terraform-aws-alb
terraform-aws-alb copied to clipboard
terraform-aws-modules
ALB without target group attachment not working
Description
Trying to use the ALB and autoscaling modules together. ALB module should not have to create a targe_group_attachment (will configure that logic in autoscaling module's "traffic_source_attachment"), but it errors out. In addition, the create_attachment input variable is undocumented, but the plan still fails after setting it to false.
The current logic has a few flaws:
- There are two resource "aws_lb_target_group_attachment" resources. One uses the undocumented "create_attachment" attribute of Target_group object and the other doesn't. There is no "try" logic for "create_attachment" attribute. Here's the current code:
################################################################################
Target Group Attachment
################################################################################
resource "aws_lb_target_group_attachment" "this" { for_each = { for k, v in var.target_groups : k => v if local.create && lookup(v, "create_attachment", true) }
target_group_arn = aws_lb_target_group.this[each.key].arn target_id = each.value.target_id port = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port) availability_zone = try(each.value.availability_zone, null)
depends_on = [aws_lambda_permission.this] }
resource "aws_lb_target_group_attachment" "additional" { for_each = { for k, v in var.additional_target_group_attachments : k => v if local.create }
target_group_arn = aws_lb_target_group.this[each.value.target_group_key].arn target_id = each.value.target_id port = try(each.value.target_type, null) == "lambda" ? null : try(each.value.port, var.default_port) availability_zone = try(each.value.availability_zone, null)
depends_on = [aws_lambda_permission.this] } 2. My code sets the create_attachment attribute to false but the code is still executed (I do not have a lambda target at all). I set the create_attachment attribute to true and see the error message repeated
- [x ] β I have searched the open/closed issues and my issue is not listed.
Versions
-
Module version [Required]:
-
Terraform version:
terraform --version Terraform v1.9.2 on windows_386
- Provider version(s):
terraform providers -version Terraform v1.9.2 on windows_386
- provider registry.terraform.io/hashicorp/aws v5.59.0
- provider registry.terraform.io/hashicorp/random v3.6.2
Reproduction Code [Required]
module "alb-cognito" { source = "terraform-aws-modules/alb/aws"
name = "my-alb" vpc_id = var.vpc_id subnets = var.subnet_ids
Security Group
security_group_ingress_rules = {
all_https = {
from_port = 443
to_port = 443
ip_protocol = "tcp"
description = "HTTPS web traffic"
cidr_ipv4 = "0.0.0.0/0"
}
} security_group_egress_rules = { all = { ip_protocol = "-1" cidr_ipv4 = "10.0.0.0/16" } }
access_logs = { bucket = "my-alb-logs" }
listeners = { https = { port = 443 protocol = "HTTPS" ssl_policy = "ELBSecurityPolicy-TLS13-1-2-Res-2021-06" certificate_arn = var.certificate_arn
forward = {
target_group_key = "asg"
}
rules = {
# ex-cognito = {
# actions = [
# {
# type = "authenticate-cognito"
# on_unauthenticated_request = "authenticate"
# session_cookie_name = "session-${local.name}"
# session_timeout = 3600
# user_pool_arn = "arn:aws:cognito-idp:us-east-1:123412341234:userpool/us-east-1_123412341" # aws_cognito_user_pool.this.arn temporarily hard coding
# user_pool_client_id = "cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789" # aws_cognito_user_pool_client.this.id temporarily hard coding
# user_pool_domain = "auth.example.com" # aws_cognito_user_pool_domain.this.domain temporarily hard coding
# },
# {
# type = "forward"
# target_group_key = "asg"
# }
# ]
# conditions = [{
# path_pattern = {
# values = ["/some/auth/required/route"]
# }
# }]
# }
ex-fixed-response = {
priority = 3
actions = [{
type = "fixed-response"
content_type = "text/plain"
status_code = 200
message_body = "This is a fixed response"
}]
conditions = [{
http_header = {
http_header_name = "x-Gimme-Fixed-Response"
values = ["yes", "please", "right now"]
}
}]
}
ex-weighted-forward = {
priority = 4
actions = [{
type = "weighted-forward"
target_groups = [
{
target_group_key = "asg"
weight = 2
},
]
stickiness = {
enabled = true
duration = 3600
}
}]
conditions = [{
query_string = {
key = "weighted"
value = "true"
},
path_pattern = {
values = ["/some/path"]
}
}]
}
ex-redirect = {
priority = 5000
actions = [{
type = "redirect"
status_code = "HTTP_302"
host = "www.youtube.com"
path = "/watch"
query = "v=dQw4w9WgXcQ"
protocol = "HTTPS"
}]
conditions = [{
query_string = {
key = "video"
value = "random"
}
}]
}
}
}
}
target_groups = { asg = { name_prefix = "h1" protocol = "HTTPS" port = 443 target_type = "instance" deregistration_delay = 10 load_balancing_algorithm_type = "weighted_random" load_balancing_anomaly_mitigation = "on" load_balancing_cross_zone_enabled = false create_attachment = false health_check = { enabled = true interval = 30 path = "/healthz" port = "traffic-port" healthy_threshold = 3 unhealthy_threshold = 3 timeout = 6 protocol = "HTTPS" matcher = "200-399" } } tags = local.tags } }
Steps to reproduce the behavior:
No Yes execute terraform planExpected behavior
Target Group Attachment resource block should not be executed
Actual behavior
- Terraform Plan gets this error when create_attachement is set to false: β Error: Unsupported attribute β β on .terraform\modules\app-alb-asg.alb-cognito\main.tf line 568, in resource "aws_lb_target_group_attachment" "this": β 568: target_id = each.value.target_id β βββββββββββββββββ β β each.value is object with 3 attributes β β This object does not have an attribute named "target_id".
The error is repeated if create_attachment is set to true
Terminal Output Screenshot(s)
Additional context
I think I was having this same problem, but setting create_attachment = false in the target group resolved it for me.
I was also confused about this undocumented parameter. Source code of the module helped me. This code works in my case
target_groups = {
gitlab_https = {
name = "gitlab-https"
protocol = "TCP"
port = 443
target_type = "ip"
create_attachment = false
}
}
undocumented? https://github.com/terraform-aws-modules/terraform-aws-alb/blob/master/docs/patterns.md#target-group-without-attachment
undocumented? https://github.com/terraform-aws-modules/terraform-aws-alb/blob/master/docs/patterns.md#target-group-without-attachment
@bryantbiggs It is missing in the list of variables here: https://registry.terraform.io/modules/terraform-aws-modules/alb/aws/latest?tab=inputs
its a property of target_groups - just like port, protocol, target_type, etc.
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue was automatically closed because of stale in 10 days
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.