Terraform-provider-aws: Network Load Balancer Target Group fails to be created: The provided target group attribute is not supported
Expected Behavior
Terraform Creates AWS Network Load Balancer Target Group
Actual Behavior
aws_lb_target_group.nlb: Error modifying Target Group Attributes: InvalidConfigurationRequest: The provided target group attribute is not supported
status code: 400
Steps to Reproduce
terraform apply
resource "aws_lb_target_group" "nlb" {
count = "${length(var.peer_tg_ports)}"
name_prefix = "${var.tg_name}-n-"
port = "${element(var.peer_tg_ports, count.index)}"
protocol = "TCP"
vpc_id = "${var.vpc_id}"
slow_start = "900"
lifecycle {
create_before_destroy = true
}
health_check {
protocol = "HTTP"
path = "${var.hc_path}"
port = "${var.hc_port}"
unhealthy_threshold = "10"
healthy_threshold = "10"
interval = "30"
}
}
Terraform Version
Terraform v0.11.10
- provider.archive v1.1.0
- provider.aws v1.50.0
- provider.random v2.0.0
- provider.template v1.0.0
JoshuaEdwards1991
All 6 comments
@JoshuaEdwards1991 if you switch the health_check protocol from HTTP to TCP and remove the health check path, does it work?
According the the API documentation:
HealthCheckProtocol
The protocol the load balancer uses when performing health checks on targets. The TCP protocol is supported only if the protocol of the target group is TCP. For Application Load Balancers, the default is HTTP. For Network Load Balancers, the default is TCP.
Type: String
Valid Values: HTTP | HTTPS | TCP
Required: No
However our resource documentation does not currently have the same note, so it would probably be beneficial to get that added.
We have talked in the past about separating ALB vs NLB resources so we can provide better plan-time validation for these sorts of issues, however no movement has been made in that regard and likely will not happen in the 2.0 release later this month.
bflad
on 7 Jan 2019
Unfortunately, it didn't fix the problem, it responded with the same error
It would be really handy to know which attribute it was referring to, is there a way to find out?
aws_lb_target_group.nlb: Error modifying Target Group Attributes: InvalidConfigurationRequest: The provided target group attribute is not supported
status code: 400
resource "aws_lb_target_group" "nlb" {
count = "${length(var.peer_tg_ports)}"
name_prefix = "${var.tg_name}-n-"
port = "${element(var.peer_tg_ports, count.index)}"
protocol = "TCP"
vpc_id = "${var.vpc_id}"
slow_start = "900"
lifecycle {
create_before_destroy = true
}
health_check {
protocol = "TCP"
#path = "${var.hc_path}"
#port = "${var.hc_port}"
unhealthy_threshold = "10"
healthy_threshold = "10"
interval = "30"
}
}
I have similar issue and I'm pretty sure that I know what's going on.
tl;dr NLB target groups doesn't support slow_start attribute - you are unable to set that from console but essentially you are able to try doing so from API.
My definition is pretty simple:
resource "aws_lb_target_group" "test" {
name = "${lower(var.env_name)}-test-tg"
port = 6000
protocol = "TCP"
vpc_id = "${aws_vpc.main.id}"
deregistration_delay = 20
slow_start = 30
}
This is valid terraform code and will be executed. But when you try to apply this it will end up with error (part of CloudTrail log):
"errorCode": "InvalidConfigurationRequestException",
"errorMessage": "The provided target group attribute is not supported",
"requestParameters": {
"attributes": [
{
"value": "20",
"key": "deregistration_delay.timeout_seconds"
},
{
"value": "30",
"key": "slow_start.duration_seconds"
}
],
"targetGroupArn": "<hidden>"
},
Due to obvious reasons - NLB target groups doesn't support slow_start attribute.
This if fine but what's bad is that when you try to apply this second time Terraform say that nothing needs to be changed which isn't true because API doesn't produce slow_start attribute for this resource:
$ aws elbv2 describe-target-group-attributes --target-group-arn <hidden> --profile test --region eu-central-1
{
"Attributes": [
{
"Key": "proxy_protocol_v2.enabled",
"Value": "false"
},
{
"Key": "deregistration_delay.timeout_seconds",
"Value": "300"
}
]
}
I think that 2 things should be corrected:
- Documentation (https://www.terraform.io/docs/providers/aws/r/lb_target_group.html#slow_start) - at least add information that slow_start is unavailable on NLB target groups.
- Check why Terraform skips check for slow_start attribute and say that nothing needs to be changed which is definitely wrong.
komarEX
on 22 Jan 2019
That makes sense!
I found that despite the error given it wouldn't actually associate the target group to the NLB. But when run a second time terraform hooked them up.
JoshuaEdwards1991
on 23 Jan 2019
@JoshuaEdwards1991 You saved my day! I was struggling for past 4 hours. Thank you!
limratechnologies
on 18 Mar 2020
I've been fighting with this all day and it is really frustrating. I hope that this plan to split network and application load balancers eventually happens.
tedivm
on 31 Jul 2020
Related issues
hashibot
路
3Comments
modax
路
3Comments
EmmN
路
3Comments
carmas
路
3Comments
hashibot
路
3Comments
Most helpful comment
I have similar issue and I'm pretty sure that I know what's going on.
tl;dr NLB target groups doesn't support slow_start attribute - you are unable to set that from console but essentially you are able to try doing so from API.
My definition is pretty simple:
This is valid terraform code and will be executed. But when you try to apply this it will end up with error (part of CloudTrail log):
Due to obvious reasons - NLB target groups doesn't support slow_start attribute.
This if fine but what's bad is that when you try to apply this second time Terraform say that nothing needs to be changed which isn't true because API doesn't produce slow_start attribute for this resource:
I think that 2 things should be corrected: