Can't ignore changes for aws_ecs_service load_balancer.0.target_group_arn (for CodeDeploy blue-green deploys)

[jfirebaugh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.24
+ provider.aws v2.54.0

Affected Resource(s)

• aws_ecs_service

Terraform Configuration Files

resource "aws_ecs_service" "service" {
  # ...

  load_balancer {
    target_group_arn = var.target_group_a_arn
    container_name   = var.load_balancer_container_name
    container_port   = 80
  }

  lifecycle {
    ignore_changes = [load_balancer.0.target_group_arn]
  }
}

Expected Behavior

The target_group_arn key of the first load_balancer set should be ignored. This is necessary for using CodeDeploy blue-green deployments, which modify this property outside of terraform's control.

Actual Behavior

When running terraform plan, the following error is output:

Error: Cannot index a set value

  on deploy/ecs_web_service/main.tf line 52, in resource "aws_ecs_service" "service":
  52:     ignore_changes = [desired_count, task_definition, load_balancer.0.target_group_arn]

Block type "load_balancer" is represented by a set of objects, and set
elements do not have addressable keys. To find elements matching specific
criteria, use a "for" expression with an "if" clause.

References

This was previously reported in #9776. @bflad said there to open an issue in terraform core repository. @ryzr did so: hashicorp/terraform#22504. Then that issue was closed by @ryzr saying to open an issue here again. So that's what I'm doing. Please consider @jbardin's suggestion of using a TypeList rather than a Set.

[chrysalis69]

I've just ignored the complete load_balancer block, because all 3 values (target_group_arn, container_name, container_port) are managed by the appspec in code-deploy.

In other words, my lifecycle looks like this:

  lifecycle {
    ignore_changes = [
      desired_count,   # Updated possibly by auto scaling
      task_definition, # Updated by deployments
      load_balancer,
    ]
  }

[fugitive90]

@chrysalis69 For task_definition , you could use this snippet:
task_definition = "${aws_ecs_task_definition.this.family}:${max(aws_ecs_task_definition.this.revision, data.aws_ecs_task_definition.latest.revision)}"

Just find with data resource current task definition revision and revision from your TF definition, this would be a way to get latest one.

I also experience this bug with CodeDeploy B/G deployments

[justinretzolk]

Hey @jfirebaugh 👋 Thank you for taking the time to submit this issue. Given that there's been a few AWS Provider releases since you initially filed it, can you confirm whether you're still experiencing this behavior?

[jfirebaugh]

It's still a provider issue, albeit one that has viable workarounds as others have noted.

[sitole]

Any progress?

[aholthagerty]

this is an issue with more than just aws_ecs_service load_balancer.0.target_group_arn

this is an issue with any resource currently using a Set rather than a TypeList, correct?

[dtfiedler]

any changes here?

[quinn]

any update here?

[d11-jwaring]

Still occurring in version 5.4 of the AWS provider.

[gdavison]

Thanks all for reporting the issue and participating in the discussion. The lifecycle.ignore_changes directive is managed by Terraform itself while generating a plan, and the provider is never aware of it. This means that any fixes to the general behaviour of lifecycle.ignore_changes need to be implemented in the Terraform project.

For this specific case, load_balancer is a Set because it can have multiple values and the order is not significant. Using the List type would not be appropriate for this parameter.

To ignore changes, you could ignore changes to the whole Set, using

lifecycle {
  ignore_changes = [load_balancer]
}

as suggested above.

If the other values should not be ignored, I suggest requesting the feature from the Terraform project. In a previous report (hashicorp/terraform#22504 (comment)) they suggested that ignoring individual parameters of set members would be "a very limited use case". You could open a new issue with them and indicate how it is useful.

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.