aws_autoscaling_group.bastion: diffs didn't match during apply.

[ghost]

This issue was originally opened by @austindoupnik as hashicorp/terraform#17373. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Terraform Version

Terraform v0.11.3

Terraform Configuration Files

variable name {
  default = "us-west-2-stage"
}

variable region {
  default = "us-west-2"
}

variable availability_zones {
  type = "list"
  default = ["us-west-2a", "us-west-2b", "us-west-2c"]
}

terraform {
  backend "s3" {
    region = "us-west-2"

    encrypt = true
    bucket = "terraform-tfstate-storage-us-west-2-stage"
    key = "us-west-2-stage/terraform.tfstate"

    dynamodb_table = "terraform-tfstate-lock-us-west-2-stage"
  }
}

provider "aws" {
  version = "= 1.9.0"
  region = "${var.region}"
}

# vpc

resource "aws_vpc" "management" {
  cidr_block = "10.0.0.0/16"

  tags {
    Name = "${var.name}-management"
  }
}

resource "aws_internet_gateway" "management" {
  vpc_id = "${aws_vpc.management.id}"

  tags {
    Name = "management"
  }
}

resource "aws_route_table" "bastion" {
  vpc_id = "${aws_vpc.management.id}"

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.management.id}"
  }

  tags {
    Name = "${var.name}"
  }
}

resource "aws_subnet" "bastion" {
  count = "${length(var.availability_zones)}"

  vpc_id = "${aws_vpc.management.id}"
  cidr_block = "10.0.${count.index}.0/24"
  availability_zone = "${element(var.availability_zones, count.index)}"
}

resource "aws_route_table_association" "bastion" {
  count = "${length(var.availability_zones)}"

  subnet_id = "${element(aws_subnet.bastion.*.id, count.index)}"
  route_table_id = "${aws_route_table.bastion.id}"
}

resource "aws_lb" "bastion" {
  name = "${var.name}-bastion"
  internal = false

  enable_deletion_protection = false

  load_balancer_type = "network"

  subnets = ["${aws_subnet.bastion.*.id}"]
}

resource "aws_lb_target_group" "bastion" {
  name = "${var.name}-bastion"
  port = 22
  protocol = "TCP"
  vpc_id = "${aws_vpc.management.id}"
}

resource "aws_lb_listener" "bastion" {
  load_balancer_arn = "${aws_lb.bastion.arn}"
  port = 22
  protocol = "TCP"

  default_action {
    target_group_arn = "${aws_lb_target_group.bastion.arn}"
    type = "forward"
  }
}

resource "aws_security_group" "bastion" {
  vpc_id = "${aws_vpc.management.id}"

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "TCP"
    cidr_blocks = ["###.##.###.###/##", "${aws_subnet.bastion.*.cidr_block}"]
  }

  egress {
    from_port       = 22
    to_port         = 22
    protocol        = "TCP"
    cidr_blocks     = ["###.##.###.###/##", "${aws_subnet.bastion.*.cidr_block}"]
  }
}

resource "aws_launch_configuration" "bastion" {
  image_id = "ami-xxxxxxxx"
  instance_type = "t2.micro"
  key_name = "xxxx-bastion"

  lifecycle {
    create_before_destroy = true
  }

  security_groups = ["${aws_security_group.bastion.id}"]
}

resource "aws_placement_group" "bastion" {
  name = "${var.name}-bastion"
  strategy = "spread"
}

resource "aws_autoscaling_group" "bastion" {
  availability_zones = "${var.availability_zones}"
  name = "${var.name}-bastion"
  max_size = 3
  min_size = 3
  launch_configuration = "${aws_launch_configuration.bastion.name}"
  target_group_arns = ["${aws_lb_target_group.bastion.arn}"]
  vpc_zone_identifier = ["${aws_subnet.bastion.*.id}"]
  enabled_metrics = ["GroupMinSize", "GroupMaxSize", "GroupDesiredCapacity", "GroupInServiceInstances", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"]
  placement_group = "${aws_placement_group.bastion.id}"

  tag {
    key                 = "Name"
    value               = "${var.name}-bastion"
    propagate_at_launch = true
  }
}

# nlb

# asg launch config

# asg

Debug Output

https://gist.github.com/austindoupnik/5880ac45e84afd5b976decb657488fbc

Crash Output

Expected Behavior

Deploy simple prototype of SSH bastion in autoscaling group with load balancer across multiple AZ.

Actual Behavior

Error message telling me to report a bug

Steps to Reproduce

1. terraform init
2. terraform apply

Additional Context

References

• module.asg.aws_autoscaling_group.asg: aws_autoscaling_group.asg: diffs didn't match during apply. terraform#17263

[bflad]

This issue was automatically closed by the documentation update in #3897. The configuration fix for diffs didn't match during apply and Mismatch reason: attribute mismatch: availability_zones.XXXXXX is to remove availability_zones configuration if vpc_zone_identifier is also specified. If you must specify availability_zones due to being used in a module that works with both EC2-Classic and VPC, availability_zones can be set to [] (an empty list).

[NabilZaman]

@bflad I'm encountering the same error, and the prescribed workaround does not work to resolve my issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!