Unable to modify launch configurations

[maguec]

I am unable to modify the launch group configuration:

The following commands work

terraform apply -var "green_ami=ami-7b412112" -var "blue_ami=ami-7b412112" -var "blue_count=0" -var "green_count=1"
terraform apply -var "green_ami=ami-7b412112" -var "blue_ami=ami-7b42112" -var "blue_count=0" -var "green_count=2"

but when attempting to change the ami assocated with blue_ami I receive the following error:

* Cannot delete launch configuration clm-web_asgconf_blue because it is attached to AutoScalingGroup clm-web_asg_blue
aws_autoscaling_group.clm-web_asg_blue: Modifying...
  desired_capacity: "1" => "0"
  max_size:         "1" => "0"
  min_size:         "1" => "0"
aws_autoscaling_group.clm-web_asg_blue: Modifications complete
Error applying plan:

1 error(s) occurred:

* 1 error(s) occurred:

* 1 error(s) occurred:

* Cannot delete launch configuration clm-web_asgconf_blue because it is attached to AutoScalingGroup clm-web_asg_blue

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resourc
es that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

TF File
======

provider "aws" {
region = "${var.region}"
}

resource "aws_route53_record" "clmweb-dns" {
zone_id = "${var.route53_zone_id}"
name = "${var.environment}-clm-web.${var.route53_domain}"
type = "CNAME"
ttl = "300"
records = ["${aws_elb.clmweb_lb.dns_name}"]
}

resource "aws_elb" "clmweb_lb" {
name = "clm-web-terraform-elb"
internal = true
security_groups = ["${aws_security_group.clm-web_server.id}"]
subnets = ["${var.subnet_ids.0}", "${var.subnet_ids.1}", "${var.subnet_ids.2}"]
listener {
instance_port = 80
instance_protocol = "http"
lb_port = 80
lb_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
target = "HTTP:80/"
interval = 10
}
}

resource "aws_security_group" "clm-web_server" {
name = "clm-web_server"
description = "Used for all clm-web servers"
vpc_id = "${var.vpc_id}"
ingress { #SSH in from the VPC
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "10.0.0.0/8" ]
}
ingress { #SSH in from the VPC
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "10.0.0.0/8" ]
}
}

resource "aws_launch_configuration" "clm-web_asgconf_blue" {
name = "clm-web_asgconf_blue"
image_id = "${var.blue_ami}"
instance_type = "${var.instance_size}"
key_name = "ClearCareVPC"
user_data = "{"run_env":"${var.environment}", "role": "clm-web", "atlas_token": "${var.atlas_token}", "atlas_account": "${var.atlas_account}"}"
}

resource "aws_autoscaling_group" "clm-web_asg_blue" {
availability_zones = ["${var.availability_zones.0}", "${var.availability_zones.1}", "${var.availability_zones.2}"]
name = "clm-web_asg_blue"
max_size = "${var.blue_count}"
min_size = "${var.blue_count}"
health_check_grace_period = 300
load_balancers = ["${aws_elb.clmweb_lb.name}"]
health_check_type = "EC2"
desired_capacity = "${var.blue_count}"
force_delete = true
launch_configuration = "${aws_launch_configuration.clm-web_asgconf_blue.name}"
vpc_zone_identifier = ["${var.subnet_ids.0}", "${var.subnet_ids.1}", "${var.subnet_ids.2}"]
tag {
key = "Name"
value = "clm-web"
propagate_at_launch = true
}
tag {
key = "environment"
value = "${var.environment}"
propagate_at_launch = true
}
tag {
key = "role"
value = "clm-web"
propagate_at_launch = true
}
tag {
key = "color"
value = "blue"
propagate_at_launch = true
}
}

resource "aws_launch_configuration" "clm-web_asgconf_green" {
name = "clm-web_asgconf_green"
image_id = "${var.green_ami}"
instance_type = "${var.instance_size}"
key_name = "ClearCareVPC"
user_data = "{"run_env":"${var.environment}", "role": "clm-web", "atlas_token": "${var.atlas_token}", "atlas_account": "${var.atlas_account}"}"
}

resource "aws_autoscaling_group" "clm-web_asg_green" {
availability_zones = ["${var.availability_zones.0}", "${var.availability_zones.1}", "${var.availability_zones.2}"]
name = "clm-web_asg"
max_size = "${var.green_count}"
min_size = "${var.green_count}"
health_check_grace_period = 300
load_balancers = ["${aws_elb.clmweb_lb.name}"]
health_check_type = "EC2"
desired_capacity = "${var.green_count}"
force_delete = true
launch_configuration = "${aws_launch_configuration.clm-web_asgconf_green.name}"
vpc_zone_identifier = ["${var.subnet_ids.0}", "${var.subnet_ids.1}", "${var.subnet_ids.2}"]
tag {
key = "Name"
value = "clm-web"
propagate_at_launch = true
}
tag {
key = "environment"
value = "${var.environment}"
propagate_at_launch = true
}
tag {
key = "role"
value = "clm-web"
propagate_at_launch = true
}
tag {
key = "color"
value = "green"
propagate_at_launch = true
}
}

Variable file

variable "blue_ami" {
description = "the AMI to use for Blue"
}

variable "blue_count" {
description = "the number of Blue instances to run"
}

variable "green_ami" {
description = "the AMI to use for Blue"
}

variable "green_count" {
description = "the number of Green instances to run"
}

variable "instance_size" {
description = "The instance size to use"
}

variable "environment" {
description = "The environment"
}

variable "availability_zones" {
description = "A mapping of the availability zones for the region"
default = {
"0" = "us-west-2a"
"1" = "us-west-2b"
"2" = "us-west-2c"
}
}

variable "subnet_ids" {
description = "A mapping of the availability zones for the region"
default = {
"0" = "subnet-12345678"
"1" = "subnet-12345679"
"2" = "subnet-12345670"
}
}

variable "route53_zone_id" {
description = "The zone_id of the route53 zone"
default = "8675309"
}

variable "route53_domain" {
description = "The name of the route53 zone"
default = "tommytutone.it"
}

variable "region" {
description = "the region we are gong to run in"
}

variable "vpc_id" {
description = "VPC ID"
}

variable "instance_size" {
description = "EC2 instance size"
default = "t2.micro"
}

variable "atlas_token" {
description = "The atlas token for the consul services"
default = "jennyjennywhocanIturnto"
}

variable "atlas_account" {
description = "The account for the consul services"
default = "tommytutone"
}

[Rigdon]

👍

[mqarty]

👍

[maguec]

adding

  lifecycle = {
    create_before_destroy = true
  }

causes:

* Error creating launch configuration: Launch Configuration by this name already exists - A launch configuration already exists with the name clm_blue

and destroying just those two resources and attempting to recreate causes

* Error creating Security Group: The security group 'clm-web_server' already exists for VPC 'vpc-7dd44714'
* 1 error(s) occurred:

* Resource 'aws_elb.clmweb_lb' not found for variable 'aws_elb.clmweb_lb.name'

[sheats]

👍

[grahamgreen]

👍

[maguec]

This is fixed with a combination of the lifecycle and removal of the names from the launch configurations, so that a generated name is used instead!

[scalp42]

@maguec I'm still running into the same issue.

If I create a launch config without name, apply and then later on, change the instance size, Terraform runs into the same issue.

In this example, once launch config was created, I changed the instance size from m1 to m3:

~ aws_autoscaling_group.default
    launch_configuration: "terraform-sz7sl7q4wfawzadckhlty52uxu" => "${aws_launch_configuration.fortytwo_default.id}"

-/+ aws_launch_configuration.fortytwo_default
    associate_public_ip_address: "false" => "0"
    ebs_block_device.#:          "0" => "<computed>"
    ebs_optimized:               "false" => "<computed>"
    iam_instance_profile:        "RallyStack" => "RallyStack"
    image_id:                    "ami-f66f219e" => "ami-f66f219e"
    instance_type:               "m1.small" => "m3.medium" (forces new resource)
    key_name:                    "particles" => "particles"
    name:                        "terraform-sz7sl7q4wfawzadckhlty52uxu" => "<computed>"
    root_block_device.#:         "0" => "<computed>"
    security_groups.#:           "3" => "3"
    security_groups.191680440:   "sg-ae979bca" => "sg-ae979bca"
    security_groups.2047546322:  "sg-ac979bc8" => "sg-ac979bc8"
    security_groups.3366657482:  "sg-ad979bc9" => "sg-ad979bc9"
    user_data:                   "a2a555351f12fdf49e57c304a2f3072fd967ef76" => "a2a555351f12fdf49e57c304a2f3072fd967ef76"

Running apply:

    aws_launch_configuration.fortytwo_default: Destroying...
    aws_security_group.default: Modifying...
      ingress.#:                           "1" => "2"
      ingress.183811483.cidr_blocks.#:     "0" => "1"
      ingress.183811483.cidr_blocks.0:     "" => "10.69.10.72/32"
      ingress.183811483.from_port:         "" => "0"
      ingress.183811483.protocol:          "" => "-1"
      ingress.183811483.security_groups.#: "0" => "0"
      ingress.183811483.self:              "" => "0"
      ingress.183811483.to_port:           "" => "0"
      ingress.753360330.cidr_blocks.#:     "0" => "0"
      ingress.753360330.from_port:         "" => "0"
      ingress.753360330.protocol:          "" => "-1"
      ingress.753360330.security_groups.#: "0" => "0"
      ingress.753360330.self:              "" => "1"
      ingress.753360330.to_port:           "" => "0"
    aws_launch_configuration.fortytwo_default: Error: 1 error(s) occurred:

    * ResourceInUse: Cannot delete launch configuration terraform-sz7sl7q4wfawzadckhlty52uxu because it is attached to AutoScalingGroup fortytwo-default

[mikeyhill]

I've hit this sane issue when switching ami's. My solution for now is to
just drop the asg and launch config, then recreate
On Jun 1, 2015 7:49 PM, "Anthony Scalisi" [email protected] wrote:

@maguec https://github.com/maguec I'm still running into the same issue.

If I create a launch config without name, apply and then later on, change
the instance size, Terraform runs into the same issue.

In this example, once launch config was created, I changed the instance
size from m1 to m3:

~ aws_autoscaling_group.default
launch_configuration: "terraform-sz7sl7q4wfawzadckhlty52uxu" => "${aws_launch_configuration.fortytwo_default.id}"

-/+ aws_launch_configuration.fortytwo_default
associate_public_ip_address: "false" => "0"
ebs_block_device.#: "0" => ""
ebs_optimized: "false" => ""
iam_instance_profile: "RallyStack" => "RallyStack"
image_id: "ami-f66f219e" => "ami-f66f219e"
instance_type: "m1.small" => "m3.medium" (forces new resource)
key_name: "particles" => "particles"
name: "terraform-sz7sl7q4wfawzadckhlty52uxu" => ""
root_block_device.#: "0" => ""
security_groups.#: "3" => "3"
security_groups.191680440: "sg-ae979bca" => "sg-ae979bca"
security_groups.2047546322: "sg-ac979bc8" => "sg-ac979bc8"
security_groups.3366657482: "sg-ad979bc9" => "sg-ad979bc9"
user_data: "a2a555351f12fdf49e57c304a2f3072fd967ef76" => "a2a555351f12fdf49e57c304a2f3072fd967ef76"

Running apply:

aws_launch_configuration.fortytwo_default: Destroying...
aws_security_group.default: Modifying...
  ingress.#:                           "1" => "2"
  ingress.183811483.cidr_blocks.#:     "0" => "1"
  ingress.183811483.cidr_blocks.0:     "" => "10.69.10.72/32"
  ingress.183811483.from_port:         "" => "0"
  ingress.183811483.protocol:          "" => "-1"
  ingress.183811483.security_groups.#: "0" => "0"
  ingress.183811483.self:              "" => "0"
  ingress.183811483.to_port:           "" => "0"
  ingress.753360330.cidr_blocks.#:     "0" => "0"
  ingress.753360330.from_port:         "" => "0"
  ingress.753360330.protocol:          "" => "-1"
  ingress.753360330.security_groups.#: "0" => "0"
  ingress.753360330.self:              "" => "1"
  ingress.753360330.to_port:           "" => "0"
aws_launch_configuration.fortytwo_default: Error: 1 error(s) occurred:

* ResourceInUse: Cannot delete launch configuration terraform-sz7sl7q4wfawzadckhlty52uxu because it is attached to AutoScalingGroup fortytwo-default

—
Reply to this email directly or view it on GitHub
#1584 (comment)
.

[nickpad]

I'm also hitting this issue when switching the AMI in my aws_launch_configuration settings.

[phinze]

@nickpad @mikeyhill @scalp42

The combination of LCs being immutable and also unable to be dropped while being referenced by an ASG makes this a scenario where the create_before_destroy lifecycle option is pretty much required to get things to happen in the proper order.

Adding:

lifecycle {
  create_before_destroy = true
}

to your launch configs should take care of the issu.

[scalp42]

@phinze are you supposed to comment out all lifecycle { create_before_destroy = true } in your config files when trying to run terraform destroy please (or maybe interpolate through vars but not sure about true versus "true") ?

Otherwise, runs into the cycle issue.

I guess I'm confused about this.

[anhcuong]

I experienced the same issue today while trying to update ami id for my autoscale launch configuration. Not sure the issues have been resolved ?

By adding "lifecycle" into the config, it ruined theterraform destroy.

I am using terraform v0.6.8.

[scalp42]

@anhcuong I have no issues updating the ami id for an ASG, using the new name-prefix in the launch configuration and using create_before_destroy in the launch configuration resource.

[anhcuong]

Currently I am using the name instead of name_prefix and not using create_before_destroy. Because I had issue with create_before_destroy when I triedterraform destroy

[phinze]

FWIW, issues with create_before_destroy and terraform destroy are addressed in v0.6.12 👍

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.