Terraform-provider-aws: AWS Load Balancer health check defaults not working?

Created on 30 Nov 2017  路  10Comments  路  Source: hashicorp/terraform-provider-aws

I upgraded Terraform and the Terraform AWS Provider earlier today, and since it projected modifications, I decided to try applying them later.

I got this error:

Error: Error applying plan:

3 error(s) occurred:

* module.project.aws_alb_target_group.project_signature_alb_target_group: 1 error(s) occurred:

* aws_alb_target_group.project_signature_alb_target_group: Error modifying Target Group: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, ModifyTargetGroupInput.HealthCheckPath.

* aws_lb_target_group.broker_api_lb_target_group: 1 error(s) occurred:

* aws_lb_target_group.broker_api_lb_target_group: Error creating LB Target Group: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, CreateTargetGroupInput.HealthCheckPath.

* module.project.aws_alb_target_group.project_prod_alb_target_group: 1 error(s) occurred:

* aws_alb_target_group.project_prod_alb_target_group: Error modifying Target Group: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, ModifyTargetGroupInput.HealthCheckPath.

Looking back at the plan, I can see:

  health_check.0.path:                "/" => ""

Health check path is optional and defaults to '/', why is it trying to set it to ""? And why does it validate it during the apply rather than during the plan?

Terraform Version

Terraform v0.11.0

  • provider.aws v1.5.0

Affected Resource(s)

aws_alb_target_group

Terraform Configuration Files

resource "aws_alb_target_group" "project_prod_alb_target_group" {
  name = "project-elb-target"
  port = 80
  protocol = "HTTP"
  vpc_id = "${var.alb_vpc_id}"

  stickiness {
    type = "lb_cookie"
    enabled = false
  }

  health_check {
    interval = 10
  }

  tags {
    Name = "Project Prod ALB Target Group"
  }
}

Debug Output

Please provider a link to a GitHub Gist containing the complete debug output: https://www.terraform.io/docs/internals/debugging.html. Please do NOT paste the debug output in the issue; just paste a link to the Gist.

Expected Behavior

What should have happened?

No change to health check path.

Actual Behavior

What actually happened?

Attempted to change health check path to "" and failed validation.

bug servicelbv2
Source
picture geoffreywiseman
👍2

Most helpful comment

I ran into this today, too. Fixed by specifying just path and matcher properties of aws_alb_target_group to their Terraform default values / and 200 respectively.

picture PorridgeBear on 3 Dec 2017
👍4

All 10 comments

Specified path, got:

* aws_alb_target_group.project_prod_alb_target_group: Error modifying Target Group: ValidationError: Health check matcher HTTP code cannot be empty
    status code: 400, request id: b44c6a2e-d586-11e7-a1a7-3d2114a0fe27
* aws_lb_target_group.broker_api_lb_target_group: 1 error(s) occurred:

* aws_lb_target_group.broker_api_lb_target_group: Error creating LB Target Group: ValidationError: Health check matcher HTTP code cannot be empty
    status code: 400, request id: b44bf4e2-d586-11e7-87e5-b71c5404c0af
* module.project.aws_alb_target_group.project_signature_alb_target_group: 1 error(s) occurred:

* aws_alb_target_group.project_signature_alb_target_group: Error modifying Target Group: ValidationError: Health check matcher HTTP code cannot be empty
    status code: 400, request id: b44d0630-d586-11e7-958f-0bd65bc6a4d7

Specified matcher code, got:

* aws_alb_target_group.project_signature_alb_target_group: Error modifying Target Group: ValidationError: Health check timeout '10' must be smaller than the interval '10'
    status code: 400, request id: 10f963fa-d587-11e7-82f5-e30d0d3b1b34
* module.project.aws_alb_target_group.project_prod_alb_target_group: 1 error(s) occurred:

* aws_alb_target_group.project_prod_alb_target_group: Error modifying Target Group: ValidationError: Health check timeout '10' must be smaller than the interval '10'
    status code: 400, request id: 10f93ce9-d587-11e7-82f5-e30d0d3b1b34
* aws_lb_target_group.broker_api_lb_target_group: 1 error(s) occurred:

* aws_lb_target_group.broker_api_lb_target_group: Error creating LB Target Group: ValidationError: Health check timeout '10' must be smaller than the interval '10'
    status code: 400, request id: 10f8c776-d587-11e7-80be-9f7c7b5e8229

That seems to have done it. Seems like basically the health check defaults aren't working quite right.

geoffreywiseman picture geoffreywiseman on 30 Nov 2017

I ran into this today, too. Fixed by specifying just path and matcher properties of aws_alb_target_group to their Terraform default values / and 200 respectively.

PorridgeBear picture PorridgeBear on 3 Dec 2017
👍4

@PorridgeBear is correct adding the missing params is the solution

punkdata picture punkdata on 5 Dec 2017

I think this is the case since v1.3.0, it seems to have been changed here: https://github.com/terraform-providers/terraform-provider-aws/commit/79467dc32944ceb42acaa60bb91da86fa974ef22
@DaveBlooman @catsby If I'm right, is this a wanted behavior? Or can we put back the default values for both fields?

EDIT:
I did not see the changelog about that: https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md#130-november-16-2017
So it seems to be wanted...

cyrilgdn picture cyrilgdn on 6 Dec 2017
👍2

Yeah, that looks suspiciously like the change, I agree. ;) Hm. It says "existing deployments not affected", but I definitely had an issue on an existing deployment? Also, docs for aws_lb_target_group could use tweaks to point out that they don't have the defaults the docs imply they do, and that while they may be optional, you may have to specify it depending on the load balancer?

geoffreywiseman picture geoffreywiseman on 7 Dec 2017

Just ran into this issue. Creating a network load balancer, which should not even require path. My health check block is simply:

    health_check = {
        port = 80
    }

Which is erroring with:

* aws_lb_target_group.phish_nlb_be_443: Error modifying Target Group: InvalidParameter: 1 validation error(s) found.
- minimum field size of 1, ModifyTargetGroupInput.HealthCheckPath.
````

`path` according to the [aws_lb_target_group  documentation](https://www.terraform.io/docs/providers/aws/r/lb_target_group.html) should be optional. Adding `path = "/"` now errors with:
  • aws_lb_target_group.phish_nlb_be_443: Error modifying Target Group: ValidationError: Health check matcher HTTP code cannot be empty
    status code: 400, request id: da6a30be-15bb-11e8-8faa-75c515c1e267
    ```

Again the matcher property makes zero sense for network load balancers and according to the aws_lb_target_group documentation should be optional.

nodesocket picture nodesocket on 19 Feb 2018

Could you post some example terraform that is breaking, I would like to debug this but can't seem to reproduce the issue

dblooman picture dblooman on 21 Feb 2018

Adding protocol = "TCP" to the health_check block actually fixes it. I think this is still a bug though? Adding protocol should not be needed, as it should be inferred. It seems to be inferred if you don't specify a health_check block.

nodesocket picture nodesocket on 21 Feb 2018
👍2

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

github-actions[bot] picture github-actions[bot] on 28 Mar 2020

+1

eleni-salamani picture eleni-salamani on 22 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

andywirv picture andywirv  路  3Comments
hashibot picture hashibot  路  3Comments
ghost picture ghost  路  3Comments
reedloden picture reedloden  路  3Comments
hashibot picture hashibot  路  3Comments