Terraform-provider-aws: Can't create a load balancer target group for network load balancer

Created on 19 Jun 2019 · 5Comments · Source: hashicorp/terraform-provider-aws

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.2
+ provider.archive v1.2.2
+ provider.aws v2.15.0

Affected Resource(s)

aws_lb_target_group

Terraform Configuration Files

resource "aws_lb_target_group" "default" {
  name     = "default-tg"
  protocol = "TCP"
  port     = "80"
  vpc_id   = var.vpc_id

  depends_on = [aws_lb.nlb]
}

Debug Output

Panic Output

Expected Behavior

The target group is created

Actual Behavior

The target group is not created with the following error

Error: Network Load Balancers do not support Stickiness

I've tried the work around from
https://github.com/terraform-providers/terraform-provider-aws/issues/2746

setting stickiness to [] or {} is invalid since 0.12

  on modules/aws/ec2/nlb/nlb.tf line 16, in resource "aws_lb_target_group" "default":
  16:   stickiness = {}

An argument named "stickiness" is not expected here. Did you mean to define a
block of type "stickiness"?

Creating an empty stickiness block

  on modules/aws/ec2/nlb/nlb.tf line 16, in resource "aws_lb_target_group" "default":
  16:   stickiness{}

The argument "type" is required, but no definition was found.

Creating a stickiness with enabled=false

resource "aws_lb_target_group" "default" {
  name     = "default-tg"
  protocol = "TCP"
  port     = "80"
  vpc_id   = var.vpc_id

  stickiness{
    enabled = false
    type = "lb_cookie"
  }

  depends_on = [aws_lb.nlb]
}

Error: Network Load Balancers do not support Stickiness

  on modules/aws/ecs/service/alb.tf line 1, in resource "aws_alb_target_group" "target_group":
   1: resource "aws_alb_target_group" "target_group" {

The doc says

NOTE: To help facilitate the authoring of modules that support target groups of any protocol, you can define stickiness regardless of the protocol chosen. However, for TCP target groups, enabled must be false.

and the code at https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_lb_target_group.go#L422

        // In CustomizeDiff we allow LB stickiness to be declared for TCP target
        // groups, so long as it's not enabled. This allows for better support for
        // modules, but also means we need to completely skip sending the data to the
        // API if it's defined on a TCP target group.

Yet this check still fails
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_lb_target_group.go#L682

When I look at my debug output, I can see the following for an ALB I also have which doesn't have any stickiness block in the HCL

2019/06/19 13:12:25 [WARN] Provider "aws" produced an invalid plan for module.external_services_alb.aws_alb_target_group.default, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .stickiness: block count in plan (1) disagrees with count in config (0)

I do see this warning in the target group related to my TCP load balancer

#       - .stickiness[0].cookie_duration: planned value cty.NumberIntVal(86400) does not match config value cty.NullVal(cty.Number)

But nothing else

Steps to Reproduce

terraform apply

Important Factoids

References

#0000

Source

hamstah

👍2

Most helpful comment

This seems like an issue...the default setting for the target groups assume an ALB which breaks the NLB configuration.
This should likely get documented in the resource docs: https://www.terraform.io/docs/providers/aws/r/lb_target_group.html
Or perhaps separate out the resources for a NLB vs. an ALB?

skang0601 on 19 Jun 2019

👍3

All 5 comments

Actually setting it with enabled = false ended up working, I had multiple target groups that needed updating.

😞

hamstah on 19 Jun 2019

skang0601 on 19 Jun 2019

👍3

Why is this closed?

oonisim on 22 Jun 2019

The issue I had was due to a mistake in my code with multiple load
balancers.

You can create the target group but you have to explicitly add a stickiness
block with enabled=false in it.

I'd say that should be fixed but it's more of an improvement that a
blocking bug.

I could do a PR to try and fix it but I'd need to understand why the
special case was added in the code, maybe it's because we can't have
conditional defaults? (Ie the default block for the stickiness is
conditional on the target group protocol). Having looked at the code it
seems it was explicitly added that way so there must be a reason.

On Sat, 22 Jun 2019, 11:05 am oonisim, notifications@github.com wrote:

Why is this closed?

—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
https://github.com/terraform-providers/terraform-provider-aws/issues/9050?email_source=notifications&email_token=AABN7DR5L4ZLUBGV65INAELP3XTMTA5CNFSM4HZIQ2G2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYKE2KQ#issuecomment-504646954,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AABN7DWVVFNLRHCZYM5AO7DP3XTMTANCNFSM4HZIQ2GQ
.