Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Ignore_tags not working as expected with ec2 module #36706

Closed
BharadwajAyinapurapu opened this issue Apr 3, 2024 · 4 comments · Fixed by #37441
Closed

[Bug]: Ignore_tags not working as expected with ec2 module #36706

BharadwajAyinapurapu opened this issue Apr 3, 2024 · 4 comments · Fixed by #37441
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. tags Pertains to resource tagging.
Milestone
v5.72.0

Comments

@BharadwajAyinapurapu
Copy link

Terraform Core Version

1.7.4

AWS Provider Version

5.43.0

Affected Resource(s)

I am using ec2-instance module in AWS to create an EC2 instance. Here's the main.tf


terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

provider "aws" {
  region = var.region
  ignore_tags {
    keys         = ["LastAttachInstance", "LastAttachTime", "Company", "Launched_by", "PrincipalId"]
    key_prefixes = ["c7n:"]
  }
}

module "sonar_rhel8_instance" {
  source                        = "terraform-aws-modules/ec2-instance/aws"
  count                         = var.instance_count
  name                         = "sonarqube-rhel8-instance-${count.index + 1}"
  ami                            = var.spg_rhel8_ami
  instance_type            = var.sonar_instance_type
  metadata_options     = { "http_tokens" : "required" }
  root_block_device     = [{
    encrypted  = true
    kms_key_id = var.sonar_kms_key_id
  }]
  ebs_block_device      = [{
    device_name = "/dev/sdb"
    volume_size = 100
    encrypted   = true
    kms_key_id  = var.sonar_kms_key_id
  }]
  ebs_optimized          = true
  tags = merge(
    var.sonar_aws_tags,
    {
      Name                 = "sonarqube-rhel8-instance-${count.index + 1}",
      Maintenance_Schedule = var.maintenance_schedule[count.index % length(var.maintenance_schedule)],
    },
  )
  volume_tags              = merge(
    var.sonar_aws_tags,
    {
        Name        = "sonarqube-rhel8-instance-${count.index + 1}",
        Environment = var.environment_name,
        AWSBackup   = "EBS-Daily",
    },
  )
}

I have created the instance using terraform. Tags specified are getting ignored, whereas volume_tags are not getting iignored.

Expected Behavior

Instance tags as well as Volume_tags getting ignore.

Actual Behavior

This is the terraform plan output. As we can see it is detecting the changes in volume tags. It is changing the volume tags' value to null, which it shouldn't as we mentioned terraform to ignore the tags.

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.sonar_rhel8_instance[0].aws_instance.this[0] will be updated in-place
  ~ resource "aws_instance" "this" {
        id                                   = "i-0d8f73187b4ca6634"
        tags                                 = {
            "AWSBackup"            = "EC2-Monthly"
            "AppID"                = "2D3A0CF2-37F6-41CE-B5C1-C6AA6DE0FC8B"
            "BU"                   = "Platts"
            "Backup"               = "Daily"
            "Environment"          = "DEV"
            "Maintenance_Schedule" = "2nd-Tue-plus1d-06:00UTC"
            "Name"                 = "plt-ia-sonarqube-default-rhel8-instance-1"
            "Owner"                = "irum.malik@spglobal.com"
            "Project"              = "Platts Techops"
            "Support_Group"        = "PL-PAS-Techops"
            "Technology"           = "Platts SonarQube"
            "Used_For"             = "Application Server"
        }
      ~ volume_tags                          = {
          - "Company"       = "spgi_volume" -> null
          - "Launched_by"   = "bharadwaj.a@spglobal.com" -> null
          - "PrincipalId"   = "AROAJXSACXP7NVTGZL5W4:bharadwaj.a@spglobal.com" -> null
            # (11 unchanged elements hidden)
        }
        # (31 unchanged attributes hidden)

        # (10 unchanged blocks hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

However it is working as expected if we use resource blocks to create EC2 instance and EBS volume respectively.
So is this an issue with module. Any suggestions/workarounds for this please?

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
    }
  }
}

provider "aws" {
  region = var.region
  ignore_tags {
    keys         = ["LastAttachInstance", "LastAttachTime", "Company", "Launched_by", "PrincipalId"]
    key_prefixes = ["c7n:"]
  }
}

module "sonar_rhel8_instance" {
  source               = "terraform-aws-modules/ec2-instance/aws"
  count                = var.instance_count
  name                 = "plt-ia-sonarqube-${terraform.workspace}-rhel8-instance-${count.index + 1}"
  ami                  = var.spg_rhel8_ami
  instance_type        = var.sonar_instance_type
  metadata_options     = { "http_tokens" : "required" }
  root_block_device = [{
    encrypted  = true
    kms_key_id = var.sonar_kms_key_id
  }]
  ebs_block_device = [{
    device_name = "/dev/sdb"
    volume_size = 100
    encrypted   = true
    kms_key_id  = var.sonar_kms_key_id
  }]
  ebs_optimized = true
  tags = merge(
    var.sonar_aws_tags,
    {
      Name                 = "plt-ia-sonarqube-${terraform.workspace}-rhel8-instance-${count.index + 1}",
      Maintenance_Schedule = var.maintenance_schedule[count.index % length(var.maintenance_schedule)],
    },
  )
  volume_tags = merge(
    var.sonar_aws_tags,
    {
        Name        = "plt-ia-sonarqube-${terraform.workspace}-rhel8-instance-${count.index + 1}",
        Environment = var.environment_name,
        AWSBackup   = "EBS-Daily",
    },
  )
}

Steps to Reproduce

  1. Ran the terraform apply to create the instances
  2. Created tags manually on the AWS console for EC2 instance as well as the volume created
  3. Ran the terraform plan to check if the changes are ignored by terraform
  4. Instance tags are getting ignored but not the volume tags

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@BharadwajAyinapurapu BharadwajAyinapurapu added the bug Addresses a defect in current functionality. label Apr 3, 2024
@github-actions github-actions bot added the service/ec2 Issues and PRs that pertain to the ec2 service. label Apr 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 3, 2024

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Apr 3, 2024
@justinretzolk justinretzolk added tags Pertains to resource tagging. and removed needs-triage Waiting for first response or review from a maintainer. labels Apr 8, 2024
0xkag pushed a commit to 0xkag/terraform-provider-aws that referenced this issue May 10, 2024
Fix for default_tags and tags on EC2 block devices
2beda36 
`default_tags` support for EC2 root block devices was introduced in
hasicorp/terraform-provider-aws#33769, which is great ... except it
makes the mix of `default_tags` and `tags` on a `root_block_device`
perpetually showing drift even when there is none.

The solution is to not remove the default tags config from the volume
tags in ec2_instance.

This diff fixes hashicorp#36448 for us in our
environment (which references hashicorp#33769 as
the change that introduced this bug).

This diff possibly fixes hashicorp#36706 too, but
we weren't hitting this issue.
0xkag pushed a commit to 0xkag/terraform-provider-aws that referenced this issue May 10, 2024
Fix for default_tags and tags on EC2 block devices
add7648 
`default_tags` support for EC2 root block devices was introduced in
hasicorp/terraform-provider-aws#33769, which is great ... except it
makes the mix of `default_tags` and `tags` on a `root_block_device`
perpetually showing drift even when there is none.

The solution is to not remove the default tags config from the volume
tags in ec2_instance.

This diff fixes hashicorp#36448 for us in our
environment (which references hashicorp#33769 as
the change that introduced this bug).

This diff possibly fixes hashicorp#36706 too, but
we weren't hitting this issue.
@0xkag 0xkag mentioned this issue May 10, 2024
Merged
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

1 similar comment
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 9, 2024

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

@github-actions github-actions bot added this to the v5.71.0 milestone Oct 9, 2024
@github-actions GitHub Actions
Copy link

This functionality has been released in v5.72.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/ec2 Issues and PRs that pertain to the ec2 service. tags Pertains to resource tagging.
Projects
None yet
Milestone
v5.72.0
Development

Successfully merging a pull request may close this issue.

Fix for default_tags and tags on EC2 block devices 0xkag/terraform-provider-aws
2 participants
@justinretzolk @BharadwajAyinapurapu