feat: Add support for ignoring both desired_capacity and target_group_arns

[kkumtree]

Description

• Add additional autoscaling group idc_itg (ignore desired changes and target groups) as well as a new variable ignore_desired_capacity_changes_and_target_group_arns to allow users to opt into an autoscaling group that will ignore desired_capacity and target_group_arns simultaneously.

Motivation and Context

• I'm using this module to build architecture, but realize that it's impossible to use terraform state derived by ASG module.
  After initial launch, drift occured outside terraform. And it occured errors when applying drift(updates).
  In this situation, I cannot use this state for monitoring drift detection with cron job.

module.ssh-asg.aws_launch_template.this[0]: Drift detected (update)
module.ssh-asg.aws_autoscaling_group.idc[0]: Drift detected (update)
module.was-sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.ssh-sg.module.sg.aws_security_group_rule.ingress_with_self[0]: Drift detected (update)
module.ssh-sg.module.sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.ssh-sg.module.sg.aws_security_group_rule.egress_rules[0]: Drift detected (update)
module.mysql-sgr.aws_security_group_rule.egress_with_source_security_group_id[0]: Drift detected (update)
module.vpc.aws_route_table.private[0]: Drift detected (update)
module.vpc.aws_route_table.public[0]: Drift detected (update)
module.vpc.aws_default_route_table.default[0]: Drift detected (update)
module.vpc.aws_default_network_acl.this[0]: Drift detected (update)
module.vpc.aws_nat_gateway.this[0]: Drift detected (update)
module.vpc.aws_eip.nat[0]: Drift detected (update)
module.web-asg.aws_launch_template.this[0]: Drift detected (update)
module.web-asg.aws_autoscaling_group.idc[0]: Drift detected (update)
module.web-sgr.aws_security_group_rule.egress_with_source_security_group_id[0]: Drift detected (update)
module.alb_web-sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.mysql-sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.alb_was-sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.web-sg.aws_security_group.this_name_prefix[0]: Drift detected (update)
module.was-asg.aws_launch_template.this[0]: Drift detected (update)
module.was-asg.aws_autoscaling_group.idc[0]: Drift detected (update)

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # module.ssh-asg.aws_autoscaling_group.idc[0] has changed
  ~ resource "aws_autoscaling_group" "idc" {
      + enabled_metrics                  = []
        id                               = "bsop-kiwi-ssh"
        name                             = "bsop-kiwi-ssh"
        # (24 unchanged attributes hidden)

        # (10 unchanged blocks hidden)
    }

  # module.was-asg.aws_autoscaling_group.idc[0] has changed
  ~ resource "aws_autoscaling_group" "idc" {
      + enabled_metrics                  = []
        id                               = "bsop-kiwi-was"
        name                             = "bsop-kiwi-was"
      ~ target_group_arns                = [
          + "arn:aws:elasticloadbalancing:ap-south-1:<my-account-id>:targetgroup/kiwi-was-alb/a1e8bb6b3b37f053",
        ]
        # (23 unchanged attributes hidden)

        # (10 unchanged blocks hidden)
    }

  # module.web-asg.aws_autoscaling_group.idc[0] has changed
  ~ resource "aws_autoscaling_group" "idc" {
      + enabled_metrics                  = []
        id                               = "bsop-kiwi-web"
        name                             = "bsop-kiwi-web"
      ~ target_group_arns                = [
          + "arn:aws:elasticloadbalancing:ap-south-1:<my-account-id>:targetgroup/kiwi-web-alb/9ae0eac76e0f79a3",
        ]
        # (23 unchanged attributes hidden)

        # (6 unchanged blocks hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

───

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.was-asg.aws_autoscaling_group.idc[0] will be updated in-place
  ~ resource "aws_autoscaling_group" "idc" {
        id                               = "bsop-kiwi-was"
        name                             = "bsop-kiwi-was"
      ~ target_group_arns                = [
          - "arn:aws:elasticloadbalancing:ap-south-1:<my-account-id>:targetgroup/kiwi-was-alb/a1e8bb6b3b37f053",
        ]
        # (25 unchanged attributes hidden)

        # (11 unchanged blocks hidden)
    }

  # module.web-asg.aws_autoscaling_group.idc[0] will be updated in-place
  ~ resource "aws_autoscaling_group" "idc" {
        id                               = "bsop-kiwi-web"
        name                             = "bsop-kiwi-web"
      ~ target_group_arns                = [
          - "arn:aws:elasticloadbalancing:ap-south-1:<my-account-id>:targetgroup/kiwi-web-alb/9ae0eac76e0f79a3",
        ]
        # (25 unchanged attributes hidden)

        # (7 unchanged blocks hidden)
    }

Plan: 0 to add, 2 to change, 0 to destroy.

I noticed that lifecycle(https://developer.hashicorp.com/terraform/tutorials/aws/aws-asg#set-lifecycle-rule) options in Hashicorp's tutorials, but this lifecyle is not supported in this module.

I want the addition of both ignoring desired_capacity and target_group_arns simultaneously but unfortunately it cannot be parameterized. This change giving us the option to select that only ignore desired_capacity (#173) OR ignore both desired_capacity and target_group_arns.

I think this feat. will resolve the issue(terraform-provider-aws#14540)

Breaking Changes

the only difference between aws_autoscaling_group.idc[0] and aws_autoscaling_group.idc_itg[0] is that the second ASG now ignores both desired_capacity and target_group_arns changes to allow utilizing autoscaling without reverting or showing up in Terraform plans/applies.

How Has This Been Tested?

• I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I created new example examples/idc_itg for demonstration and validation of my changes
  • Test with terraform apply --auto-approve and terraform destroy --auto-approve with my account

# /Users/kkumtree/github/terraform-aws-autoscaling/examples/idc_itg

Apply complete! Resources: 67 added, 0 changed, 0 destroyed.

Outputs:

complete_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:1aee2653-74c3-4ee8-afd5-7324906a4ea7:autoScalingGroupName/complete-idc-itg"
complete_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
complete_autoscaling_group_default_cooldown = 300
complete_autoscaling_group_desired_capacity = 1
complete_autoscaling_group_health_check_grace_period = 300
complete_autoscaling_group_health_check_type = "EC2"
complete_autoscaling_group_id = "complete-idc-itg"
complete_autoscaling_group_load_balancers = toset([])
complete_autoscaling_group_max_size = 1
complete_autoscaling_group_min_size = 0
complete_autoscaling_group_name = "complete-idc-itg"
complete_autoscaling_group_target_group_arns = toset([])
complete_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-088853d6c9d0b133e",
  "subnet-09aa3470c9761475b",
  "subnet-0fc4c30da075f4fdf",
])
complete_autoscaling_policy_arns = {
  "avg-cpu-policy-greater-than-50" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:f5313e48-e6a8-4a58-a895-2373bb34b44f:autoScalingGroupName/complete-idc-itg:policyName/avg-cpu-policy-greater-than-50"
  "predictive-scaling" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:c2fcfa17-07df-4879-ad66-f6ba4a62a3aa:autoScalingGroupName/complete-idc-itg:policyName/predictive-scaling"
  "request-count-per-target" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:3874e65c-173d-4711-87b0-f8e7e3a3a7e4:autoScalingGroupName/complete-idc-itg:policyName/request-count-per-target"
  "scale-out" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:02e83886-53d1-4986-bb64-f8a0c8b0a73a:autoScalingGroupName/complete-idc-itg:policyName/scale-out"
}
complete_autoscaling_schedule_arns = {
  "go-offline-to-celebrate-new-year" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:083b8330-1f6f-4140-ae60-71681a4ee2e9:autoScalingGroupName/complete-idc-itg:scheduledActionName/go-offline-to-celebrate-new-year"
  "morning" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:ec62bcd2-b72a-4405-a971-a8d86b217367:autoScalingGroupName/complete-idc-itg:scheduledActionName/morning"
  "night" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:be0dd8f2-fe61-45bf-8519-e94dff8f9a20:autoScalingGroupName/complete-idc-itg:scheduledActionName/night"
}
complete_iam_instance_profile_arn = "arn:aws:iam::<my-account-id>:instance-profile/ec2/complete-idc-itg-20231109050440718700000010"
complete_iam_instance_profile_id = "complete-idc-itg-20231109050440718700000010"
complete_iam_instance_profile_unique = "AIPAXKK2H6A544PLAGX44"
complete_iam_role_arn = "arn:aws:iam::<my-account-id>:role/ec2/complete-idc-itg-20231109050438689300000001"
complete_iam_role_name = "complete-idc-itg-20231109050438689300000001"
complete_iam_role_unique_id = "AROAXKK2H6A5RYAVPXMQJ"
complete_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-0d2b7c964153c661e"
complete_launch_template_default_version = 1
complete_launch_template_id = "lt-0d2b7c964153c661e"
complete_launch_template_latest_version = 1
complete_launch_template_name = "complete-idc-itg-20231109050504694400000020"
default_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:ba0ab664-ccca-47f5-9928-bc7cf7303768:autoScalingGroupName/default-idc-itg-20231109050457575200000019"
default_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
default_autoscaling_group_default_cooldown = 300
default_autoscaling_group_desired_capacity = 1
default_autoscaling_group_health_check_grace_period = 300
default_autoscaling_group_health_check_type = "EC2"
default_autoscaling_group_id = "default-idc-itg-20231109050457575200000019"
default_autoscaling_group_load_balancers = toset([])
default_autoscaling_group_max_size = 1
default_autoscaling_group_min_size = 0
default_autoscaling_group_name = "default-idc-itg-20231109050457575200000019"
default_autoscaling_group_target_group_arns = toset([])
default_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-088853d6c9d0b133e",
  "subnet-09aa3470c9761475b",
  "subnet-0fc4c30da075f4fdf",
])
default_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-07f276a11babb62ab"
default_launch_template_default_version = 1
default_launch_template_id = "lt-07f276a11babb62ab"
default_launch_template_latest_version = 1
default_launch_template_name = "default-idc-itg-2023110905044044110000000c"
external_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:48ed99dd-bdd4-41ee-bd23-760c82e8d7f0:autoScalingGroupName/external-idc-itg-2023110905045855690000001f"
external_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
external_autoscaling_group_default_cooldown = 300
external_autoscaling_group_desired_capacity = 1
external_autoscaling_group_health_check_grace_period = 300
external_autoscaling_group_health_check_type = "EC2"
external_autoscaling_group_id = "external-idc-itg-2023110905045855690000001f"
external_autoscaling_group_load_balancers = toset([])
external_autoscaling_group_max_size = 1
external_autoscaling_group_min_size = 0
external_autoscaling_group_name = "external-idc-itg-2023110905045855690000001f"
external_autoscaling_group_target_group_arns = toset([])
external_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-088853d6c9d0b133e",
  "subnet-09aa3470c9761475b",
  "subnet-0fc4c30da075f4fdf",
])
launch_template_only_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-036a810721dcef171"
launch_template_only_launch_template_default_version = 1
launch_template_only_launch_template_id = "lt-036a810721dcef171"
launch_template_only_launch_template_latest_version = 1
launch_template_only_launch_template_name = "launch-template-only-idc-itg-2023110905044060980000000e"
mixed_instance_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:af32cc61-8ad2-4eb0-aa90-0c85eb9a80e9:autoScalingGroupName/mixed-instance-idc-itg-2023110905045850120000001e"
mixed_instance_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
mixed_instance_autoscaling_group_default_cooldown = 300
mixed_instance_autoscaling_group_desired_capacity = 4
mixed_instance_autoscaling_group_health_check_grace_period = 300
mixed_instance_autoscaling_group_health_check_type = "EC2"
mixed_instance_autoscaling_group_id = "mixed-instance-idc-itg-2023110905045850120000001e"
mixed_instance_autoscaling_group_load_balancers = toset([])
mixed_instance_autoscaling_group_max_size = 5
mixed_instance_autoscaling_group_min_size = 0
mixed_instance_autoscaling_group_name = "mixed-instance-idc-itg-2023110905045850120000001e"
mixed_instance_autoscaling_group_target_group_arns = toset([])
mixed_instance_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-088853d6c9d0b133e",
  "subnet-09aa3470c9761475b",
  "subnet-0fc4c30da075f4fdf",
])
mixed_instance_iam_instance_profile_arn = "arn:aws:iam::<my-account-id>:instance-profile/complete-idc-itg"
mixed_instance_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-097950c5585c3b863"
mixed_instance_launch_template_default_version = 1
mixed_instance_launch_template_id = "lt-097950c5585c3b863"
mixed_instance_launch_template_latest_version = 1
mixed_instance_launch_template_name = "mixed-instance-idc-itg-20231109050442025300000014"
target_tracking_customized_metrics_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:1c5805dd-17bb-4de5-8829-4999a50edfbc:autoScalingGroupName/customized-metrics-idc-itg-2023110905045814800000001c"
target_tracking_customized_metrics_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
target_tracking_customized_metrics_autoscaling_group_default_cooldown = 300
target_tracking_customized_metrics_autoscaling_group_desired_capacity = 1
target_tracking_customized_metrics_autoscaling_group_health_check_grace_period = 300
target_tracking_customized_metrics_autoscaling_group_health_check_type = "EC2"
target_tracking_customized_metrics_autoscaling_group_id = "customized-metrics-idc-itg-2023110905045814800000001c"
target_tracking_customized_metrics_autoscaling_group_load_balancers = toset([])
target_tracking_customized_metrics_autoscaling_group_max_size = 1
target_tracking_customized_metrics_autoscaling_group_min_size = 0
target_tracking_customized_metrics_autoscaling_group_name = "customized-metrics-idc-itg-2023110905045814800000001c"
target_tracking_customized_metrics_autoscaling_group_target_group_arns = toset([])
target_tracking_customized_metrics_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-088853d6c9d0b133e",
  "subnet-09aa3470c9761475b",
  "subnet-0fc4c30da075f4fdf",
])
target_tracking_customized_metrics_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-087d4038d55d007fb"
target_tracking_customized_metrics_launch_template_default_version = 1
target_tracking_customized_metrics_launch_template_id = "lt-087d4038d55d007fb"
target_tracking_customized_metrics_launch_template_latest_version = 1
target_tracking_customized_metrics_launch_template_name = "customized-metrics-idc-itg-20231109050438699900000004"

╷
│ Warning: EC2 Default Network ACL (acl-012a8ebefcf500f88) not deleted, removing from state
│
│
╵

Destroy complete! Resources: 67 destroyed.

• I have tested and validated these changes using one or more of the provided examples/* projects
  • I have tested using examples/complete
  • Test with terraform apply --auto-approve and terraform destroy --auto-approve with my account

# /Users/kkumtree/github/terraform-aws-autoscaling/examples/complete
# Nothing changed

Apply complete! Resources: 67 added, 0 changed, 0 destroyed.

Outputs:

complete_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:7bba8046-3d73-43fc-98c0-1a4476b68a6d:autoScalingGroupName/complete-complete"
complete_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
complete_autoscaling_group_default_cooldown = 300
complete_autoscaling_group_desired_capacity = 1
complete_autoscaling_group_health_check_grace_period = 300
complete_autoscaling_group_health_check_type = "EC2"
complete_autoscaling_group_id = "complete-complete"
complete_autoscaling_group_load_balancers = toset([])
complete_autoscaling_group_max_size = 1
complete_autoscaling_group_min_size = 0
complete_autoscaling_group_name = "complete-complete"
complete_autoscaling_group_target_group_arns = toset([])
complete_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-001487d832492f3a2",
  "subnet-02dba9bd7d364cb82",
  "subnet-03a18f1be35f929d2",
])
complete_autoscaling_policy_arns = {
  "avg-cpu-policy-greater-than-50" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:39211ce0-0ed7-4f16-bf08-fd067396c16a:autoScalingGroupName/complete-complete:policyName/avg-cpu-policy-greater-than-50"
  "predictive-scaling" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:5ea91069-bbe7-4a25-ab02-3d79256b336c:autoScalingGroupName/complete-complete:policyName/predictive-scaling"
  "request-count-per-target" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:d5b821c4-1606-4e5c-a134-211b75157067:autoScalingGroupName/complete-complete:policyName/request-count-per-target"
  "scale-out" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scalingPolicy:770c9f91-3333-4031-89b3-ca769e00cd6c:autoScalingGroupName/complete-complete:policyName/scale-out"
}
complete_autoscaling_schedule_arns = {
  "go-offline-to-celebrate-new-year" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:bcd7c61f-ca7a-49e2-b1a3-ffa41ee8df75:autoScalingGroupName/complete-complete:scheduledActionName/go-offline-to-celebrate-new-year"
  "morning" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:935d2f93-6044-4cd1-9517-3c9d12c26399:autoScalingGroupName/complete-complete:scheduledActionName/morning"
  "night" = "arn:aws:autoscaling:eu-west-1:<my-account-id>:scheduledUpdateGroupAction:abf28875-bd5d-4118-a3ce-67522603f214:autoScalingGroupName/complete-complete:scheduledActionName/night"
}
complete_iam_instance_profile_arn = "arn:aws:iam::<my-account-id>:instance-profile/ec2/complete-complete-20231109044408421500000010"
complete_iam_instance_profile_id = "complete-complete-20231109044408421500000010"
complete_iam_instance_profile_unique = "AIPAXKK2H6A54H3OALPAJ"
complete_iam_role_arn = "arn:aws:iam::<my-account-id>:role/ec2/complete-complete-20231109044406291100000001"
complete_iam_role_name = "complete-complete-20231109044406291100000001"
complete_iam_role_unique_id = "AROAXKK2H6A5V6AO7DOQN"
complete_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-04c0138864ca3ec8a"
complete_launch_template_default_version = 1
complete_launch_template_id = "lt-04c0138864ca3ec8a"
complete_launch_template_latest_version = 1
complete_launch_template_name = "complete-complete-20231109044433606200000020"
default_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:1f65f314-771d-469e-9697-75650f9a1b95:autoScalingGroupName/default-complete-20231109044425475200000019"
default_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
default_autoscaling_group_default_cooldown = 300
default_autoscaling_group_desired_capacity = 1
default_autoscaling_group_health_check_grace_period = 300
default_autoscaling_group_health_check_type = "EC2"
default_autoscaling_group_id = "default-complete-20231109044425475200000019"
default_autoscaling_group_load_balancers = toset([])
default_autoscaling_group_max_size = 1
default_autoscaling_group_min_size = 0
default_autoscaling_group_name = "default-complete-20231109044425475200000019"
default_autoscaling_group_target_group_arns = toset([])
default_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-001487d832492f3a2",
  "subnet-02dba9bd7d364cb82",
  "subnet-03a18f1be35f929d2",
])
default_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-0aaf34a4cb06edb4a"
default_launch_template_default_version = 1
default_launch_template_id = "lt-0aaf34a4cb06edb4a"
default_launch_template_latest_version = 1
default_launch_template_name = "default-complete-2023110904440805640000000c"
external_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:ee1742af-f8e0-4575-9c4e-4f4321979567:autoScalingGroupName/external-complete-2023110904442643360000001f"
external_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
external_autoscaling_group_default_cooldown = 300
external_autoscaling_group_desired_capacity = 1
external_autoscaling_group_health_check_grace_period = 300
external_autoscaling_group_health_check_type = "EC2"
external_autoscaling_group_id = "external-complete-2023110904442643360000001f"
external_autoscaling_group_load_balancers = toset([])
external_autoscaling_group_max_size = 1
external_autoscaling_group_min_size = 0
external_autoscaling_group_name = "external-complete-2023110904442643360000001f"
external_autoscaling_group_target_group_arns = toset([])
external_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-001487d832492f3a2",
  "subnet-02dba9bd7d364cb82",
  "subnet-03a18f1be35f929d2",
])
launch_template_only_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-011ae506c2548cb06"
launch_template_only_launch_template_default_version = 1
launch_template_only_launch_template_id = "lt-011ae506c2548cb06"
launch_template_only_launch_template_latest_version = 1
launch_template_only_launch_template_name = "launch-template-only-complete-2023110904440792610000000a"
mixed_instance_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:e606bea7-2dad-4e41-afbe-b24061531d90:autoScalingGroupName/mixed-instance-complete-2023110904442587090000001c"
mixed_instance_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
mixed_instance_autoscaling_group_default_cooldown = 300
mixed_instance_autoscaling_group_desired_capacity = 4
mixed_instance_autoscaling_group_health_check_grace_period = 300
mixed_instance_autoscaling_group_health_check_type = "EC2"
mixed_instance_autoscaling_group_id = "mixed-instance-complete-2023110904442587090000001c"
mixed_instance_autoscaling_group_load_balancers = toset([])
mixed_instance_autoscaling_group_max_size = 5
mixed_instance_autoscaling_group_min_size = 0
mixed_instance_autoscaling_group_name = "mixed-instance-complete-2023110904442587090000001c"
mixed_instance_autoscaling_group_target_group_arns = toset([])
mixed_instance_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-001487d832492f3a2",
  "subnet-02dba9bd7d364cb82",
  "subnet-03a18f1be35f929d2",
])
mixed_instance_iam_instance_profile_arn = "arn:aws:iam::<my-account-id>:instance-profile/complete-complete"
mixed_instance_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-0fbcd9eeb377d5385"
mixed_instance_launch_template_default_version = 1
mixed_instance_launch_template_id = "lt-0fbcd9eeb377d5385"
mixed_instance_launch_template_latest_version = 1
mixed_instance_launch_template_name = "mixed-instance-complete-20231109044409650800000014"
target_tracking_customized_metrics_autoscaling_group_arn = "arn:aws:autoscaling:eu-west-1:<my-account-id>:autoScalingGroup:42fd92aa-0eaa-4c26-b959-4e04f7431c4a:autoScalingGroupName/customized-metrics-complete-2023110904442570570000001a"
target_tracking_customized_metrics_autoscaling_group_availability_zones = toset([
  "eu-west-1a",
  "eu-west-1b",
  "eu-west-1c",
])
target_tracking_customized_metrics_autoscaling_group_default_cooldown = 300
target_tracking_customized_metrics_autoscaling_group_desired_capacity = 1
target_tracking_customized_metrics_autoscaling_group_health_check_grace_period = 300
target_tracking_customized_metrics_autoscaling_group_health_check_type = "EC2"
target_tracking_customized_metrics_autoscaling_group_id = "customized-metrics-complete-2023110904442570570000001a"
target_tracking_customized_metrics_autoscaling_group_load_balancers = toset([])
target_tracking_customized_metrics_autoscaling_group_max_size = 1
target_tracking_customized_metrics_autoscaling_group_min_size = 0
target_tracking_customized_metrics_autoscaling_group_name = "customized-metrics-complete-2023110904442570570000001a"
target_tracking_customized_metrics_autoscaling_group_target_group_arns = toset([])
target_tracking_customized_metrics_autoscaling_group_vpc_zone_identifier = toset([
  "subnet-001487d832492f3a2",
  "subnet-02dba9bd7d364cb82",
  "subnet-03a18f1be35f929d2",
])
target_tracking_customized_metrics_launch_template_arn = "arn:aws:ec2:eu-west-1:<my-account-id>:launch-template/lt-0dd7606603139591e"
target_tracking_customized_metrics_launch_template_default_version = 1
target_tracking_customized_metrics_launch_template_id = "lt-0dd7606603139591e"
target_tracking_customized_metrics_launch_template_latest_version = 1
target_tracking_customized_metrics_launch_template_name = "customized-metrics-complete-20231109044406313000000004"

...

╷
│ Warning: EC2 Default Network ACL (acl-05c0db276659d552d) not deleted, removing from state
│
│
╵

Destroy complete! Resources: 67 destroyed.

• I have executed pre-commit run -a on my pull request

Terraform docs...........................................................git Failed
- hook id: terraform_docs
- files were modified by this hook
Terraform validate with tflint...........................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................Passed
[WARNING] Stashed changes conflicted with hook auto-fixes... Rolling back fixes...
[INFO] Restored changes from /Users/kkumtree/.cache/pre-commit/patch1699507290-44623.
❯ git add *
❯ git commit -m "fix: modification errors from running examples"
Terraform fmt............................................................Passed
Terraform validate.......................................................Passed
Terraform docs...........................................................Passed
Terraform validate with tflint...........................................Passed
check for merge conflicts................................................Passed
fix end of files.........................................................Passed
[master c909728] fix: modification errors from running examples
 8 files changed, 1889 insertions(+), 8 deletions(-)
 create mode 100644 examples/idc-itg/README.md
 create mode 100644 examples/idc-itg/main.tf
 create mode 100644 examples/idc-itg/outputs.tf
 create mode 100644 examples/idc-itg/variables.tf
 create mode 100644 examples/idc-itg/versions.tf
❯ git push
Enumerating objects: 16, done.
Counting objects: 100% (16/16), done.
Delta compression using up to 8 threads
Compressing objects: 100% (10/10), done.
Writing objects: 100% (11/11), 12.19 KiB | 4.06 MiB/s, done.
Total 11 (delta 4), reused 1 (delta 0), pack-reused 0
remote: Resolving deltas: 100% (4/4), completed with 4 local objects.
To github.com:kkumtree/terraform-aws-autoscaling.git
   661609d..c909728  master -> master

[bryantbiggs]

what is your use case where you are attaching the target group directly to the autoscaling group?

[kkumtree]

what is your use case where you are attaching the target group directly to the autoscaling group?

I forgot to add my use case in example/idg_itg. Thanks for feedback, and it will be updated in this weekend.

[bryantbiggs]

No no, apologies for the confusion - I was meaning, what is your implementation use case, nothing to do with the code changes. Meaning, what setup or architecture are you working towards that prompted this change

[kkumtree]

No no, apologies for the confusion - I was meaning, what is your implementation use case, nothing to do with the code changes. Meaning, what setup or architecture are you working towards that prompted this change

Ahead of my comment, I hope that I fully understand your question. : )

We are in PoC about Detection of Terraform drift, in core web services.
Using CodeBuild, we will just run terraform init, terraform plan to detect drift repeatedly.
And If detection occured, Logs will be stored in S3 and triggered webhook to Slack to notify in our team.

I'm checking for prerequisite.

• After initial creation with terraform, whether the drift not occurred with same codes

I refer to this post(globaldatanet), but we will make it in simple process.

[bryantbiggs]

I'm sorry, I still don't follow. Regardless, I don't think it makes sense to add the target_group_arns to the list of ignored changes at this time.

[dusansusic]

@bryantbiggs There are situations where for unknown reasons Terraform wants to remove TG from ALB.

  # module.xxx_core_asg_a.aws_autoscaling_group.idc[0] will be updated in-place
  ~ resource "aws_autoscaling_group" "idc" {
        id                               = "xxx-production-core-asg-a"
        name                             = "xxx-production-core-asg-a"
      ~ target_group_arns                = [
          - "arn:aws:elasticloadbalancing:eu-central-1:xxx:targetgroup/tf-20231112171053124800000007/588de2cd885d173f",
        ]
        # (25 unchanged attributes hidden)

      ~ launch_template {
            id      = "lt-0c44c20571d9179c3"
            name    = "xxx-production-a-20231129114828501100000002"
          ~ version = "1" -> (known after apply)
        }

In the next run, it will try to attach it. after that, in the next plan, it wants to remove it again...

[bryantbiggs]

There are situations where for unknown reasons Terraform wants to remove TG from ALB.

This sounds like a bug . is this attached directly on the autoscaling group or are you using an external attachment resource? (hint hint - use the latter)

[dusansusic]

Attached directly to autoscaling group, copied full code from your example.

[bryantbiggs]

The examples here use the external attachment method, not the direct attachment on the autoscaling group

@dusansusic do you have a minimal, reproducible example?

[dusansusic]

My bad, external attachment and it happens with your example all the time.

[bryantbiggs]

and it happens with your example all the time.

Can you give more details, explain steps to reproduce? I am not seeing it when I deploy the example

[dusansusic]

@bryantbiggs here it is:

module "xxx_core_asg_b" {
  source  = "terraform-aws-modules/autoscaling/aws"
  version = "7.2.0"

  # Autoscaling group
  name            = "${local.name}-${local.environment}-core-asg-b"
  use_name_prefix = false
  instance_name   = "${local.name}-${local.environment}-core-asg-b"

  ignore_desired_capacity_changes = true

  min_size                  = 1
  max_size                  = 1
  desired_capacity          = 1
  wait_for_capacity_timeout = 0
  default_instance_warmup   = 240
  health_check_type         = "ELB"
  health_check_grace_period = 240
  key_name                  = "xxx-production"
  vpc_zone_identifier       = module.vpc.private_subnets
  service_linked_role_arn   = aws_iam_service_linked_role.autoscaling.arn

  # Traffic source attachment
  create_traffic_source_attachment = true
  traffic_source_identifier        = module.xxx_alb.target_groups["xxx_core"].arn
  traffic_source_type              = "elbv2"

  instance_refresh = {
    strategy = "Rolling"
    preferences = {
      checkpoint_delay             = 180
      instance_warmup              = 240
      min_healthy_percentage       = 100
      auto_rollback                = true
      scale_in_protected_instances = "Refresh"
      standby_instances            = "Terminate"
    }
    triggers = ["tag"]
  }

  # Launch template
  launch_template_name        = "${local.name}-${local.environment}-b"
  launch_template_description = "xxx ASG - b"
  update_default_version      = true

  image_id          = var.asg_image_id # Private xxx Base AMI
  instance_type     = "t4g.small"
  -- user_data         = base64encode(local.xxx_core_user_data)
  ebs_optimized     = true
  enable_monitoring = false

  create_iam_instance_profile = true
  iam_role_name               = "${local.name}-${local.environment}-core-asg-role"
  iam_role_path               = "/ec2/"
  iam_role_description        = "IAM role for ${local.name}-${local.environment}-core-asg-role"
  iam_role_tags = {
    Name = "${local.name}-${local.environment}-core-role"
  }
  iam_role_policies = {
    AmazonSSMManagedInstanceCore       = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
    AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  }

  security_groups = [
    module.xxx_asg_sg.security_group_id
  ]

  block_device_mappings = [
    {
      device_name = "/dev/sda1"
      no_device   = 1
      ebs = {
        delete_on_termination = true
        encrypted             = true
        volume_size           = 20
        volume_type           = "gp3"
      }
    }
  ]

  cpu_options = {
    core_count       = 1
    threads_per_core = 1
  }

  credit_specification = {
    cpu_credits = "standard"
  }

  metadata_options = {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 32
    instance_metadata_tags      = "enabled"
  }

  tags = {
    environment  = local.environment
    core_version = "v1.0"
  }
}


module "xxx_alb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "9.1.0"

  name = "${local.name}-${local.environment}-alb"

  vpc_id  = module.vpc.vpc_id
  subnets = module.vpc.public_subnets

  enable_deletion_protection = true

  # Security Group
  security_group_ingress_rules = {
    cf_1 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "173.245.48.0/20"
    }
    cf_2 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.21.244.0/22"
    }
    cf_3 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.22.200.0/22"
    }
    cf_4 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.31.4.0/22"
    }
    cf_5 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "141.101.64.0/18"
    }
    cf_6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "108.162.192.0/18"
    }
    cf_7 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "190.93.240.0/20"
    }
    cf_8 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "188.114.96.0/20"
    }
    cf_9 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "197.234.240.0/22"
    }
    cf_10 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "198.41.128.0/17"
    }
    cf_11 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "162.158.0.0/15"
    }
    cf_12 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "104.16.0.0/13"
    }
    cf_13 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "104.24.0.0/14"
    }
    cf_14 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "172.64.0.0/13"
    }
    cf_15 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "131.0.72.0/22"
    }

    cf_1_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2400:cb00::/32"
    }
    cf_2_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2606:4700::/32"
    }
    cf_3_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2803:f800::/32"
    }
    cf_4_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2405:b500::/32"
    }
    cf_5_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2a06:98c0::/29"
    }
    cf_6_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2c0f:f248::/32"
    }
  }

  security_group_egress_rules = {
    all = {
      ip_protocol = "-1"
      cidr_ipv4   = module.vpc.vpc_cidr_block
    }
  }

  listeners = {
    xxx_core_http = {
      port     = 80
      protocol = "HTTP"

      forward = {
        target_group_key = "xxx_core"
      }
    }
  }

  target_groups = {
    xxx_core = {
      backend_protocol                  = "HTTP"
      backend_port                      = 80
      target_type                       = "instance"
      deregistration_delay              = 45
      load_balancing_cross_zone_enabled = true
      health_check = {
        enabled             = true
        healthy_threshold   = "2"
        interval            = "12"
        path                = "/api/v1/helper/health"
        port                = "traffic-port"
        protocol            = "HTTP"
        timeout             = "10"
        unhealthy_threshold = "10"
      }

      # There's nothing to attach here in this definition.
      # The attachment happens in the ASG module above
      create_attachment = false
    }
  }

}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.2"

  name = "${local.name}-${local.environment}"
  cidr = local.vpc_cidr

  azs                 = local.azs
  private_subnets     = ["10.0.0.0/20", "10.0.16.0/20"]
  public_subnets      = ["10.0.32.0/20", "10.0.48.0/20"]
  database_subnets    = ["10.0.64.0/27", "10.0.64.32/27"]
  elasticache_subnets = ["10.0.64.64/27", "10.0.64.96/27"]
  #   redshift_subnets    = ["10.0.64.128/27", "10.0.64.160/27"]

  create_database_subnet_group  = true
  manage_default_network_acl    = false
  manage_default_route_table    = false
  manage_default_security_group = false

  enable_dns_hostnames = true
  enable_dns_support   = true

  enable_nat_gateway = true
  single_nat_gateway = true

  enable_vpn_gateway = false

  enable_dhcp_options = true

}



locals {
  name        = "xxx"
  region      = "eu-central-1"
  environment = "production"

  vpc_cidr = "10.0.0.0/16"
  azs      = slice(data.aws_availability_zones.available.names, 0, 2) #we'll use 2 of 3 azs

  tags = {
    environment = local.environment
  }
}


variable "asg_image_id" {
  default = "ami-xxxx" #ubuntu image
}

[bryantbiggs]

[dusansusic]

  xxx_core_user_data = <<-EOT
    #!/bin/bash

    export WORKING_DIR="/opt"

    cd $WORKING_DIR

    echo "Logging in to ECR"
    aws ecr get-login-password --region eu-central-1 | docker login --username AWS --password-stdin $${AWS_ECR}
    docker-compose up -d

  EOT
}

[bryantbiggs]

I need a *minimal, reproducible example - as per our standard issue template:

The reproduction MUST be executable by running terraform init && terraform apply without any further changes.

[dusansusic]

Full working example with described issue:

module "xxx_core_asg_b" {
  source  = "terraform-aws-modules/autoscaling/aws"
  version = "7.2.0"

  # Autoscaling group
  name            = "${local.name}-${local.environment}-core-asg-b"
  use_name_prefix = false
  instance_name   = "${local.name}-${local.environment}-core-asg-b"

  ignore_desired_capacity_changes = true

  min_size                  = 1
  max_size                  = 1
  desired_capacity          = 1
  wait_for_capacity_timeout = 0
  default_instance_warmup   = 240
  health_check_type         = "ELB"
  health_check_grace_period = 240
  key_name                  = "xxx-production"
  vpc_zone_identifier       = module.vpc.private_subnets
  service_linked_role_arn   = aws_iam_service_linked_role.autoscaling.arn

  # Traffic source attachment
  create_traffic_source_attachment = true
  traffic_source_identifier        = module.xxx_alb.target_groups["xxx_core"].arn
  traffic_source_type              = "elbv2"

  instance_refresh = {
    strategy = "Rolling"
    preferences = {
      checkpoint_delay             = 180
      instance_warmup              = 240
      min_healthy_percentage       = 100
      auto_rollback                = true
      scale_in_protected_instances = "Refresh"
      standby_instances            = "Terminate"
    }
    triggers = ["tag"]
  }

  # Launch template
  launch_template_name        = "${local.name}-${local.environment}-b"
  launch_template_description = "xxx ASG - b"
  update_default_version      = true

  image_id          = "ami-0479653c00e0a5e59"
  instance_type     = "t4g.small"
  user_data         = base64encode(local.xxx_core_user_data)
  ebs_optimized     = true
  enable_monitoring = false

  create_iam_instance_profile = true
  iam_role_name               = "${local.name}-${local.environment}-core-asg-role"
  iam_role_path               = "/ec2/"
  iam_role_description        = "IAM role for ${local.name}-${local.environment}-core-asg-role"
  iam_role_tags = {
    Name = "${local.name}-${local.environment}-core-role"
  }
  iam_role_policies = {
    AmazonSSMManagedInstanceCore       = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
    AmazonEC2ContainerRegistryReadOnly = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  }

  security_groups = [
    module.xxx_asg_sg.security_group_id
  ]

  block_device_mappings = [
    {
      device_name = "/dev/sda1"
      no_device   = 1
      ebs = {
        delete_on_termination = true
        encrypted             = true
        volume_size           = 20
        volume_type           = "gp3"
      }
    }
  ]

  cpu_options = {
    core_count       = 1
    threads_per_core = 1
  }

  credit_specification = {
    cpu_credits = "standard"
  }

  metadata_options = {
    http_endpoint               = "enabled"
    http_tokens                 = "required"
    http_put_response_hop_limit = 32
    instance_metadata_tags      = "enabled"
  }

  tags = {
    environment  = local.environment
    core_version = "v1.0"
  }
}

module "xxx_alb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "9.1.0"

  name = "${local.name}-${local.environment}-alb"

  vpc_id  = module.vpc.vpc_id
  subnets = module.vpc.public_subnets

  enable_deletion_protection = true

  # Security Group
  security_group_ingress_rules = {
    cf_1 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "173.245.48.0/20"
    }
    cf_2 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.21.244.0/22"
    }
    cf_3 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.22.200.0/22"
    }
    cf_4 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "103.31.4.0/22"
    }
    cf_5 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "141.101.64.0/18"
    }
    cf_6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "108.162.192.0/18"
    }
    cf_7 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "190.93.240.0/20"
    }
    cf_8 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "188.114.96.0/20"
    }
    cf_9 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "197.234.240.0/22"
    }
    cf_10 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "198.41.128.0/17"
    }
    cf_11 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "162.158.0.0/15"
    }
    cf_12 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "104.16.0.0/13"
    }
    cf_13 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "104.24.0.0/14"
    }
    cf_14 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "172.64.0.0/13"
    }
    cf_15 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv4   = "131.0.72.0/22"
    }

    cf_1_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2400:cb00::/32"
    }
    cf_2_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2606:4700::/32"
    }
    cf_3_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2803:f800::/32"
    }
    cf_4_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2405:b500::/32"
    }
    cf_5_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2a06:98c0::/29"
    }
    cf_6_ipv6 = {
      from_port = 80
      to_port   = 80

      ip_protocol = "tcp"
      cidr_ipv6   = "2c0f:f248::/32"
    }
  }

  security_group_egress_rules = {
    all = {
      ip_protocol = "-1"
      cidr_ipv4   = module.vpc.vpc_cidr_block # needed for health check's but not for wide internet
    }
  }

  listeners = {
    xxx_core_http = {
      port     = 80
      protocol = "HTTP"

      forward = {
        target_group_key = "xxx_core"
      }
    }
  }

  target_groups = {
    xxx_core = {
      backend_protocol                  = "HTTP"
      backend_port                      = 80
      target_type                       = "instance"
      deregistration_delay              = 45
      load_balancing_cross_zone_enabled = true
      health_check = {
        enabled             = true
        healthy_threshold   = "2"
        interval            = "12"
        path                = "/api/v1/helper/health"
        port                = "traffic-port"
        protocol            = "HTTP"
        timeout             = "10"
        unhealthy_threshold = "10"
      }

      # There's nothing to attach here in this definition.
      # The attachment happens in the ASG module above
      create_attachment = false
    }
  }

}

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "5.1.2"

  name = "${local.name}-${local.environment}"
  cidr = local.vpc_cidr

  azs                 = local.azs
  private_subnets     = ["10.0.0.0/20", "10.0.16.0/20"]
  public_subnets      = ["10.0.32.0/20", "10.0.48.0/20"]
  database_subnets    = ["10.0.64.0/27", "10.0.64.32/27"]
  elasticache_subnets = ["10.0.64.64/27", "10.0.64.96/27"]
  #   redshift_subnets    = ["10.0.64.128/27", "10.0.64.160/27"]

  create_database_subnet_group  = true
  manage_default_network_acl    = false
  manage_default_route_table    = false
  manage_default_security_group = false

  enable_dns_hostnames = true
  enable_dns_support   = true

  enable_nat_gateway = true
  single_nat_gateway = true

  enable_vpn_gateway = false

  enable_dhcp_options = true

}

module "xxx_asg_sg" {
  source  = "terraform-aws-modules/security-group/aws"
  version = "~> 5.0"

  name        = "${local.name}-${local.environment}"
  description = "A security group for ASG instances"
  vpc_id      = module.vpc.vpc_id

  computed_ingress_with_source_security_group_id = [
    {
      rule                     = "http-80-tcp"
      source_security_group_id = module.xxx_alb.security_group_id
    }
  ]
  number_of_computed_ingress_with_source_security_group_id = 1

  ingress_with_cidr_blocks = [
    {
      rule        = "ssh-tcp"
      cidr_blocks = local.vpc_cidr
      description = "Allow SSH from VPC itself"
    },
  ]

  egress_rules = ["all-all"]

  tags = local.tags
}


locals {
  xxx_core_user_data = <<-EOT
    #!/bin/bash
    export WORKING_DIR="/opt"

    cd $WORKING_DIR

    echo "Logging in to ECR"


  EOT

  name        = "xxx"
  region      = "eu-central-1"
  environment = "production"

  vpc_cidr = "10.0.0.0/16"
  azs      = slice(data.aws_availability_zones.available.names, 0, 2) #we'll use 2 of 3 azs

  tags = {
    environment = local.environment
  }
}

resource "aws_iam_service_linked_role" "autoscaling" {
  aws_service_name = "autoscaling.amazonaws.com"
  description      = "A service linked role for autoscaling"
  custom_suffix    = "${local.name}-${local.environment}"

  # Sometimes good sleep is required to have some IAM resources created before they can be used
  provisioner "local-exec" {
    command = "sleep 10"
  }
}

data "aws_availability_zones" "available" {}

data "aws_caller_identity" "current" {}

data "aws_region" "current" {}


terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.0.0"
    }
    local = {
      source  = "hashicorp/local"
      version = "2.4.0"
    }
  }
}

provider "aws" {
  profile = "xxx"
  region  = "eu-central-1"
}

[bryantbiggs]

This is clearly not a working example that has been tested/validated to reproduce the issue described

[bryantbiggs]

I was able to modify the provided code - its a lot of back and forth for one issue, would be nice if folks followed the issue template so we can quickly get to the issue and then make the appropriate decisions/actions but 🤷🏽

[dusansusic]

I will submit an issue but it won't be different from what I already provided; profile name for configuring aws provider is something I cannot match with your aws configuration. but thank you for your help :)

[bryantbiggs]

no need for a new issue - see #252 which (*I believe) will resolve the issues described here

[antonbabenko]

This issue has been resolved in version 7.3.1 🎉

[kkumtree]

@bryantbiggs Thanks for checking out which problem it was. :) I noticed after making my pull request, but at that time I was a little busy to solve the problem.

[kkumtree]

@antonbabenko Thanks for supporting additional ignorance!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.