Terraform-provider-aws: tainting an ecs service and running terraform apply receives Creation of service was not idempotent

Created on 13 Jun 2017  路  3Comments  路  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @gustavosoares as hashicorp/terraform#12665. It was migrated here as part of the provider split. The original body of the issue is below._

Hi,

Tainting an ecs service and running terraform apply again doesn't work. I am getting a Creation of service was not idempotent

I had to update my ecs service target group arn and I thought of tainting the ecs so it could be destroyed and recreated again with the right ref.

This is how I tainted it:

terraform taint -module=ecs_bla_service aws_ecs_service.main

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v0.8.8

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_ecs_service

Terraform Configuration Files

resource "aws_ecs_service" "main" {
  name                               = "${var.name}"
  cluster                            = "${var.cluster}"
  task_definition                    = "${var.task_definition}"
  desired_count                      = "${var.desired_count}"
  deployment_minimum_healthy_percent = "${var.deployment_minimum_healthy_percent}"
  deployment_maximum_percent         = "${var.deployment_maximum_percent}"

  iam_role   = "${aws_iam_role.ecs-service-role.arn}"
  depends_on = ["aws_iam_policy_attachment.ecs-service-iam-policy"]

  load_balancer {
    target_group_arn = "${var.target_group_arn}"
    container_name   = "${var.container_name}"
    container_port   = "${var.container_port}"
  }

  lifecycle {
    ignore_changes        = ["task_definition", "desired_count"]
    create_before_destroy = true
  }

  # http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-placement-strategies.html
  placement_strategy {
    type  = "${var.placement_strategy_type}"
    field = "${var.placement_strategy_field}"
  }

  placement_constraints {
    type       = "${var.placement_constraints_type}"
    expression = "${var.placement_constraints_expression}"
  }
}

Debug Output

module.ecs_corporate_service.aws_ecs_service.main: Still creating... (1m50s elapsed)
Error applying plan:

1 error(s) occurred:

* aws_ecs_service.main: InvalidParameterException: Creation of service was not idempotent.
    status code: 400, request id: 6b9e0243-0851-11e7-99d9-4b4a6bde7f7d "corporate-production"

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
exit status 1

Expected Behavior

ECS service should have been destroyed and recreated.

Actual Behavior

I've got Creation of service was not idempotent.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. Create a ecs service
  2. terraform apply
  3. taint it
  4. run terraform apply again

Important Factoids

Are there anything atypical about your accounts that we should know? For example: Running in EC2 Classic? Custom version of OpenStack? Tight ACLs?

Dunno

bug servicecs
Source
picture hashibot
👍7

Most helpful comment

I am experiencing the same issue when I try to update placement_constraints in an already created service.

picture aleerizw-zz on 21 Aug 2017
👍2

All 3 comments

I am experiencing the same issue when I try to update placement_constraints in an already created service.

aleerizw-zz picture aleerizw-zz on 21 Aug 2017
👍2

tl;dr aws_ecs_service needs to support name_prefix so that create_before_destroy can be used.

This seems to be the result of the lifecycle block's create_before_destroy parameter and ECS's requirement that serviceName be unique.

serviceName

The name of your service. Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. Service names must be unique within a cluster, but you can have similarly named services in multiple clusters within a Region or across multiple Regions.

Required: Yes

Since Terraform's aws_ecs_service doesn't support name_prefix. This errors.

Removing the following block from your ecs service should address the problem:

lifecycle {
   create_before_destroy = true
}

I'd rather like to see support for creating a new service (and having it start-up successfully) before destroying an old one. Right now, adding or changing the load balancer entries for instance is an outage.

dekimsey picture dekimsey on 6 Mar 2020

Agree with @dekimsey would like to see name_prefix supported for aws_ecs_service to avoid outages. Is it possible to utilize random_id to duplicate behavior of name_prefix? If so any specific examples for using this with aws_ecs_service?

msoreco picture msoreco on 28 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

aidansteele picture aidansteele  路  3Comments
hashibot picture hashibot  路  3Comments
hashibot picture hashibot  路  3Comments
hazmeister picture hazmeister  路  3Comments
hashibot picture hashibot  路  3Comments