-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add private_ips
attribute to aws_lb
resource
#2901
Conversation
I'm not entirely convinced that this is a good idea, but am looking for feedback. |
AWS documentation actually says to do so:
This is needed to have health check access restriction (for some people its problematic to allow the whole VPC subnet, especially if health check port and application are the same). |
website/docs/r/lb.html.markdown
Outdated
@@ -54,7 +54,7 @@ Terraform will autogenerate a name beginning with `tf-lb`. | |||
* `access_logs` - (Optional) An Access Logs block. Access Logs documented below. | |||
* `subnets` - (Optional) A list of subnet IDs to attach to the LB. Subnets | |||
cannot be updated for Load Balancers of type `network`. Changing this value | |||
will for load balancers of type `network` will force a recreation of the resource. | |||
will for load balancers of type `network` will force a recreation of the resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mind to fix typo here in the mean time? I think there's an extra will
. It probably should be:
Changing this value for load balancers of type network
will force a recreation of the resource.
Is there any update on this PR? Would really love to have access to the private ips generated for the |
@joshuaspence Seeing that there already is the array of LoadBalancerAddresses (see: https://forums.aws.amazon.com/thread.jspa?threadID=263245) I wonder if AWS is going to return the private addresses with the ELBv2 query at some point. |
Would really like this functionality because of the use case mentioned in the PRs description. @frittentheke I wouldn't hold my breath, what AWS puts in their API/responses doesn't really mean a lot. For example: There's been a loadbalancers (plural) key in the ECS service definition as well since the start, hinting at support for multiple loadbalancers, but it still only takes a single loadbalancer. |
I'm not actually using this functionality at the moment, but when I originally submitted the pull request I did test it out and it appeared to work as I expected. |
Does this PR just need a rebase in order to get merged? This feature would be very useful & I'm happy to do whatever I can to get it finalized. |
I'm happy to rebase it, I just haven't bothered as the upstream doesn't seem interested. |
any plans on rebasing and merging this in? super helpful for a lot of us. |
A rebase and merge would be greatly appreciated. Not happy with whitelisting a whole VPC or dealing with the kludgy workarounds. |
Network load balancers don't have security groups, which makes it difficult to configure security group rules for the backends, which is required for health check to function correctly. According to the [documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html), the way to configure security group rules for health checks involves the following steps: 1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/. 2. In the navigation pane, choose "Network Interfaces". 3. In the search field, type the name of your Network Load Balancer. There is one network interface per load balancer subnet. 4. On the Details tab for each network interface, copy the address from Primary private IPv4 IP. Obviously, this manual process doesn't play well with Terraform. This issue has also been raised on the [AWS discussion forums](https://forums.aws.amazon.com/thread.jspa?threadID=263245). This pull request adds a `private_ips` attribute to the `aws_lb` resource to workaround what seems to be an oversight on the part of AWS.
Rebased |
@loivis Could your review this PR one more time, please. It's highly-awaited feature by many people (including me) :). Thanks in advance. |
While the feature is not available. Using datasource aws_network_interfacesTo run separately after aws_lb has been created.
Using external providerAt the time when aws_lb is created. nlb_private_ips.tf
get_nlb_private_ips.py
|
are there any plans to move forward with merging this? This is a feature many of us who use NLBs are waiting for. |
is there any update on this? this feature would be very helpful |
Really appreciate if this is merged.It would be very helpful feature. |
@joshuaspence @loivis can you please merge this, this functionality would be very helpful |
I'm not affiliated with Hashicorp in any way... I don't have permission to merge this. |
Me neither. |
@maryelizbeth what's needed to get this PR merged (other than another rebase!)? It's been open almost 2 years now, it's a pretty trivial change, and a lot of people would find this really useful! |
Kind of embarrassing how long this PR has been hanging around. @maryelizbeth any chance we can get another set of eyes on this and give @joshuaspence the okay to rebase so we can merge the PR and be done? Unless we're all missing something, this seems like a trivial change with a high positive impact for many of us. |
fixed conflicts: #11000, ready for merge |
@maryelizbeth can someone from Hashicorp at least comment publicly on why this can't be merged yet? |
A late happy 2 year birthday to this PR! This feature still pretty much mandatory to work with NLBs in many situations and has to be worked around. |
Worth tracking AWS CloudFormation feature request aws-cloudformation/cloudformation-coverage-roadmap#305 for the |
Any news on this? I currently need it, or will have to whitelist the whole VPC :/ |
+1 for merging, but conflicting files again. |
fixed conflicts: #11000, ready for merge. can you please take a look? @bflad @radeksimko @Ninir @ryndaniels @stack72 @nywilken @gdavison @grubernaut @jen20 @catsby @aeschright @paddycarver @appilon @tombuildsstuff @apparentlymart @jbardin @abinashmeher999 @hendrik363 |
Really need this.. |
Also hoping for this to get merged soon... |
It's one thing for a PR to drag on, it happens...but it's boggling that folks from Hashicorp refuse to even respond to explain why this is the case. Folks like @apparentlymart are usually incredibly kind and pretty upfront about explaining when a PR does not meet the standards or otherwise conflicts with the direction of the project, but this PR has been allowed to go ignored by the Terraform team for multiple years now. It's really, really disappointing behaviour... |
Can somebody please comment on why this PR has not been merged and what would need to happen for this feature to be added? |
@h0nIg et al: sorry, I am not affiliated with HashiCorp and cannot merge things into the AWS provider! |
I am also not affiliated with Hashicorp in any way and cannot merge this PR |
Hi Y’all, First, an apology. This PR got lost in the shuffle and we're sorry for not picking it back up or posting an update in a timely fashion. We had been punting on this PR because it conflicts with two design principles:
A few months ago the ELBv2 API added the ability to configure the private IPs manually. That functionality is addressed in #11404. We’ll work with the author of #11404 to address any changes that may be needed to merge the PR and will merge it once the work is complete. As a result, we will close this PR in order to focus conversation on #11404. If you feel that #11404 does not adequately address your workflow, please open a new GitHub Issue describing the gap. If you have concerns regarding the design of the upstream API, please reach out to AWS. Once again, we apologize for letting this linger without response and will work to merge #11404 in an upcoming release. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Network load balancers don't have security groups, which makes it difficult to configure security group rules for the backends, which is required for health check to function correctly. According to the documentation, the way to configure security group rules for health checks involves the following steps:
Obviously, this manual process doesn't play well with Terraform. This issue has also been raised on the AWS discussion forums.
This pull request adds a
private_ips
attribute to theaws_lb
resource to workaround what seems to be an oversight on the part of AWS.