Imported aws_launch_configuration does not include security groups and userdata.

[chroju]

Terraform Version

$ terraform -v
Terraform v0.11.1
+ provider.aws v1.5.0

Affected Resource(s)

• aws_launch_configuration

Terraform Configuration Files

I have made .tf file about already existing launch configuration like this.

resource "aws_launch_configuration" "test-lc" {
  name                 = "test-lc"
  image_id             = "ami-11111111"
  instance_type        = "t2.micro"
  iam_instance_profile = "test-role"
  key_name             = "test-key"
  security_groups      = ["sg-22222222", "sg-33333333", "sg-44444444"]
  user_data            = "${file("userdata.txt")}"
  enable_monitoring    = false
  ebs_optimized        = false

  root_block_device {
    volume_type           = "gp2"
    volume_size           = 10
    delete_on_termination = true
  }
}

Debug Output

None.

Panic Output

None.

Expected Behavior

tfstate that created by terraform import command should include all appropriate attributes, and the result of terraform plan display nothing to do.

Actual Behavior

There is no attributes about security groups and userdata in tfstate, so the result of terraform plan with the above configuration file is wrong like this.

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

-/+ aws_launch_configuration.test-lc (new resource required)
      id:                                        "test-lc" => <computed> (forces new resource)
      associate_public_ip_address:               "false" => "false"
      ebs_block_device.#:                        "0" => <computed>
      ebs_optimized:                             "false" => "false"
      enable_monitoring:                         "false" => "false"
      iam_instance_profile:                      "test-role" => "test-role"
      image_id:                                  "ami-11111111" => "ami-11111111"
      instance_type:                             "t2.micro" => "t2.micro"
      key_name:                                  "test-key" => "test-key"
      name:                                      "test-lc" => "test-lc"
      root_block_device.#:                       "1" => "1"
      root_block_device.0.delete_on_termination: "true" => "true"
      root_block_device.0.iops:                  "0" => <computed>
      root_block_device.0.volume_size:           "10" => "10"
      root_block_device.0.volume_type:           "gp2" => "gp2"
      security_groups.#:                         "" => "3" (forces new resource)
      security_groups.2557434654:                "" => "sg-22222222" (forces new resource)
      security_groups.479672489:                 "" => "sg-33333333" (forces new resource)
      security_groups.874880341:                 "" => "sg-44444444" (forces new resource)
      user_data:                                 "" => "dcb1aa9c2bea873ff85611667ca01ea35a513952" (forces new resource)

Steps to Reproduce

1. make a .tf file about the existing launch configuration.
2. run terraform import about that configuration.
3. run terraform plan .

Important Factoids

None.

References

None.

[apparentlymart]

Hi @chroju!

This does indeed seem to be a bug in the importer for this resource. In fact, I think there are two separate bugs here:

• I don't see any handling of user_data in the resource's Read function at all, which explains the behavior you saw here. I expect it was omitted because this function was originally implemented before the importer was added, and so user_data would always be already present in state at that point, but now that import is supported it needs to be handled here too.
• There is some handling of security_groups in the implementation, so this is a bit more of a mystery, but I think this may be caused by the AWS SDK returning a []*string while the attribute setter is expecting a []string, causing the new value to be rejected silently.

[leszekeljasz]

Just upgraded to the most recent version, still experiencing the same issue.

$ terraform version
Terraform v0.11.2
+ provider.aws v1.6.0
+ provider.template v1.0.0

Just built aws provider from @loivis' branch and it worked well.

[franklin-stripe]

@apparentlymart Any chance someone could take a look at the linked PR? We're running into this issue and would love to get the fix merged in. Thanks!

[bflad]

The fix for properly reading security_groups, user_data, and vpc_classic_link_security_groups attributes has been merged into master and will release with v1.14.1 of the AWS provider, likely on Wednesday.

[bflad]

This has been released in version 1.14.1 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!