Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: aws_lb_target_group with target_type of instance and ip_address_type of ipv6 gets created as ipv4 #35010

Closed
aslatter opened this issue Dec 20, 2023 · 8 comments · Fixed by #36423
Labels
bug Addresses a defect in current functionality. service/elbv2 Issues and PRs that pertain to the elbv2 service.
Milestone

Comments

@aslatter
Copy link

Terraform Core Version

1.6.6

AWS Provider Version

5.31.0

Affected Resource(s)

  • aws_lb_target_group

Expected Behavior

When I create a target-group with a target-type of "instance" and ip-address-type of "ipv6", the target-group should get created with an ip-address-type of "ipv6" (or there should be an error).

Actual Behavior

The target group gets created with an ip-address-type of "ipv4".

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

main.tf:

variable "region" {
  default = "us-east-1"
}

provider "aws" {
  region = var.region
}

resource "aws_vpc" "main" {

  cidr_block = "10.0.0.0/16"
  assign_generated_ipv6_cidr_block = true

  // https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html
  enable_dns_support   = true
  enable_dns_hostnames = true

  tags = {
    Name = "vpc"
  }
}


resource "aws_lb_target_group" "http" {
  name_prefix     = "http-"
  target_type     = "instance"
  protocol        = "TCP"
  port            = "80"
  ip_address_type = "ipv6"
  vpc_id          = aws_vpc.main.id

  lifecycle {
    // we can't delete a target-group if its in-use by the
    // listener default-action.
    create_before_destroy = true
  }
}

Lockfile:

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/hashicorp/aws" {
  version = "5.31.0"
  hashes = [
    "h1:WwgMbMOhZblxZTdjHeJf9XB2/hcSHHmpuywLxuTWYw0=",
    "zh:0cdb9c2083bf0902442384f7309367791e4640581652dda456f2d6d7abf0de8d",
    "zh:2fe4884cb9642f48a5889f8dff8f5f511418a18537a9dfa77ada3bcdad391e4e",
    "zh:36d8bdd72fe61d816d0049c179f495bc6f1e54d8d7b07c45b62e5e1696882a89",
    "zh:539dd156e3ec608818eb21191697b230117437a58587cbd02ce533202a4dd520",
    "zh:6a53f4b57ac4eb3479fc0d8b6e301ca3a27efae4c55d9f8bd24071b12a03361c",
    "zh:6faeb8ff6792ca7af1c025255755ad764667a300291cc10cea0c615479488c87",
    "zh:7d9423149b323f6d0df5b90c4d9029e5455c670aea2a7eb6fef4684ba7eb2e0b",
    "zh:8235badd8a5d0993421cacf5ead48fac73d3b5a25c8a68599706a404b1f70730",
    "zh:860b4f60842b2879c5128b7e386c8b49adeda9287fed12c5cd74861bb659bbcd",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:b021fceaf9382c8fe3c6eb608c24d01dce3d11ba7e65bb443d51ca9b90e9b237",
    "zh:b38b0bfc1c69e714e80cf1c9ea06e687ee86aa9f45694be28eb07adcebbe0489",
    "zh:c972d155f6c01af9690a72adfb99cfc24ef5ef311ca92ce46b9b13c5c153f572",
    "zh:e0dd29920ec84fdb6026acff44dcc1fb1a24a0caa093fa04cdbc713d384c651d",
    "zh:e3127ebd2cb0374cd1808f911e6bffe2f4ac4d84317061381242353f3a7bc27d",
  ]
}

Steps to Reproduce

Run terraform apply twice.

The first invocation will succeed, but the second invocation will re-create the target-group because it's ip-address-type is "ipv4" not "ipv6". This re-creation will happen during every apply.

Debug Output

In the trace of the provider it looks like we're not specifying the ip-address-type in the CreateTargetGroup API-call:

2023-12-20T08:38:46.562-0600 [DEBUG] provider.terraform-provider-aws_v5.31.0_x5: HTTP Request Sent: @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.46/logger.go:109 aws.region=us-east-1 http.user_agent="APN/1.0 HashiCorp/1.0 Terraform/1.6.6 (+https://www.terraform.io) terraform-provider-aws/5.31.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.49.2 (go1.20.11; linux; amd64)" rpc.service="Elastic Load Balancing v2" tf_req_id=6b855e46-61c3-64f3-421d-0670f6d3956f @module=aws rpc.method=CreateTargetGroup net.peer.name=elasticloadbalancing.us-east-1.amazonaws.com tf_mux_provider="*schema.GRPCProviderServer" tf_rpc=ApplyResourceChange http.flavor=1.1 http.request.header.content_type="application/x-www-form-urlencoded; charset=utf-8" http.request.header.authorization="AWS4-HMAC-SHA256 Credential=ASIA************GXGF/20231220/us-east-1/elasticloadbalancing/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date;x-amz-security-token, Signature=*****" http.request_content_length=149 tf_resource_type=aws_lb_target_group http.request.header.x_amz_security_token="*****" http.url=https://elasticloadbalancing.us-east-1.amazonaws.com/ rpc.system=aws-api http.method=POST
  http.request.body=
  | Action=CreateTargetGroup&Name=http-20231220143846117300000001&Port=80&Protocol=TCP&TargetType=instance&Version=2015-12-01&VpcId=vpc-0f3f08e00e4929dd1
   http.request.header.x_amz_date=20231220T143846Z tf_aws.sdk=aws-sdk-go tf_provider_addr=registry.terraform.io/hashicorp/aws timestamp=2023-12-20T08:38:46.561-0600
2023-12-20T08:38:47.116-0600 [DEBUG] provider.terraform-provider-aws_v5.31.0_x5: HTTP Response Received: aws.region=us-east-1 rpc.method=CreateTargetGroup tf_mux_provider="*schema.GRPCProviderServer" tf_provider_addr=registry.terraform.io/hashicorp/aws http.response.header.x_amzn_requestid=cc29345c-f9c7-430b-a43f-0203065a1f75 http.response_content_length=1191 tf_aws.sdk=aws-sdk-go tf_resource_type=aws_lb_target_group http.duration=554 http.response.header.content_type=text/xml http.response.header.date="Wed, 20 Dec 2023 14:38:46 GMT" @module=aws rpc.service="Elastic Load Balancing v2" tf_req_id=6b855e46-61c3-64f3-421d-0670f6d3956f tf_rpc=ApplyResourceChange http.status_code=200 rpc.system=aws-api @caller=github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2@v2.0.0-beta.46/logger.go:157
  http.response.body=
  | <CreateTargetGroupResponse xmlns="http://elasticloadbalancing.amazonaws.com/doc/2015-12-01/">
  |   <CreateTargetGroupResult>
  |     <TargetGroups>
  |       <member>
  |         <HealthCheckEnabled>true</HealthCheckEnabled>
  |         <TargetGroupArn>arn:aws:elasticloadbalancing:us-east-1:261174026058:targetgroup/http-20231220143846117300000001/df97c2fd8960e06c</TargetGroupArn>
  |         <HealthCheckTimeoutSeconds>10</HealthCheckTimeoutSeconds>
  |         <HealthCheckPort>traffic-port</HealthCheckPort>
  |         <TargetType>instance</TargetType>
  |         <HealthCheckProtocol>TCP</HealthCheckProtocol>
  |         <TargetGroupName>http-20231220143846117300000001</TargetGroupName>
  |         <IpAddressType>ipv4</IpAddressType>
  |         <Protocol>TCP</Protocol>
  |         <Port>80</Port>
  |         <VpcId>vpc-0f3f08e00e4929dd1</VpcId>
  |         <HealthyThresholdCount>5</HealthyThresholdCount>
  |         <HealthCheckIntervalSeconds>30</HealthCheckIntervalSeconds>
  |         <UnhealthyThresholdCount>2</UnhealthyThresholdCount>
  |       </member>
  |     </TargetGroups>
  |   </CreateTargetGroupResult>
  |   <ResponseMetadata>
  |     <RequestId>cc29345c-f9c7-430b-a43f-0203065a1f75</RequestId>
  |   </ResponseMetadata>
  | </CreateTargetGroupResponse>
   timestamp=2023-12-20T08:38:47.116-0600

Panic Output

No response

Important Factoids

It might be related to this bit in target_group.go:

		if targetType == elbv2.TargetTypeEnumIp {
			if v, ok := d.GetOk("ip_address_type"); ok {
				input.IpAddressType = aws.String(v.(string))
			}
		}

That is, we only apply the ip_address_type argument for target-groups with an "ip" target-type.

The REST API docs for ELB doesn't mention this as a restriction of the IpAddressType argument, and the AWS Console seems to allow me to create an "instance" target-group as "ipv6".

References

No response

Would you like to implement a fix?

None

@aslatter aslatter added the bug Addresses a defect in current functionality. label Dec 20, 2023
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/elbv2 Issues and PRs that pertain to the elbv2 service. service/vpc Issues and PRs that pertain to the vpc service. labels Dec 20, 2023
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Dec 20, 2023
@justinretzolk justinretzolk removed needs-triage Waiting for first response or review from a maintainer. service/vpc Issues and PRs that pertain to the vpc service. labels Jan 11, 2024
@alberhander
Copy link

alberhander commented Jan 24, 2024

I'm experiencing the same limitation: I'm not able to create target groups of target_type instance with ip_address_type ipv6 using Terraform, while I can through the AWS console.

In my case I'm creating the target groups through the AWS ALB module but the behaviour is the same. This is a snippet of one of the target groups:

target_groups = {
    target_http = {
      name_prefix = "http-"
      protocol    = "TCP"
      port            = 80
      target_type     = "instance"
      ip_address_type = "ipv6"
      vpc_id          = data.terraform_remote_state.vpc.outputs.vpc_id
      health_check = {
        enabled  = true
        protocol = "TCP"
      }
      create_attachment = false
    }
 ...
 }

The target groups get actually created in ipv4 mode (see screenshot below) and every new terraform plan will show the target groups are going to be re-created.

module.ingress_nlb.aws_lb_target_group.this["http"] must be replaced
+/- resource "aws_lb_target_group" "this" {
      ~ ip_address_type                    = "ipv4" -> "ipv6" # forces replacement

Screenshot from 2024-01-24 18-00-48

Reading the aws_lb_target_group resource documentation it says this attribute is only supported when target_type is set to ip.
Screenshot from 2024-01-24 17-47-41

I wonder if there is a temporary workaround for this.

@arianvp
Copy link
Contributor

arianvp commented Mar 16, 2024

Is there any plan to work on this? AWS started charging for IPv4 and it's not psosible to create an autoscaling group with an IPv6 target group at the moment which is rather annoying

@arianvp
Copy link
Contributor

arianvp commented Mar 16, 2024

Even if this would work; it's currently not possible to create an EC2 instance that is compatible with IPv6 target groups.

You can only add EC2 instances to an IPv6 target group that have a Primary IPV6 address. This feature is not implemented in Terraform. I opened a separate issue for that:

#36424

Copy link

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

1 similar comment
Copy link

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v5.59.0 milestone Jul 12, 2024
Copy link

This functionality has been released in v5.59.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 19, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/elbv2 Issues and PRs that pertain to the elbv2 service.
Projects
None yet
4 participants