Elastic Beanstalk settings are not sticking #8950
Comments
|
Hi I am experiencing the same but with a different value in Elastic beanstalk. It's the following that terraform always changes despite the change already being applied which slows down our deployment. This has been present from 0.7.2 up to now. Terraform VersionTerraform v0.7.4 Affected Resource(s)aws_elastic_beanstalk_environment Terraform configuration for ElasticBeanstalkTerraform Plan truncated output |
|
@parabolic That looks like a normalization issue with the Elastic Beanstalk API. As a temporary workaround, if you have a way to remove the spaces in |
|
@dharrisio I've just tested it and it works! |
|
Hi, similar to what @parabolic have experienced, but not quite the same: Output we're getting is: Any idea why the security group isn't being kept correctly in the state (but it is applied correctly in the deployment)? Thanks for the great work! |
|
I had a similar issues but with the setting MonitoringInterval from the aws:autoscaling:launchconfiguration namespace. |
|
I have the same issue, but it's from the API returning things in different orders? Those show changes but they're not actually changes. My TF looks like: |
|
👍 I'm having the exact same problem using version 0.7.8 |
|
This pr seems to help: #5207 Anything we can do to move it along? |
|
We were having the same problem, managed to workaround the unexpected changes by avoiding deprecated options from Not 100% sure whether it has to do with the deprecation but since I spotted those in the terraform configuration I thought I'd mention it: |
|
I'm having a similar problem with these three options updating beanstalk every time no matter how many times I run |
|
Having the same problem with anything in the "aws:elb:listener:*" namespace. Terraform v0.8.6 ::EDIT:: I think this might be a bug in the AWS web UI instead. After using Terraform to set the values for that namespace, the web UI shows that there are no listeners configured, including the default port 80. However, if I pull the env description using the AWS CLI, everything is configured correctly. |
|
I have the issue as well on this: This bug is really annoying and it make managing multiple beanstalk environments a nuisance. Currently using the this to show only relevant output:
|
|
I was having this issue too, and ended up at this GitHub issue. However, after reading this: ..and updating my terraform file to this: ...all is working. Deployed with SSL working as it should, and Notice the ":443" namespace, required for the SSLCertificateId. HTH |
|
FWIW I'm seeing this in Using the grep from @mabroor (with some redactions) I'm guessing the ordering of the subnets, which are |
|
I am seeing this in and |
|
@pmacdougall At least for the resource "aws_elastic_beanstalk_environment" "main" {
#...
setting {
namespace = "aws:ec2:vpc"
name = "Subnets"
value = "${join(",", sort(list(aws_subnet.app1.id, aws_subnet.app2.id)))}"
}
#...
} |
|
Thanks @jffry that did help with subnets. My other issue with SSHSourceRestriction was because I had spaces after the commas in my setting and the API returns it without spaces. |
|
@pmacdougall I thought I would have a fix for the same issue after reading your comment, but removing the spaces between commas didn't do the trick for me. Here's the relevant output: Can you confirm that you're not running into this issue anymore? |
|
@stuffandthings I am not running into this anymore, but I am not setting a security group in my SSHSourceRestriction, just a CIDR. Guessing there may be a specific issue with security groups. |
|
Interesting. Thanks for the response! |
|
@stuffandthings just want to say i have the same issue, specifically with just "tcp,22,22,null" to "tcp,22,22,sg-xxxxxxxx" Any updates? |
|
regarding every settings in namespace |
|
@mkjois sorry I didn't read up on my notifications! yes, pmacdougall's suggestion worked. I replaced the security group id with just the CIDR and this has been an acceptable workaround for me. |
|
I'm trying to restrict SSH to my beanstalk instances to just a specific bastion host. A CIDR might work if it was just one bastion with one private IP, but it would break down with multiple bastion hosts. This isn't really high priority for me right now, I've just lived with the plan output always showing the SG difference. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
When updating an elastic beanstalk environment resource settings, Terraform does not seem to update the state. Each successive run of
terraform planorterraform applyindicates the resource needs to be updated, despite actually being correct on AWS and unchanged in the terraform code. The output seems to indicate it has to do with theLoadBalancerHttpPortandSSLCertificateIdsettings.Terraform Version
0.7.4
Affected Resource(s)
aws_elastic_beanstalk_environment
Terraform Configuration Files
Debug Output
Expected Behavior
After running
terraform apply, the next run ofterraform planorterraform applyshould have nothing to update, and exit quietly.Actual Behavior
After running
terraform apply, the next run ofterraform planorterraform applysays the elastic beanstalk resource has changed.Steps to Reproduce
terraform applyterraform planorterraform applyReferences
The text was updated successfully, but these errors were encountered: