Hi,
I built wafv2 with resource “aws_wafv2_web_acl”. And associated this WAF with multiple ALBs by using
(I saved all of ALB arns into a list.)
resource "aws_wafv2_web_acl_association" "aws_alb" {
count = length(var.aws_lb_arn_list)
resource_arn = var.aws_lb_arn_list[count.index]
web_acl_arn = aws_wafv2_web_acl.webacl.arn
}
Everything is working fine. But one day I found a weird issue that some of ALBs got dropped from this association. Let’s say I have 6 ALBs, at the beginning, the WAF associates with these 6 ALBs. But somehow(no one changed the code), maybe 3 of them will be dropped, only 3 still associated with the WAF. When I run terraform plan, it will show you 3 new associations need to be created.
module.aws_waf.aws_wafv2_web_acl_association.aws_alb[0] will be created
module.aws_waf.aws_wafv2_web_acl_association.aws_alb[1] will be created
But checking the tf state file, you will be able see these 6 associations are there. Not sure why these 3 association got deleted on AWS, but the tf state file got unchanged.
(All Albs are in the same region.)
part of remote tf state file
"module": "module.aws_waf",
"mode": "managed",
"type": "aws_wafv2_web_acl_association",
"name": "aws_alb",
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [
{
"index_key": 0,
"schema_version": 0,
xxxx xxxx
},
{
"index_key": 1,
"schema_version": 0,
xxxx xxxx
},
{
"index_key": 2,
"schema_version": 0,
xxxx xxxx
}
... ...
]