terraform-provider-aws: ECS Service can't update desired replicas when Blue Green deployment is enabled

Having the same issues while trying to update the desired count of tasks, any updates on this?

Hi all,

what about updates on this issue ?

This is very important for us. We are running terraform-pipelines in production with ecs_service and CODE_DEPLOY deployment controller. Updates on the service with terraform are not possible over this way !

Having the same issue when trying to update the platform version.

I’m having the same issue, trying to add tags to a service.

In the plan only appears the tags being changed.

During the apply I get this error: “InvalidParameterException: Unable to update network parameters on services with a CODE_DEPLOY deployment controller. Use AWS CodeDeploy to trigger a new deployment.”

Including network_configuration as ignore_changes is not helping.

Could the PR made earlier this year, which references this issue, be reviewed? It’s a fairly small change. We believe this to be a good way to address this, having resorted to using our own fork with that PR to address this for now and can confirm this resolves it for us.

For visibility @bflad @gdavison

https://github.com/hashicorp/terraform-plugin-sdk/pull/711

FWIW, the way I was able to control desired_count is by adding an autoscaling group. I’m not using it to autoscale, since I have the min/max set to the same number and the cpu target_value 99. It just acts as a way to modify desired_count which seems to play well with terraform and the CODE_DEPLOY deployment_controller type:

resource "aws_iam_service_linked_role" "ecs_application_autoscaling" {
  aws_service_name = "ecs.application-autoscaling.amazonaws.com"
  description      = "Allows Application Auto Scaling to call ECS and CloudWatch on your behalf."
}

resource "aws_appautoscaling_target" "target" {
  # THIS CONTROLS THE DESIRED_COUNT
  max_capacity       = var.running_max
  min_capacity       = var.running_min
  resource_id        = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.app.name}"
  role_arn           = aws_iam_service_linked_role.ecs_application_autoscaling.arn
  scalable_dimension = "ecs:service:DesiredCount"
  service_namespace  = "ecs"
}

resource "aws_appautoscaling_policy" "cpu_tracking" {
  name               = "${aws_ecs_cluster.cluster.name}_${aws_ecs_service.app.name}_cpu_tracking"
  policy_type        = "TargetTrackingScaling"
  resource_id        = "service/${aws_ecs_cluster.cluster.name}/${aws_ecs_service.app.name}"
  scalable_dimension = aws_appautoscaling_target.target.scalable_dimension
  service_namespace  = aws_appautoscaling_target.target.service_namespace

  target_tracking_scaling_policy_configuration {
    predefined_metric_specification {
      predefined_metric_type = "ECSServiceAverageCPUUtilization"
    }

    target_value       = 99
    scale_in_cooldown  = 300
    scale_out_cooldown = 60
  }
}

I encountered the same problem. Including network_configuration as ignore_changes doesn’t work - network_configuration change doesn’t appear in the diff view, but it is included in the API call request when apply.

Looking into the debug log, I found the order of the subnets in the update request is different from the value of the current state.

networkConfiguration of current state (ecs/DescribeServices)

{"awsvpcConfiguration":{"assignPublicIp":"ENABLED","securityGroups":["sg-09b7377097c0c97fd"],"subnets":["subnet-012c6b3edd7abd4d9","subnet-0f5c632fc7e9db0ab","subnet-041643c250580e1dc"]}}

networkConfiguration of update request (ecs/UpdateService)

{"awsvpcConfiguration":{"assignPublicIp":"ENABLED","securityGroups":["sg-09b7377097c0c97fd"],"subnets":["subnet-041643c250580e1dc","subnet-012c6b3edd7abd4d9","subnet-0f5c632fc7e9db0ab"]}}

The attribute type of subnets is TypeSet, so the two values should be the same.

https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_ecs_service.go#L238

However, it seems d.hasChange(“network_configuration”) returns true somehow since the request includes the networkConfiguration attribute.

https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_ecs_service.go#L1027

I’m not familiar with the codebase so I might look at unrelated place though.

Hi @breathingdust, I’ve written the test case that replicates the issue. When I try to update the desired_count, the function resourceServiceUpdate says I’m also changing the NetworkConfiguration. Like @calimonk says, the solution to this issue is the release of the version v2.9.0 of the terraform-sdk-plugin. So I can open the PR with the test case that replicates the bug and update the go.mod when the terraform-plugin-sdk is released.

Cheers

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the “Allow edits from maintainers” box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

I tried to use CODE_DEPLOY with terraform but got either unable to update task definition or unable to update network configuration. I can’t deploy anything. This is nightmare.

@ewbankkit let me update the branch and add further tests to cover all the fields allowed by the APIs