aws_lb_target_group with aws_lb (unable to disable stickiness not supported in NLB)

[zicodes]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.10 provider.aws v2.32.0

Affected Resource(s)

• aws_lb (load_balancer_type = "network")
• aws_lb_target_group

Terraform Configuration Files

resource "aws_lb" "nlb_web" {
  name               = "nlb"
  internal           = false
  load_balancer_type = "network"
  subnets            = "${module.vpc.public_subnets_ids}"

  enable_deletion_protection = true
}

Expected Behavior

Setting stickiness block with "enabled" set to "false" should not send the stickiness attributes to AWS API if the set protocol is TCP or TLS (or another protocol that do not support stickiness).

The target groups should be created without stickiness attribute, and network load balancer should then be created.

Actual Behavior

Please see below.

Steps to Reproduce

resource "aws_lb_target_group" "tg_web" {
  name     = "${var.name}"
  port     = "${var.port}"
  protocol = "${var.protocol}"
  vpc_id   = "${var.vpc_id}"
  stickiness = []
}

produces below error:

An argument named "stickiness" is not expected here. Did you mean to define a
block of type "stickiness"?

If I define block stickiness as such:

resource "aws_lb_target_group" "tg_web" {
  name     = "${var.name}"
  port     = "${var.port}"
  protocol = "${var.protocol}"
  vpc_id   = "${var.vpc_id}"

  stickiness {
    enabled = false # stickiness not supported in NLB
    type    = "lb_cookie"
  }
}

I get:

Error: Error modifying Target Group Attributes: InvalidConfigurationRequest: The provided target group attribute is not supported
	status code: 400, request id: d52a5f5c-a967-478c-a902-7d70185d8625

  on ../../modules/tg/main.tf line 4, in resource "aws_lb_target_group" "tg_web":
   4: resource "aws_lb_target_group" "tg_web" {

I have contacted AWS support and they verified that AWS API is receiving the following:

 "eventTime": "2019-10-13T17:38:11Z",
    "eventSource": "elasticloadbalancing.amazonaws.com ",
    "eventName": "ModifyTargetGroupAttributes",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "xxx",
    "userAgent": "aws-sdk-go/1.25.4 (go1.13; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.10 (+https://www.terraform.io)",
    "errorCode": "InvalidConfigurationRequestException",
    "errorMessage": "The provided target group attribute is not supported",
    "requestParameters": {
        "attributes": [
            {
                "value": "300",
                "key": "deregistration_delay.timeout_seconds"
            },
            {
                "value": "false",
                "key": "stickiness.enabled"
            },
            {
                "value": "lb_cookie",
                "key": "stickiness.type"
            },
            {
                "value": "86400",
                "key": "stickiness.lb_cookie.duration_seconds"
            }
        ],
        "targetGroupArn": "arn:aws:elasticloadbalancing:eu-west-1:5xx9883:targetgroup/prod-wp-https-tg/5cfdfxx784aacc"
    },

TCP/TLS target groups cannot have "stickiness" attribute hence the error.

Finally, if I don't include stickiness argument or block, I get:

Error: Network Load Balancers do not support Stickiness

  on ../../modules/tg/main.tf line 4, in resource "aws_lb_target_group" "tg_web":
   4: resource "aws_lb_target_group" "tg_web" {

Which looks like stickiness is enabled by default by Terraform.

References

Closed ticket from 2017/2018 with suggested workarounds, which don't work in my case:

• aws_lb_target_group: When type is network, stickiness not supported #2746

[zicodes]

Okay, I managed to get past this.

Using:

resource "aws_lb_target_group" "tg_web" {
  name     = "${var.name}"
  port     = "${var.port}"
  protocol = "TLS"
  vpc_id   = "${var.vpc_id}"
  target_type = "instance"
}

1. terraform destroy (WARNING: will destroy all terraform managed resources)
2. Changed:

provider "aws" {
  region = "eu-west-1"
}

to

provider "aws" {
  region = "eu-west-1"
  version = "~> 2.0"
}

3. terraform apply (this created all resources correctly)

4. I then attempted removing the version number (back to just having region under aws provider), destroying and applying again, and it successfully completed again.

I will leave the issue open as I feel there might be an issue with terraform managing the resources. Feel free to close it if you think it's appropriate.

Thank you

[atoms42]

For what it's worth, we had been adding

stickiness = []

to the target group for our network load balancer to work around #2746.
However, when upgrading to Terraform 0.12 (using the 0.12upgrade command), the stickiness attribute was removed from the target group. We are still able create the load balancer and target group (and I was able to use the Terraform 0.12 version of our code to update a workspace that had been deployed with Terraform 0.11).

I tested this with Terraform 0.12.9 and 0.12.18 using AWS provider version 2.43

[illegalnumbers]

In Terraform 0.12.20 this does not appear to work and the resource seems to be unusable for NLB's.

[illegalnumbers]

I was not able to use the solution of setting stickiness to a disabled block or to an empty array. Also upgrading to the latest AWS provider didn't help either.

[siliconsheep]

As mentioned above, the workaround of setting stickiness to an empty array or a disabled block does no longer work. Old workflows where the NLB was already created still work fine, but new deployments break because of this.

[hangxie]

Running v2.58.0 now and I'm able to create target group with stickiness disabled by not providing stickiness parameter, I've been following this topic for a while but I'm not sure which TF release fixed this problem.

[madpipeline]

This seems like a duplicate of #9093

[YakDriver]

I'm closing this issue since this problem is fixed with #15295 in v3.10.0.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!