search

terraform-aws-modules / terraform-aws-apigateway-v2

Terraform module to create AWS API Gateway v2 (HTTP/WebSocket) 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/apigateway-v2/aws
Apache License 2.0
144 stars 188 forks source link

After throttling for API Gateway $default stage has been configured, removing throttling_burst_limit and throttling_rate_limit under default_route_settings causes API Gateway to set Burst limit=Rate limit=0, which means that all traffic is forbidden, while it should disable any throttling instead #45

Closed askaribragimov closed 2 years ago

askaribragimov commented 2 years ago

Description

The module can take a parameter that specifies throttling for the $default stage:

module "api_gateway" {
  source  = "terraform-aws-modules/apigateway-v2/aws"
....
  default_route_settings = {
    throttling_rate_limit  = 100
    throttling_burst_limit = 100
  }
}

After a Throttling for $default stage for an API Gateway has been enabled and set to some values, removing default_route_settings parameter leads to terraform plan like

  ~ default_route_settings {
      - throttling_burst_limit   = 100 -> null
      - throttling_rate_limit    = 100 -> null 
    }

and this ends up in setting both limits to zero, disabling traffic completely (which lead to a service downtime! ): image

Instead, we should get image

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

<!-- Execute: terraform providers -version -->
 - Module: "0.16.0", also manifests with latest-to-date  "1.1.0"

## Reproduction
<!-- REQUIRED -->
Steps to reproduce the behavior:

* Deploy a new API gateway with $default stage _without throttling parameters in `default_route_settings`_. Just do not use this section.
* Proceed to API GW Console to "Throttling->Stage (select $default) ->Throttling for $default stage" and confirm that for API Gw in question Default route throttling values are "Not configured"
* Set in Console Throttling for $default stage as some numbers, e.g. Burst limit =100 and  Rate limit = 100. 
* Still without `default_route_settings` set in Terraform, deploy again. You will get plan like
  ~ default_route_settings {
      - throttling_burst_limit   = 100 -> null
      - throttling_rate_limit    = 100 -> null 
    }

* Check again API GW Console -> Throttling for $default stage. You will see that Burst limit =0 and  Rate limit = 0. These mean that no traffic is allowed via Gateway and deploying such configuration will cause a break in a service. 

### Code Snippet to Reproduce
<!-- Optional but very helpful -->

## Expected behavior
After some throttling is already configured as described above, removal of `throttling_burst_limit` and `throttling_rate_limit parameters` inside `default_route_settings` should lead to disabling throttling, that is "Throttling->Stage (select $default) ->Throttling for $default stage" should contain "not configured" again and traffic should not be throttled.

## Actual behavior
<!-- A clear and concise description of what actually happened -->
After some throttling is already configured as described above, removal of `throttling_burst_limit` and `throttling_rate_limit parameters` inside `default_route_settings` causes these parameters to be set to zero, blocking traffic via gateway completely. 

### Terminal Output Screenshot(s)
<!-- Optional but helpful -->

## Additional context
<!-- Add any other context about the problem here -->
I have found similar case with original AWS provider but they say it is fixed in an earlier version of the provider. 

https://github.com/hashicorp/terraform-provider-aws/issues/5690
bryantbiggs commented 2 years ago

unfortunately this is an issue with the AWS API and there isn't anything we can do here in the module https://github.com/hashicorp/terraform-provider-aws/issues/14742

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.