terraform-aws-alb-ingress
terraform-aws-alb-ingress copied to clipboard
cloudposse
Getting "count" error with TF 1.0.7
Found a bug? Maybe our Slack Community can help.
Describe the Bug
Despite using terraform 1.0.7, I get "count" error:
│ Error: Invalid count argument
│
│ on .terraform/modules/proxy_service.alb_ingress/main.tf line 50, in resource "aws_lb_listener_rule" "unauthenticated_paths":
│ 50: count = module.this.enabled && length(var.unauthenticated_paths) > 0 && length(var.unauthenticated_hosts) == 0 ? length(var.unauthenticated_listener_arns) : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To
│ work around this, use the -target argument to first apply only the resources that the count depends on.
Also, the minimum version should also be updated to 0.14:
https://github.com/cloudposse/terraform-aws-alb-ingress/blob/ab6033cc736fa37fc4e65ab897423a438b45e6f5/versions.tf#L2
Expected Behavior
TF shouldn't complain about "count" and fail.
Steps to Reproduce
Steps to reproduce the behavior:
I'm using alb-ingress indirectly:
module "proxy_service" {
source = "cloudposse/ecs-web-app/aws"
version = "0.65.2"
launch_type = "FARGATE"
vpc_id = local.vpc_id
desired_count = 1
container_image = module.proxy_ecr.repository_url
container_cpu = 256
container_memory = 512
container_port = local.container_port
codepipeline_enabled = false
webhook_enabled = false
badge_enabled = false
ecs_alarms_enabled = false
autoscaling_enabled = false
aws_logs_region = data.aws_region.current.name
ecs_cluster_arn = aws_ecs_cluster.proxy.arn
ecs_cluster_name = aws_ecs_cluster.proxy.name
ecs_private_subnet_ids = local.public_subnets # misleading name, can be public
alb_security_group = module.proxy_alb.security_group_id
alb_arn_suffix = module.proxy_alb.alb_arn_suffix
alb_ingress_healthcheck_path = "/"
alb_ingress_health_check_timeout = 3
alb_ingress_health_check_healthy_threshold = 2
alb_ingress_health_check_unhealthy_threshold = 2
alb_ingress_health_check_interval = 30
# All paths are unauthenticated
alb_ingress_unauthenticated_paths = ["/*"]
alb_ingress_unauthenticated_listener_arns = module.proxy_alb.listener_arns
context = module.proxy_label.context
}
NOTE: Commenting out alb_ingress_unauthenticated_paths = ["/*"] removes the error, but then no aws_lb_listener_rule is created.
Screenshots
If applicable, add screenshots or logs to help explain your problem.
Environment (please complete the following information):
% terraform -version
Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.60.0
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/github v3.0.0
+ provider registry.terraform.io/hashicorp/http v2.1.0
+ provider registry.terraform.io/hashicorp/local v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
+ provider registry.terraform.io/hashicorp/template v2.2.0
Additional Context
Add any other context about the problem here.
@rstml I spoke with some colleagues at CloudPosse and this is a tricky problem to solve.
In the past, we've solved this using an additional input to pass in the count manually such as alb_ingress_unauthenticated_paths_count
or perhaps we can create the same logic without the length() function.
See issue https://github.com/cloudposse/docs/issues/131
The problem here most likely is that module.proxy_alb.listener_arns produces a list whose length is unknown at plan time. Do you know long the list will be? If so, converting the input into a list of known length should resolve the issue.
