Hey,
I’m actively using Terraform and its really good but i’m facing an issue like Every time MSK is getting recreated.
Could some one help me how to resolve this issue?
Thank you so much for your kind favor and pretty much appreciated.
Thank you,
Bala
Hey @balarajuaws68,
Is there any way that I might be able to get a sample of your code so that I can help you out further?
Sincerely,
Taylor Dolezal
Hey Taylor,
Thank you so much for you response and here is the Terraform Plan Output,
# module.dev.module.msk_cluster.aws_msk_cluster.msk_cluster must be replaced
-/+ resource "aws_msk_cluster" "msk_cluster" {
~ arn = "arn:aws:kafka:us-west-1:xxxxxxxxxxxx:cluster/app-dev-msk-cluster/e631ff72-0e4e-4736-9ed4-ad26f3175a62-2" -> (known after apply)
+ bootstrap_brokers = (known after apply)
~ bootstrap_brokers_tls = "b-2.app-dev-msk-cluster.xxxxxx.c2.kafka.us-west-1.amazonaws.com:9094,b-1.app-dev-msk-cluster.xxxxxx.c2.kafka.us-west-1.amazonaws.com:9094" -> (known after apply)
cluster_name = "app-dev-msk-cluster"
~ current_version = "K3JWKAKR8XB7XF" -> (known after apply)
enhanced_monitoring = "DEFAULT"
~ id = "arn:aws:kafka:us-west-1:xxxxxxxxxxxx:cluster/app-dev-msk-cluster/e631ff72-0e4e-4736-9ed4-ad26f3175a62-2" -> (known after apply)
kafka_version = "2.2.1"
number_of_broker_nodes = 2
tags = {
"Name" = "app-dev-msk-cluster"
"Source" = "terraform"
}
~ zookeeper_connect_string = "z-3.app-dev-msk-cluster.xxxxxx.c2.kafka.us-west-1.amazonaws.com:2181,z-1.app-dev-msk-cluster.xxxxxx.c2.kafka.us-west-1.amazonaws.com:2181,z-2.app-dev-msk-cluster.xxxxxx.c2.kafka.us-west-1.amazonaws.com:2181" -> (known after apply)
broker_node_group_info {
az_distribution = "DEFAULT"
client_subnets = [
"subnet-xxxxxxxx",
"subnet-xxxxxxxx",
]
ebs_volume_size = 100
instance_type = "kafka.m5.xlarge"
security_groups = [
"sg-xxxxxxxx",
]
}
configuration_info {
arn = "arn:aws:kafka:us-west-1:xxxxxxxxxxxx:configuration/msk-config-v-1/aa557e1f-2501-4347-8296-61c8138601f6-2"
revision = 1
}
- encryption_info {
- encryption_at_rest_kms_key_arn = "arn:aws:kms:us-west-1:xxxxxxxxxxxx:key/7d01aa50-1b48-4330-8c02-9ac3c4b95342" -> null
- encryption_in_transit {
- client_broker = "TLS" -> null # forces replacement
- in_cluster = true -> null
}
}
logging_info {
broker_logs {
cloudwatch_logs {
enabled = true
log_group = "app-dev-msk-loggroup"
}
}
}
- open_monitoring {
- prometheus {
- jmx_exporter {
- enabled_in_broker = false -> null
}
- node_exporter {
- enabled_in_broker = false -> null
}
}
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
encryption_info {
- encryption_at_rest_kms_key_arn = “arn:aws:kms:us-west-1” -> null
- encryption_in_transit {
- client_broker = "TLS" -> null # forces replacement
- in_cluster = true -> null
}
}
here Encryption TLS Null Forces Replacement. Is there any way to avoid?
Thank you so much for your favor in advance,
Actual Code I came up,
resource "aws_msk_cluster" "msk_cluster" {
cluster_name = "${var.msk_cluster_name}"
kafka_version = "${var.msk_cluster_version}"
number_of_broker_nodes = "${var.msk_cluster_no_of_brokers}"
broker_node_group_info {
instance_type = "${var.msk_cluster_instance_type}"
ebs_volume_size = "${var.msk_cluster_volume_size}"
client_subnets = [
"${var.public_subnet_id_1_mod}",
"${var.private_subnet_id_1_mod}"
]
security_groups = ["${var.sg_pri_1_id_mod}"]
}
# encryption_info {
# encryption_at_rest_kms_key_arn = "${var.kms_key_arn_mod}"
# }
# open_monitoring {
# prometheus {
# jmx_exporter {
# enabled_in_broker = true
# }
# node_exporter {
# enabled_in_broker = true
# }
# }
# }
logging_info {
broker_logs {
cloudwatch_logs {
enabled = true
log_group = "${var.msk_loggroup_name_mod}"
}
# firehose {
# enabled = true
# delivery_stream = "${aws_kinesis_firehose_delivery_stream.test_stream.name}"
# }
# s3 {
# enabled = true
# bucket = "${aws_s3_bucket.bucket.id}"
# prefix = "logs/msk-"
# }
}
}
configuration_info {
arn = "${var.msk_config_arn_mod}"
revision = "1"
}
tags = {
Name = "${var.msk_cluster_name}"
Source = "${var.infra_source}"
}
}
Hey Taylor,
Good day and did you got a chance to look into this? It will really a great favor if you could help me with.
Thank you so much
Hello @balarajuaws68,
Taking a look at your code, this does look good! I am not 100% certain on why you’d be experiencing that situation where your cluster keeps needing to be recreated 
That being said, do any of your variables change in between runs, or do any of them use the file() function?
Sincerely,
Taylor Dolezal
its telling below encryption event forces replacement, do we have to look something over here?
Thank you,
Bala