Terraform plan/apply shows changes even though no changes to tf files

waqark3389 · January 13, 2020, 12:05pm

Hi all,

I have this terraform (snippet):

`resource "aws_ecs_cluster" "prometheus-cluster" {
  name = "prometheus-cluster"
}
data "aws_ecs_task_definition" "prometheus-taskdef" {
  task_definition = "${aws_ecs_task_definition.prometheus-task.family}"
  depends_on      = ["aws_ecs_task_definition.prometheus-task"]
}
resource "aws_ecs_task_definition" "prometheus-task" {
  family                   = "prometheus-task"
  cpu                      = 128
  memory                   = 256
  network_mode             = "awsvpc"
  requires_compatibilities = ["EC2"]
  volume {
    name = "persistent-volume"
    docker_volume_configuration {
      scope         = "shared"
      autoprovision = true
      driver        = "rexray/ebs"
      driver_opts = {
        volumetype = "gp2"
      size = 40 }
    }
  }
  placement_constraints {
    type       = "memberOf"
    expression = "attribute:ecs.availability-zone in [eu-west-1a]"
  }
  container_definitions = <<DEFINITION
[{
"mountPoints": 
[{
"sourceVolume": "persistent-volume",
"containerPath": "/prometheus",
"readOnly": false
}],
"image": "prom/prometheus:latest",
"name": "docker-container",
"essential": true,
"networkMode": "awsvpc",
"requiresCompatibilities": ["EC2"],
"portMappings": [{"containerPort": 9090}],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "${aws_ecs_cluster.prometheus-cluster.name}",
"awslogs-region": "eu-west-1",
"awslogs-stream-prefix": "ecs"}
}
}]
DEFINITION
}

resource "aws_ecs_service" "prometheus-ecs-service" {
  name          = "prometheus-ecs-service"
  cluster       = "${aws_ecs_cluster.prometheus-cluster.id}"
  desired_count = 1
  depends_on    = ["aws_alb_target_group.prometheus_tg", "aws_alb_listener.prometheus_lb_listener"]
  #depends_on = ["aws_alb_listener.prometheus_lb_listener"]
  # Track the latest ACTIVE revision
  task_definition = "${aws_ecs_task_definition.prometheus-task.family}:${max("${aws_ecs_task_definition.prometheus-task.revision}", "${data.aws_ecs_task_definition.prometheus-taskdef.revision}")}"

  load_balancer {
    target_group_arn = "${aws_alb_target_group.prometheus_tg.arn}"
    container_name   = "docker-container"
    container_port   = 9090
  }
  network_configuration {
    subnets         = ["${var.sub1}"]
    security_groups = ["${var.sec_group}"]
  }
}`

When I run plan it shows:

  ~ update in-place
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_ecs_task_definition.prometheus-taskdef will be read during apply
  # (config refers to values not yet known)
 <= data "aws_ecs_task_definition" "prometheus-taskdef"  {
  + family          = (known after apply)
  + id              = (known after apply)
  + network_mode    = (known after apply)
  + revision        = (known after apply)
  + status          = (known after apply)
  + task_definition = "prometheus-task"
  + task_role_arn   = (known after apply)
}

  # aws_ecs_service.prometheus-ecs-service will be updated in-place
  ~ resource "aws_ecs_service" "prometheus-ecs-service" {
    cluster                            = "arn:aws:ecs:eu-west-1:xxxxxxxxxx:cluster/prometheus-cluster"
    deployment_maximum_percent         = 200
    deployment_minimum_healthy_percent = 100
    desired_count                      = 1
    enable_ecs_managed_tags            = false
    health_check_grace_period_seconds  = 0
    iam_role                           = "aws-service-role"
    id                                 = "arn:aws:ecs:eu-west-1:xxxxxxxxxx:service/prometheus-ecs-service"
    launch_type                        = "EC2"
    name                               = "prometheus-ecs-service"
    propagate_tags                     = "NONE"
    scheduling_strategy                = "REPLICA"
    tags                               = {}
  ~ task_definition                    = "prometheus-task:6" -> (known after apply)

terraform version:

    Terraform v0.12.13
    provider.aws v2.35.0

If I run apply then the second time it will show the same thing.

waqark3389 · January 27, 2020, 2:45pm

Anyone? Not sure what is wrong with this? The actual TF applies and the service is created

markokole · March 9, 2020, 4:07pm

I believe the revision number is whats causing the problem. You provision without it while the task has a revision number.
Try using the following example in the service definition:

task_definition = "${aws_ecs_task_definition.postgres_task.id}:${aws_ecs_task_definition.postgres_task.revision}"

waqark3389 · July 30, 2020, 10:05am

@markokole Thanks for the reply. I made the change. Now the TF looks like the below:

  resource "aws_ecs_service" "prometheus-ecs-service" {
  name          = "prometheus-ecs-service"
  cluster       = aws_ecs_cluster.prometheus-cluster.id
  desired_count = 1
  depends_on    = [aws_alb_target_group.prometheus_tg, aws_alb_listener.prometheus_lb_listener]
  task_definition = "${aws_ecs_task_definition.prometheus-task.id}:${aws_ecs_task_definition.prometheus-task.revision}"

It still shows the following on apply with no changes to the task definition:

  + ebs_block_device {
      + delete_on_termination = (known after apply)
      + device_name           = (known after apply)
      + encrypted             = (known after apply)
      + iops                  = (known after apply)
      + no_device             = (known after apply)
      + snapshot_id           = (known after apply)
      + volume_size           = (known after apply)
      + volume_type           = (known after apply)
    }

  ~ root_block_device {
        delete_on_termination = true
        encrypted             = true
      ~ iops                  = 0 -> (known after apply)
        volume_size           = 100
        volume_type           = "standard"
    }
}

Is it because of the depends_on?