-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aws_instance requires ModifyInstanceAttribute due to changes in SourceDestCheck #9851
aws_instance requires ModifyInstanceAttribute due to changes in SourceDestCheck #9851
Comments
Hi @sethvargo Sorry for the issue here - I have spent the morning looking into this and I cannot see how the change in 338aab9 has caused the issue. Before the change: Create of the AWS instance would call the Update func and we wouldn't call All the changes in 338aab9 do are to only call the Do you think we should skip the setting of Paul |
Hey @stack72 Thank you for the reply. I briefly looked and tracked down the commit to 338aab9, but it's possible it could have been changed elsewhere. What seems to be happening is that we force the source_dest_check to be set if the resource is new, but that forces a ModifyInstanceAttribute call, even if the value is already correct. I think we shouldn't skip setting it, but we should skip setting it if its the default. |
let me play around with this a bit and get back to you with some findings... |
Hi @sethvargo So I found the following when I removed the
This gave me the following output:
Notice this means we would need 2 terraform applies by default to roll out
So rock || me || hardplace on what we should do here... P. |
Hmm. I'm a bit confused. Why does |
The Create func calls the Update func. So we create an aws_instance with Therefore, we create the instance with the AWS default - which is true. We would need another TF apply to set it to |
Right, but if |
FWIW, this causes sporadic 403s when building new We can workaround this by having some downstream resource which depends on the We might be able to contribute patches to help here, but it would be good for us to understand more about why this call is even necessary, since there's no actual diff when the call fails. |
I'm still encountering this on 0.9.9. The describe response shows sourceDestCheck as true on a new instance, but terraform still tries setting it. This fails in my environment because ModifyInstanceAttribute is disallowed. |
Sorry about the still lingering issue for you @david-resnick! I'll take a look later today and see if I can reproduce. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Hi there,
Terraform Version
0.7.8
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
Terraform should not require
ModifyInstanceAttribute
to change theSourceDestCheck
field when a subnet is given.Actual Behavior
Terraform requires
SourceDestCheck
.Steps to Reproduce
terraform apply
Important Factoids
The root of the issue seems to be this line in the commit, which explicitly forces a sourcedestcheck update if we are a newresource.
References
aws_instance
source_dest_check
triggering an API call on each terraform run #8450The text was updated successfully, but these errors were encountered: