Saturday, October 29, 2022

[SOLVED] Attaching "Application Load Balancer" to "Auto Scaling Group" in Terraform gives error

Issue

When one creates an ASG (Auto Scaling Group) in AWS Console there is option which can be checked "receive traffic from one or more load balancers"?

I was trying to do same using the "aws_autoscaling_attachment" resource, however I'm getting error below. I can see that the "MyALBWP" is present in the console.

ERROR: Failure attaching AutoScaling Group MyWPReaderNodesASGroup with Elastic Load Balancer: arn:aws:elasticloadbalancing:eu-west-2:262702952852:loadbalancer/app/MyALBWP/ef1dd71d87b8742b: ValidationError: Provided Load Balancers may not be valid. Please ensure they exist and try again.

resource "aws_launch_configuration" "MyWPLC" {
  name          = "MyWPLCReaderNodes"
  #count                = 2     Was giving error as min, max size is mentioned in ASG
  #name_prefix          = "LC-"  Error: "name_prefix": conflicts with name
  image_id      =  aws_ami_from_instance.MyWPReaderNodes.id
  instance_type = "t2.micro"
  iam_instance_profile = aws_iam_instance_profile.MyWebInstanceProfile2.name # Attach S3 role to EC2 Instance
  security_groups    = [aws_security_group.WebDMZ.id]  # Attach WebDMZ SG
  user_data          = file("./AutoScaleLaunch.sh")
  lifecycle {
    #prevent_destroy       = "${var.prevent_destroy}"
    create_before_destroy = true
  }
  #   tags = {     NOT VALID GIVES ERROR
  #   Name = "MyWPLC"
  # }

}

# # Create AutoScaling Group for Reader Nodes
# Name: MyWPReaderNodesASGroup
# Launch Configuration : MyWPLC
# Group Size : 2
# Network : Select your VPC
# Subnets : Select your public Subnets
# Receive traffic from Load Balancer   <<< Tried in "aws_autoscaling_attachment" gives 
# Target Group : MyWPInstances
# Health Check : ELB or EC2, Select ELB
# Health check grace period : 60 seconds
# tags name MyWPReaderNodesGroup

resource "aws_autoscaling_group" "MyWPReaderNodesASGroup" {
  name                      = "MyWPReaderNodesASGroup"
  # We want this to explicitly depend on the launch config above
  depends_on = [aws_launch_configuration.MyWPLC]
  max_size                  = 2
  min_size                  = 2
  health_check_grace_period = 60
  health_check_type         = "ELB"
  desired_capacity          = 2
  force_delete              = true
  launch_configuration      = aws_launch_configuration.MyWPLC.id
  vpc_zone_identifier       = [aws_subnet.PublicSubNet1.id, aws_subnet.PublicSubNet2.id]
  target_group_arns = [aws_lb_target_group.MyWPInstancesTG.arn] #  A list of aws_alb_target_group ARNs, for use with Application or Network Load Balancing.
  #target_group_arns = [aws_lb.MyALBWP.id] #  A list of aws_alb_target_group ARNs, for use with Application or Network Load Balancing.
  #error: ValidationError: Provided Target Groups may not be valid. Please ensure they exist and try again.
  # tags = {        NOT REQUIRED GIVES ERROR  : Error : Inappropriate value for attribute "tags": set of map of string required.
  #   Name = "MyWPReaderNodesGroup"
  # }
}

# Create a new load balancer attachment
# ERROR: Failure attaching AutoScaling Group MyWPReaderNodesASGroup with Elastic Load Balancer: arn:aws:elasticloadbalancing:eu-west-2:262702952852:loadbalancer/app/MyALBWP/ef1dd71d87b8742b: 
# ValidationError: Provided Load Balancers may not be valid. Please ensure they exist and try again.

resource "aws_autoscaling_attachment" "asg_attachment_elb" {
  autoscaling_group_name = aws_autoscaling_group.MyWPReaderNodesASGroup.id
  elb                    = aws_lb.MyALBWP.id
}

Solution

NOTE on AutoScaling Groups and ASG Attachments: Terraform currently provides both a standalone ASG Attachment resource (describing an ASG attached to an ELB), and an AutoScaling Group resource with load_balancers defined in-line. At this time you cannot use an ASG with in-line load balancers in conjunction with an ASG Attachment resource. Doing so will cause a conflict and will overwrite attachments.

From Resource: aws_autoscaling_attachment docs.

You have two options:

  1. Delete the aws_autoscaling_attachment resource
  2. Remove the target_group_arns argument from the aws_autoscaling_group resource, remove use the elb argument from the aws_autoscaling_attachment resource, and add alb_target_group_arn to the aws_autoscaling_attachment resource

Option 1 looks like this:

resource "aws_autoscaling_group" "MyWPReaderNodesASGroup" {
  name                      = "MyWPReaderNodesASGroup"
  # We want this to explicitly depend on the launch config above
  depends_on = [aws_launch_configuration.MyWPLC]
  max_size                  = 2
  min_size                  = 2
  health_check_grace_period = 60
  health_check_type         = "ELB"
  desired_capacity          = 2
  force_delete              = true
  launch_configuration      = aws_launch_configuration.MyWPLC.id
  vpc_zone_identifier       = [aws_subnet.PublicSubNet1.id, aws_subnet.PublicSubNet2.id]
  target_group_arns = [aws_lb_target_group.MyWPInstancesTG.arn] #  A list of aws_alb_target_group ARNs, for use with Application or Network Load Balancing.
}

Option 2 looks like this:

resource "aws_autoscaling_group" "MyWPReaderNodesASGroup" {
  name                      = "MyWPReaderNodesASGroup"
  # We want this to explicitly depend on the launch config above
  depends_on = [aws_launch_configuration.MyWPLC]
  max_size                  = 2
  min_size                  = 2
  health_check_grace_period = 60
  health_check_type         = "ELB"
  desired_capacity          = 2
  force_delete              = true
  launch_configuration      = aws_launch_configuration.MyWPLC.id
  vpc_zone_identifier       = [aws_subnet.PublicSubNet1.id, aws_subnet.PublicSubNet2.id]
}

resource "aws_autoscaling_attachment" "asg_attachment_elb" {
  autoscaling_group_name = aws_autoscaling_group.MyWPReaderNodesASGroup.id
  alb_target_group_arn = aws_lb_target_group.MyWPInstancesTG.arn
}


Answered By - Alain O'Dea
Answer Checked By - Mary Flores (WPSolving Volunteer)
at