Tag issue on aws_autoscaling_group resource

Avatar
Mallika Tadiparthi
  • Updated

 

Example Scenario

  • To tag the Autoscaling group (ASG) resources that are created outside of the terraform let's say like implicit creation of EKS node groups.
  • When you are using resource aws_autoscaling_group as per the below configuration; Run plan and apply.
resource "aws_autoscaling_group" "worker_windows" {
  count = var.enable_windows_workers ? 1 : 0
  name  = "${var.cluster_name}-worker-windows-asg"

  desired_capacity     = var.worker_windows_count
  launch_configuration = aws_launch_configuration.worker_windows.0.id
  max_size             = var.worker_windows_max_count
  min_size             = var.worker_windows_count
  vpc_zone_identifier  = data.aws_subnet_ids.nat.ids
  tag {
    key                 = "Name"
    value               = "${var.cluster_name}-worker-windows"
    propagate_at_launch = true
  }
  tag {
    key                 = "epic/substrate/eks"
    value               = var.cluster_name
    propagate_at_launch = true
  }
  tag {
    key                 = "kubernetes.io/cluster/${var.cluster_name}"
    value               = "owned"
    propagate_at_launch = true
  }
  dynamic "tag" {
    for_each = var.tags
    iterator = it
    content {
      key                 = it.key
      value               = it.value
      propagate_at_launch = true
    }
  }
  depends_on = [aws_eks_cluster.master]
  lifecycle {
    ignore_changes = [max_size, min_size, desired_capacity]
  }
}

Run the plan again; You will see kubernetes.io/cluster/cdae-dev-content update in place, even though this tag is already in place.

 # module.eks-cdae-dev-content.aws_autoscaling_group.worker_windows[0] will be updated in-place
  ~ resource "aws_autoscaling_group" "worker_windows" {
        id                        = "cdae-dev-content-worker-windows-asg"
        name                      = "cdae-dev-content-worker-windows-asg"
        # (24 unchanged attributes hidden)

      + tag {
          + key                 = "kubernetes.io/cluster/cdae-dev-content"
          + propagate_at_launch = true
          + value               = "owned"
        }
        # (2 unchanged blocks hidden)
    }

 

Solution

Remove the tag from aws_autoscaling_group resource and create an aws_autoscaling_group_tag resource instead. Then, import the tag.

resource "aws_autoscaling_group_tag" "cluster_owned" {
  count = var.enable_windows_workers ? 1 : 0
  autoscaling_group_name = aws_autoscaling_group.worker_windows[0].name

  tag {
    key   = "kubernetes.io/cluster/${var.cluster_name}"
    value = "owned"

    propagate_at_launch = true
  }
}
terraform import module.eks-cdae-dev-content.aws_autoscaling_group_tag.cluster_owned[0] cdae-dev-content-worker-windows-asg,kubernetes.io/cluster/cdae-dev-content

 

Use Resource: aws_autoscaling_group_tag to tag the autoscaling groups after they are created.

 

Note: Usingaws_autoscaling_group and aws_autoscaling_group_tagto manage tags of the same ASG will cause a perpetual difference where the aws_autoscaling_group resource will try to remove the tag being added by the aws_autoscaling_group_tag resource.

Articles in this section

See more

Related articles