aws_lb_listener_rule: Stickiness block not removed from state

[ian-bartholomew]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v0.12.29
+ provider.aws v3.2.0
+ provider.null v2.1.2

Affected Resource(s)

• aws_XXXXX

Terraform Configuration Files

resource "aws_lb_listener_rule" "httpsecure_prod" {
  count        = local.is_prod ? 1 : 0
  depends_on   = [null_resource.health]
  listener_arn = data.aws_alb_listener.https.arn

  priority = 48001


  action {
    order = 1
    type  = "forward"
    forward {

      dynamic "target_group" {
        for_each = local.target_groups

        content {
          arn    = target_group.value.arn
          weight = target_group.value.weight
        }
      }
    }
  }

  condition {
    host_header {
      values = [
        "foo.com",
        "bar.foo.com"
      ]
    }
  }
}

Expected Behavior

When stickiness is not declared in the resource, the listener rule should not use it

Actual Behavior

We had previously had a rule with stickiness enabled, and applied it. Later our use case changed and we removed it. Yesterday we went to update the rule and got this error when applying:

aws_lb_listener_rule.httpsecure_prod[0]: Modifying... [id=arn:aws:elasticloadbalancing:*********:xxxx:listener-rule/app/foo-production-app/xxx/xxx/xxx]

Error: Error modifying LB Listener Rule: ValidationError: Target group stickiness duration must be between 1 and 604800 seconds
	status code: 400, request id: xxx-xxx-xxx-xxx-xxxxx

Checking in the AWS console, the listener rule didn't have stickiness enabled. Looking into the plan, we can see that the plan does include the stickiness:

resource "aws_lb_listener_rule" "httpsecure_prod" {
      ...
      ~ action {
            order = 1
            type  = "forward"

          ~ forward {
                stickiness {
                    duration = 0
                    enabled  = false
                }
            ... 
            }
        }
}

Steps to Reproduce

1. terraform apply with stickiness defied in an aws_lb_listener_rule
2. Remove the stickiness block from the rule
3. Run terraform apply again, and notice the above error.

[anGie44]

Hi @ian-bartholomew, thank you for creating this issue! Looking at the plan output you've provided as well as reproducing this locally, seems there's a bug in the diff created as the entire stickiness block should be marked for removal with something like:

  ~ action {
            order = 1
            type  = "forward"

          ~ forward {
              - stickiness {
                  - duration = 3600 -> null
                  - enabled  = true -> null
                }

This could stem from some custom logic in the resource that modifies the diff behavior, so further investigation is needed. In the meantime, I would recommend disabling stickiness with enabled=false instead of removing the entire block as this behavior here will persist.

[ian-bartholomew]

@anGie44 Sorry for the late reply, but thank you. I did what you suggested as a workaround and that worked. Thanks!

[likai057187]

Hopefully the information below is helpful for you guys. My terraform version is 0.12.24 though. But by checking the release nots, I don't think it makes any difference from your TF version.

I think terraform is unable to remove the stickiness because it's trying to set duration value back to 0. However, the minimum value of the duration is 1 in AWS. That's exactly what you got from the error.

I'm actually getting the same error with different scenario, see follow steps:

1. Apply a listener rule with 100% traffic forwarding to target group 1 and 0% traffic to target group 2.
2. Adjust the percentages to 80% vs 20%
3. Apply again.
4. Got the same error as yours.

It seems like the default stickiness state in terraform is:
stickiness {
duration = 0
enabled = false
}
Which is wrong.

So couple of problems here:

1. Default stickiness state is wrong.
2. Why we even need to update the stickiness state since in my case I'm not using it from beginning to the end.
3. "duration" is a required field in stickiness block. If that's intended, this document may need to be updated: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener_rule

[bcsgh]

I've run into exactly the same case as likai057187. It seems that a workaround is to use:

stickiness {
  duration = 1  // Or any other non-zero value.
  enabled  = false
}

[wesley-staples]

This is still an issue with terraform 14.4 and "registry.terraform.io/hashicorp/aws" 3.29.1

bcsgh's workaround has resolved this for me.

[nueces]

Having the same issue here, this is my conf

resource "aws_lb_listener" "https" {
  load_balancer_arn = aws_lb.alb.arn
  port              = "443"
  protocol          = "HTTPS"
  ssl_policy        = "ELBSecurityPolicy-TLS-1-2-2017-01"
  certificate_arn   = data.aws_acm_certificate.main_domain.arn

  default_action {
    order = 1
    type  = "forward"

    forward {
      stickiness {
        duration = 1
        enabled  = false
      }
      target_group {
        arn    = aws_lb_target_group.blue.arn
        weight = 100
      }
      target_group {
        arn    = aws_lb_target_group.green.arn
        weight = 0
      }
    }
  }

but every time that I made a plan got this drift

      ~ default_action {
            # (2 unchanged attributes hidden)

          ~ forward {
              ~ stickiness {
                  ~ duration = 1 -> 0
                    # (1 unchanged attribute hidden)
                }

                # (2 unchanged blocks hidden)
            }
        }

But if inside of the stickiness block I set the duration = 0 got this error

Error: expected default_action.0.forward.0.stickiness.0.duration to be in the range (1 - 604800), got 0

  with aws_lb_listener.https,
  on webservers.tf line 194, in resource "aws_lb_listener" "https":
 194:         enabled  = false

I been try to add a ignore_changes in the lifecycle without luck

  lifecycle {
    ignore_changes = [
      default_action[0].forward[0].stickiness[0].duration,
    ]
  }

[deepdish24]

Has this issue been fixed yet? I am still running into it and the workarounds mentioned here did not work for me

[GreasyAvocado]

Any update on this?

[gdavison]

Related to #22526

[github-actions]

This functionality has been released in v5.36.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.