[Bug]: Removing target groups from aws_autoscaling_group does not remove it on AWS

[yanngit]

Terraform Core Version

1.9.6

AWS Provider Version

5.64.0

Affected Resource(s)

aws_autoscaling_group

Expected Behavior

commenting target_group_arns should remove from AWS the load balancer target group

Actual Behavior

On AWS, the auto scaling group is still having references to the target group deleted. This is causing an issue when the auto scaling group should spawn a new instance of EC2 since it cannot find the deleted target group.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
}

resource "aws_launch_configuration" "example" {
  name = "example"
  image_id = "ami-abc123"
  instance_type = "t2.micro"
  user_data = <<-EOF
              #!/bin/bash
              echo "Hello, Terraform!" > index.html
              nohup busybox httpd -f -p 8080 &
              EOF

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_autoscaling_group" "example" {
  desired_capacity = 5
  launch_configuration = aws_launch_configuration.example.id
  max_size = 10
  min_size = 1
  vpc_zone_identifier = ["subnet-a1b2c3", "subnet-d4e5f6"]
  target_group_arns = [aws_lb_target_group.example.arn]
}

resource "aws_lb_target_group" "example" {
  name = "example"
  protocol = "HTTP"
  port = 8080
  vpc_id = "vpc-a1b2c3"
}

resource "aws_lb_listener" "example" {
  load_balancer_arn = aws_lb.example.arn
  port = "80"
  protocol = "HTTP"

  default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.example.arn
  }
}

Steps to Reproduce

• Create the auto scaling group with a target group
• Delete the target group and comment the target_group_arns in auto scaling group
• Apply
• Verify on AWS that the target group is not linked to auto scaling group -> it should still appear

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[eugercek]

I reproduced this, may I pick this up?

[eugercek]

As the documentation states to remove all target group attachments need to give empty list. Tested with this approach it works. AFAIK since target_group_arns is both Optional: true and Computed: true when operator removes the field from the configuration, terraform defines current state via api calls to aws, since they are same (real asg is connected to real tg) there will be no diff.

target_group_arns - (Optional) Set of aws_alb_target_group ARNs, for use with Application or Network Load Balancing. To remove all target group attachments an empty list should be specified.

---

Since we also have traffic_source computed looks necessary if we remove Computed true code will be more complex due to adding same destination in 2 places. I think it's ok to close the issue.

[justinretzolk]

Hey @yanngit 👋 Thank you for taking the time to raise this! As @eugercek mentioned above, it looks like this is functioning as expected and documented. With that in mind, I'm going to close this.

Thank you to @eugercek for the quick investigation and response here!

[github-actions[bot]]

[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.