Modify Launch Template without Triggering Autoscale Event

Terraform Providers AWS
1

I have several instances of autoscale groups (ASG) that depend on launch templates, which in turn specify the ASG’s AMI. The AMI changes from time to time. How can we:

  • Always launch new instances with the latest AMI
  • Never destroy old instances in ASG when a launch template version or AMI changes

Detail:

In one of our newer cases the AMI is dynamically selected by TF in the usual way, e.g.

data "aws_ami" "someAmi" {
  most_recent = true
  filter {
    name   = "name"
    values = ["SOMEUNCHANGINGNAME - *"] 
  }
  filter {
    name   = "is-public"
    values = ["false"]
  }

  owners = ["111111111111"] 
}

The template itself needs to update its default to latest, e.g.

resource "aws_launch_template" "theASGLaunchTemplate" {
  name                   = "somename"
  update_default_version = true

To my surprise, when a new AMI came available the ASG regenerated its existing instances.

How can we suppress automatic regeneration of ASG instances, so that a manual operation is required to regenerate the existing ASG instances. Obviously new instances in the ASG would get the new AMI, and that’s fine … but we don’t want to lose the old instances because of potential lost uptime and complex boot time configuration.

One possible solution I’d like to validate with someone who knows, is a lifecycle block in the ASG directing the ASG to ignore template changes:

resource "aws_autoscaling_group" "SomeSensitiveASG" {
  ...
  launch_template {
    id      = aws_launch_template.theASGLaunchTemplate.id
    version = aws_launch_template.theASGLaunchTemplate.latest_version
  }
  lifecycle {
    ignore_changes = [launch_template]
  }

Terraform plan shows changes only to the template, not ASG, which is encouraging.

I’m looking for some experience-based advance confirmation that this approach is likely to avoid triggering an ASG refresh, as the resources involved are sensitive and difficult to reconstruct if the approach is flawed. Does this approach look correct, or is there a better way to accomplish the goal of:

  • Always launching new instances with the latest AMI
  • Never destroying old instances in ASG when a launch template version or AMI changes