Can't create a load balancer target group for network load balancer

[hamstah]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.2
+ provider.archive v1.2.2
+ provider.aws v2.15.0

Affected Resource(s)

• aws_lb_target_group

Terraform Configuration Files

resource "aws_lb_target_group" "default" {
  name     = "default-tg"
  protocol = "TCP"
  port     = "80"
  vpc_id   = var.vpc_id

  depends_on = [aws_lb.nlb]
}

Debug Output

Panic Output

Expected Behavior

The target group is created

Actual Behavior

The target group is not created with the following error

Error: Network Load Balancers do not support Stickiness

I've tried the work around from
#2746

• setting stickiness to [] or {} is invalid since 0.12

  on modules/aws/ec2/nlb/nlb.tf line 16, in resource "aws_lb_target_group" "default":
  16:   stickiness = {}

An argument named "stickiness" is not expected here. Did you mean to define a
block of type "stickiness"?

• Creating an empty stickiness block

  on modules/aws/ec2/nlb/nlb.tf line 16, in resource "aws_lb_target_group" "default":
  16:   stickiness{}

The argument "type" is required, but no definition was found.

• Creating a stickiness with enabled=false

resource "aws_lb_target_group" "default" {
  name     = "default-tg"
  protocol = "TCP"
  port     = "80"
  vpc_id   = var.vpc_id

  stickiness{
    enabled = false
    type = "lb_cookie"
  }

  depends_on = [aws_lb.nlb]
}

Error: Network Load Balancers do not support Stickiness

  on modules/aws/ecs/service/alb.tf line 1, in resource "aws_alb_target_group" "target_group":
   1: resource "aws_alb_target_group" "target_group" {

The doc says

NOTE: To help facilitate the authoring of modules that support target groups of any protocol, you can define stickiness regardless of the protocol chosen. However, for TCP target groups, enabled must be false.

and the code at https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_lb_target_group.go#L422

		// In CustomizeDiff we allow LB stickiness to be declared for TCP target
		// groups, so long as it's not enabled. This allows for better support for
		// modules, but also means we need to completely skip sending the data to the
		// API if it's defined on a TCP target group.

Yet this check still fails
https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_lb_target_group.go#L682

When I look at my debug output, I can see the following for an ALB I also have which doesn't have any stickiness block in the HCL

2019/06/19 13:12:25 [WARN] Provider "aws" produced an invalid plan for module.external_services_alb.aws_alb_target_group.default, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .stickiness: block count in plan (1) disagrees with count in config (0)

I do see this warning in the target group related to my TCP load balancer

#       - .stickiness[0].cookie_duration: planned value cty.NumberIntVal(86400) does not match config value cty.NullVal(cty.Number)

But nothing else

Steps to Reproduce

1. terraform apply

Important Factoids

References

• #0000

[hamstah]

Actually setting it with enabled = false ended up working, I had multiple target groups that needed updating.

😞

[skang0601]

This seems like an issue...the default setting for the target groups assume an ALB which breaks the NLB configuration.
This should likely get documented in the resource docs: https://www.terraform.io/docs/providers/aws/r/lb_target_group.html
Or perhaps separate out the resources for a NLB vs. an ALB?

[oonisim]

Why is this closed?

[hamstah]

The issue I had was due to a mistake in my code with multiple load balancers. You can create the target group but you have to explicitly add a stickiness block with enabled=false in it. I'd say that should be fixed but it's more of an improvement that a blocking bug. I could do a PR to try and fix it but I'd need to understand why the special case was added in the code, maybe it's because we can't have conditional defaults? (Ie the default block for the stickiness is conditional on the target group protocol). Having looked at the code it seems it was explicitly added that way so there must be a reason.

…

On Sat, 22 Jun 2019, 11:05 am oonisim, ***@***.***> wrote: Why is this closed? — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub <#9050>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AABN7DWVVFNLRHCZYM5AO7DP3XTMTANCNFSM4HZIQ2GQ> .

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!