aws_appautoscaling_target causing perpetual drift

[busla]

Description

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

The aws_appautoscaling_target is causing a perpetual drift (version 8.5.0/9.0.0)

  # module.db.aws_appautoscaling_target.this[0] will be updated in-place
  ~ resource "aws_appautoscaling_target" "this" {
        id                 = "cluster:<redacted>"
        tags               = {
            "Business Unit" = "IT"
            "Customer"      = "General"
            "Owner"         = "DevOps"
            "state"         = "rds"
            "terraform"     = "true"
        }
      ~ tags_all           = {
          + "Business Unit" = "IT"
          + "Customer"      = "General"
          + "Owner"         = "DevOps"
          + "state"         = "rds"
          + "terraform"     = "true"
        }
        # (6 unchanged attributes hidden)
    }

What I have tried so far without success:

• Removed default_tags from the provider block

The cluster was originally created in 2020 and according to the docs, tags or default_tags from the provider block cannot be used on clusters created before 2023-03-20

I am not sure how to proceed to fix this 🤷🏼

Perhaps add a new variable to allow ignoring tags on the resource?

Something like

variable "enable_appautoscaling_tags" {
  type        = bool
  default     = true
  description = "Allow disabling tags on the aws_appautoscaling_target resource. Tags cannot be used on clusters created before 2023-03-30 and causes a perpetual drift."
}

# ...

resource "aws_appautoscaling_target" "this" {
  count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0

  max_capacity       = var.autoscaling_max_capacity
  min_capacity       = var.autoscaling_min_capacity
  resource_id        = "cluster:${aws_rds_cluster.this[0].cluster_identifier}"
  scalable_dimension = "rds:cluster:ReadReplicaCount"
  service_namespace  = "rds"
  tags = var.enable_appautoscaling_tags ? var.tags : null
}

Versions

• Module version [Required]:

• Terraform version: Tested in 1.6.4 and 1.7.3.

• Provider version(s):

  ├── provider[registry.terraform.io/hashicorp/random]
  ├── provider[terraform.io/builtin/terraform]
  ├── provider[registry.terraform.io/hashicorp/tfe] 0.52.0
  ├── provider[registry.terraform.io/hashicorp/aws] ~> 5.0
  ├── module.db
  │   └── provider[registry.terraform.io/hashicorp/aws] >= 5.26.0
  ├── module.db_upgraded
  │   └── provider[registry.terraform.io/hashicorp/aws] >= 5.26.0
  └── module.security_servers_db
  └── provider[registry.terraform.io/hashicorp/aws] >= 5.26.0

Reproduction Code [Required]

module "db_upgraded" {
  source                     = "terraform-aws-modules/rds-aurora/aws"
  version                    = "9.0.0"
  name                       = "${local.env}-<redacted>-aurora"
  snapshot_identifier        = data.aws_db_cluster_snapshot.this.id
  auto_minor_version_upgrade = true
  engine                     = "aurora-postgresql"
  engine_version             = "11.21"
  skip_final_snapshot        = true
  vpc_id                     = data.terraform_remote_state.networking.outputs.data_vpc_id
  subnets                    = data.terraform_remote_state.networking.outputs.database_subnets
  security_group_rules = merge({
    db-query = { source_security_group_id = data.terraform_remote_state.db-query.outputs.security_group_id }
    db-write = { source_security_group_id = data.terraform_remote_state.db-write.outputs.security_group_id }
  }, local.node_group_sg_ids)
  instance_class = "db.t3.medium"
  instances = {
    1 = {
      instance_class = "db.t3.medium"
    }
    2 = {
      instance_class = "db.t3.medium"
    }
  }
  allow_major_version_upgrade       = true
  storage_encrypted                 = true
  apply_immediately                 = true
  monitoring_interval               = 10
  performance_insights_enabled      = true
  preferred_maintenance_window      = "mon:05:00-mon:06:00"
  create_db_parameter_group         = false
  create_db_cluster_parameter_group = false
  db_cluster_parameter_group_name             = aws_rds_cluster_parameter_group.this.name
  db_cluster_db_instance_parameter_group_name = aws_db_parameter_group.this.name
  db_subnet_group_name            = aws_db_subnet_group.db.name
  manage_master_user_password     = false
  master_password                 = random_password.master_password.result
  enabled_cloudwatch_logs_exports = ["postgresql"]
  tags                            = local.common_tags
  autoscaling_enabled             = true
  autoscaling_min_capacity        = 1
  autoscaling_max_capacity        = 2
}

Steps to reproduce the behavior:

No

Yes

After upgrading the provider version to 5.26.0 the drift started to appear.

Expected behavior

Changes should be applied and not cause a perpetual drift.

Actual behavior

Causes perpetual drift

[busla]

Setting ignore_changes on tags_all fixes the issue (tested).

resource "aws_appautoscaling_target" "this" {
  count = local.create && var.autoscaling_enabled && !local.is_serverless ? 1 : 0

  max_capacity       = var.autoscaling_max_capacity
  min_capacity       = var.autoscaling_min_capacity
  resource_id        = "cluster:${aws_rds_cluster.this[0].cluster_identifier}"
  scalable_dimension = "rds:cluster:ReadReplicaCount"
  service_namespace  = "rds"

  tags = var.tags

  lifecycle {
    ignore_changes = [
      tags_all,
    ]
  }
}

[antonbabenko]

This issue has been resolved in version 9.0.2 :tada:

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.