Stickiness not getting applied for single target group block for aws_lb_listener and aws_lb_listener_rule

[ccsandhanshive]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.12.31

provider.aws v3.61.0

Affected Resource(s)

aws_lb_listener, aws_lb_listener_rule

Terraform Configuration Files

resource "aws_lb_listener" "front_end" {
  load_balancer_arn = "arn:aws:elasticloadbalancing:ap-northeast-1:***************:loadbalancer/app/test/d177a11049a4f42e"
  port              = "443"
  protocol          = "HTTPS"
  certificate_arn   = "arn:aws:acm:ap-northeast-1:*****************:certificate/767016b0-b2d7-4e94-975b-58608914a916"
  default_action {
    type = "authenticate-oidc"

    authenticate_oidc {
      authorization_endpoint = "https://example.com/authorization_endpoint"
      client_id              = "client_id"
      client_secret          = "client_secret"
      issuer                 = "https://example.com"
      token_endpoint         = "https://example.com/token_endpoint"
      user_info_endpoint     = "https://example.com/user_info_endpoint"
    }
  }
  default_action {
    type = "forward"
    forward {
      target_group {
        arn    = "arn:aws:elasticloadbalancing:ap-northeast-1:****************:targetgroup/test/dc4a70bef59e09cd"
        weight = 5
      }

      stickiness {
        duration = 60
        enabled  = true
      }
    }
  }
}

Above given code snippet is terraform provided example for aws_lb_listener

Expected Behavior

On successful creation of the resource during first terraform apply, the consecutive terraform apply commands should not show any kind of changes in the resource and the stickiness block should get applied successfully

Actual Behavior

During second terraform apply command terraform shows changes in the resources resulting in omission of stickiness block

Steps to Reproduce

1. terraform apply
2. terraform apply

[justinretzolk]

Hey @ccsandhanshive 👋 Thank you for taking the time to raise this issue. So that we have all of the necessary information in order to investigate this, can you supply debug logs (redacted as necessary) as well?

[ccsandhanshive]

As requested please find the requisite details
output of terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_lb_listener.front_end will be created
  + resource "aws_lb_listener" "front_end" {
      + arn               = (known after apply)
      + certificate_arn   = "arn:aws:acm:ap-northeast-1:**************:certificate/767016b0-b2d7-4e94-975b-58608914a916"
      + id                = (known after apply)
      + load_balancer_arn = "arn:aws:elasticloadbalancing:ap-northeast-1:**************:loadbalancer/app/test/d177a11049a4f42e"
      + port              = 443
      + protocol          = "HTTPS"
      + ssl_policy        = (known after apply)
      + tags_all          = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "authenticate-oidc"

          + authenticate_oidc {
              + authorization_endpoint     = "https://example.com/authorization_endpoint"
              + client_id                  = "client_id"
              + client_secret              = (sensitive value)
              + issuer                     = "https://example.com"
              + on_unauthenticated_request = (known after apply)
              + scope                      = (known after apply)
              + session_cookie_name        = (known after apply)
              + session_timeout            = (known after apply)
              + token_endpoint             = "https://example.com/token_endpoint"
              + user_info_endpoint         = "https://example.com/user_info_endpoint"
            }
        }
      + default_action {
          + order = (known after apply)
          + type  = "forward"

          + forward {
              + stickiness {
                  + duration = 60
                  + enabled  = true
                }

              + target_group {
                  + arn    = "arn:aws:elasticloadbalancing:ap-northeast-1:****************:targetgroup/test/dc4a70bef59e09cd"
                  + weight = 5
                }
            }
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_lb_listener.front_end: Creating...
aws_lb_listener.front_end: Creation complete after 6s [id=arn:aws:elasticloadbalancing:ap-northeast-1:******************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

output of second terraform apply

aws_lb_listener.front_end: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-1:*************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_lb_listener.front_end will be updated in-place
  ~ resource "aws_lb_listener" "front_end" {
        arn               = "arn:aws:elasticloadbalancing:ap-northeast-1:****************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2"
        certificate_arn   = "arn:aws:acm:ap-northeast-1:***************:certificate/767016b0-b2d7-4e94-975b-58608914a916"
        id                = "arn:aws:elasticloadbalancing:ap-northeast-1:*****************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2"
        load_balancer_arn = "arn:aws:elasticloadbalancing:ap-northeast-1:**************:loadbalancer/app/test/d177a11049a4f42e"
        port              = 443
        protocol          = "HTTPS"
        ssl_policy        = "ELBSecurityPolicy-2016-08"
        tags              = {}
        tags_all          = {}

        default_action {
            order = 1
            type  = "authenticate-oidc"

            authenticate_oidc {
                authentication_request_extra_params = {}
                authorization_endpoint              = "https://example.com/authorization_endpoint"
                client_id                           = "client_id"
                client_secret                       = (sensitive value)
                issuer                              = "https://example.com"
                on_unauthenticated_request          = "authenticate"
                scope                               = "openid"
                session_cookie_name                 = "AWSELBAuthSessionCookie"
                session_timeout                     = 604800
                token_endpoint                      = "https://example.com/token_endpoint"
                user_info_endpoint                  = "https://example.com/user_info_endpoint"
            }
        }
      ~ default_action {
            order            = 2
          - target_group_arn = "arn:aws:elasticloadbalancing:ap-northeast-1:*************:targetgroup/test/dc4a70bef59e09cd" -> null
            type             = "forward"

          + forward {
              + stickiness {
                  + duration = 60
                  + enabled  = true
                }

              + target_group {
                  + arn    = "arn:aws:elasticloadbalancing:ap-northeast-1:***************:targetgroup/test/dc4a70bef59e09cd"
                  + weight = 5
                }
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_lb_listener.front_end: Modifying... [id=arn:aws:elasticloadbalancing:ap-northeast-1:****************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2]
aws_lb_listener.front_end: Modifications complete after 6s [id=arn:aws:elasticloadbalancing:ap-northeast-1:***********************:listener/app/test/d177a11049a4f42e/2911feaec44c69d2]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

[ccsandhanshive]

@justinretzolk are there any updates on this

[justinretzolk]

Hey @ccsandhanshive 👋 Thank you for posting those run logs. If possible, full debug logs may help the team to investigate more easily. Unfortunately, I'm not able to provide a timeline for when the team will be able to investigate, however, we use the ":+1:" reactions to issues in order to help with prioritization, so if others are also experiencing this, it may help to bump it up in prioritization.

[ccsandhanshive]

As requested please find the attachment containing DEBUG log of stickiness issue
Redacted wherever necessary
stickiness_debug_log.log

[ccsandhanshive]

@justinretzolk are there any updates on this

[github-actions]

This functionality has been released in v5.36.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.