acl-service"
  cluster         = aws_ecs_cluster.my_cluster.id
  task_definition = aws_ecs_task_definition.prodesp_acl.arn
  desired_count   = 1

  network_configuration {
    subnets          = [aws_subnet.public_subnet_b.id]
    security_groups  = []  # Specify security groups if needed
    assign_public_ip = true
  }
}

resource "aws_ecs_service" "payment_acl_service" {
  name            = "payment-acl-service"
  cluster         = aws_ecs_cluster.my_cluster.id
  task_definition = aws_ecs_task_definition.payment_acl.arn
  desired_count   = 1

  network_configuration {
    subnets          = [aws_subnet.public_subnet_c.id]
    security_groups  = []  # Specify security groups if needed
    assign_public_ip = true
  }
}

# Application Load Balancer (ALB)
resource "aws_lb" "my_alb" {
  name               = "my-alb"
  internal           = false
  load_balancer_type = "application"
  #client_keep_alive  = 3600
  subnets            = [
    aws_subnet.public_subnet_a.id,
    aws_subnet.public_subnet_b.id,
    aws_subnet.public_subnet_c.id
  ]
}

# ALB Target Groups
resource "aws_lb_target_group" "tax_api_target_group" {
  name     = "tax-api-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.my_vpc.id
}

resource "aws_lb_target_group" "prodesp_acl_target_group" {
  name     = "prodesp-acl-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.my_vpc.id
}

resource "aws_lb_target_group" "payment_acl_target_group" {
  name     = "payment-acl-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.my_vpc.id
}

# ALB Listener Rules
resource "aws_lb_listener_rule" "tax_api_listener_rule" {
  listener_arn = aws_lb.my_alb.arn
  priority     = 100

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.tax_api_target_group.arn
  }

  condition {
    path_pattern {
      values = ["/tax/*"]
    }
  }
}

resource "aws_lb_listener_rule" "prodesp_acl_listener_rule" {
  listener_arn = aws_lb.my_alb.arn
  priority     = 110

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.prodesp_acl_target_group.arn
  }

  condition {
    path_pattern {
      values = ["/prodesp/*"]
    }
  }
}

resource "aws_lb_listener_rule" "payment_acl_listener_rule" {
  listener_arn = aws_lb.my_alb.arn
  priority     = 120

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.payment_acl_target_group.arn
  }

  condition {
    path_pattern {
      values = ["/payment/*"]
    }
  }
}

Steps to Reproduce

tflocal init && tflocal apply

Debug Output

https://gist.github.com/Rafaellinos/49618fec23afd1454cc6212d7b6c4258

Panic Output

No response

Important Factoids

I'm using localstack pro and tflocal.

References

https://github.com/hashicorp/terraform/issues/35089

Would you like to implement a fix?

None

github-actions[bot] commented 5 months ago

Community Note

Voting for Prioritization

Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
Please see our prioritization guide for information on how we prioritize.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.

Rafaellinos commented 5 months ago

Downgrading the version to 5.45 solved the issue, maybe something related to version 5.46.

provider "aws" {
  access_key                  = "test"
  secret_key                  = "test"
  region                      = "us-east-1"
  version                     = "= 5.45"
}

cabeaulac commented 4 months ago

This is happening in Terraform aws provider 5.52.0 also

jaybe78 commented 1 week ago

Any plan to fix this ? This prevents us from upgrading required_provider version. We are stuck at 5.45

hashicorp / terraform-provider-aws

[Bug]: AWS ALB attributes: InvalidConfigurationRequest: Key client_keep_alive .seconds not valid #37138