terraform-local
terraform-local copied to clipboard
localstack
Can't create a stable ALB
Running tflocal apply with this file:
provider "aws" {
region = "us-east-1"
}
resource "aws_default_vpc" "default_vpc" {
}
resource "aws_default_subnet" "default_subnet_a" {
availability_zone = "us-east-1a"
}
resource "aws_default_subnet" "default_subnet_b" {
availability_zone = "us-east-1b"
}
resource "aws_alb" "localstack_demo" {
load_balancer_type = "application"
name = "localstack-demo"
enable_cross_zone_load_balancing = false
enable_deletion_protection = false
internal = false
subnets = [
"${aws_default_subnet.default_subnet_a.id}",
"${aws_default_subnet.default_subnet_b.id}"
]
security_groups = ["${aws_security_group.localstack_demo_alb.id}"]
access_logs {
bucket = aws_s3_bucket.localstack_demo.id
prefix = "localstack-demo-alb-connection-logs"
enabled = false
}
connection_logs {
bucket = aws_s3_bucket.localstack_demo.id
prefix = "localstack-demo-alb-connection-logs"
enabled = false
}
}
resource "aws_security_group" "localstack_demo_alb" {
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"] # Allow traffic in from all sources
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_s3_bucket" "localstack_demo" {
bucket = "localstack-demo"
tags = {
Name = "localstack-demo"
}
}
Results in
╷
│ Error: modifying ELBv2 Load Balancer (arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/localstack-demo/77a3756d) attrib
utes: InvalidConfigurationRequest: Key connection_logs.s3.enabled not valid
│ status code: 400, request id: 0fe75045-f665-4df1-93d7-c11bb5222f82
│
│ with aws_alb.localstack_demo,
│ on main.tf line 207, in resource "aws_alb" "localstack_demo":
│ 207: resource "aws_alb" "localstack_demo" {
│
╵
This is weird because it says "modifying", even though the plan says
# aws_alb.localstack_demo will be created
+ resource "aws_alb" "localstack_demo" {
+ arn = (known after apply)
+ arn_suffix = (known after apply)
+ desync_mitigation_mode = "defensive"
+ dns_name = (known after apply)
+ drop_invalid_header_fields = false
+ enable_deletion_protection = false
+ enable_http2 = true
+ enable_tls_version_and_cipher_suite_headers = false
+ enable_waf_fail_open = false
+ enable_xff_client_port = false
+ enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
+ id = (known after apply)
+ idle_timeout = 60
+ internal = false
+ ip_address_type = (known after apply)
+ load_balancer_type = "application"
+ name = "localstack-demo"
+ name_prefix = (known after apply)
+ preserve_host_header = false
+ security_groups = (known after apply)
+ subnets = (known after apply)
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
+ xff_header_processing_mode = "append"
+ zone_id = (known after apply)
+ access_logs {
+ enabled = false
}
+ connection_logs {
+ enabled = false
}
}
Upon tflocal apply again, we'll see that the ALB is created, but tainted:
Terraform will perform the following actions:
# aws_alb.localstack_demo is tainted, so must be replaced
-/+ resource "aws_alb" "localstack_demo" {
~ arn = "arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/
localstack-demo/77a3756d" -> (known after apply)
~ arn_suffix = "app/localstack-demo/77a3756d" -> (known after apply)
~ dns_name = "localstack-demo.elb.localhost.localstack.cloud" -> (known after apply
)
- enable_cross_zone_load_balancing = false -> null
+ enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
~ id = "arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/
localstack-demo/77a3756d" -> (known after apply)
~ ip_address_type = "ipv4" -> (known after apply)
name = "localstack-demo"
+ name_prefix = (known after apply)
- tags = {} -> null
~ tags_all = {} -> (known after apply)
~ vpc_id = "vpc-e49690c4" -> (known after apply)
~ zone_id = "Z2P70J7EXAMPLE" -> (known after apply)
# (14 unchanged attributes hidden)
~ connection_logs {
+ enabled = false
}
- subnet_mapping {
- subnet_id = "subnet-5c187fda" -> null
}
- subnet_mapping {
- subnet_id = "subnet-b17c5b42" -> null
}
# (1 unchanged block hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.
