terraform-provider-aws: health_check.matcher not supported for TCP protocol
This issue was originally opened by @SrikanthSoma as hashicorp/terraform#21004. It was migrated here as a result of the provider split. The original body of the issue is below.
Issue:
health_check.matcher is not supported for target_groups with TCP protocol
I’m creating NLB with terraform
#Creating target group for search api
resource "aws_alb_target_group" "search_api_target_group" {
name = "${var.app_name}-${var.environment}"
port = "80"
vpc_id = "${data.aws_vpc.vpc_id.id}"
target_type = "ip"
protocol = "TCP"
stickiness = []
health_check {
port = "traffic-port"
protocol = "TCP"
healthy_threshold = 5
unhealthy_threshold = 5
timeout = "${var.health_check_timeout}"
interval = "${var.health_check_interval}"
}
tags = "${var.search_api_tags}"
}
Terraform don’t have a option to set false for health_check matcher for NLB
terraform plan
- aws_alb_target_group.search_api_target_group: arn:aws:elasticloadbalancing:us-west-2:1234567890:targetgroup/search-api-qa/xxxxxxx: health_check.matcher is not supported for target_groups with TCP protocol
I’m on terraform version Terraform v0.11.13
Please have a option to set matcher to disable for TCP protocol
About this issue
- Original URL
- State: open
- Created 5 years ago
- Reactions: 33
- Comments: 24
can confirm, nuking and recreating with explicit TCP from the start was successful.
Because the target group was in use I couldn’t just comment it out so there were some … acrobatics and a couple of “just run it again” that I could have done cleaner, but that is unrelated.
I think there’s still a bug here, for sure, and I might get bored and look at it later, but at least it seems like it can be worked around, at least in my situation.
@SrikanthSoma, does this sound familiar? you might try what I did in the mean time. If I’m not clear enough, I’d be happy to elaborate on what I did, let me know 😃
ohhhh I think it may be because the protocol type was previously set to HTTP (apparently it defaults to that even on TCP target groups) and that is now getting in the way. I think I’m going to have to nuke the target group and recreate it with TCP from the getgo. NBD. I’ll report back.
The NLB HTTP health check requires a number of fields to be with specific values: health_check { enabled = true healthy_threshold = 3 interval = 30 matcher = “200-399” path = “/healthz” port = “31254” protocol = “HTTP” timeout = 6 unhealthy_threshold = 3 } You must set: unhealthy_threshold = 3 timeout = 6 interval = 30 matcher = “200-399”
I had the same issue and fixed it by deleting the listener then target groups and then plan apply. This is a bug and happens when you have an HTTP health check for a target group and then when you change to TCP you get that error
After checking the AWS provider’s code here. Setting the
matcherand thepathexplicitly to an empty string did the trick for me:I have had the same issue and I could work around it by first creating TG and then the health-checks.
I am seeing this as well. In order for this to work, I had to taint both the listener and the target group. Tainting just the target group throws an error
Error: error deleting Target Group: ResourceInUse: Target group 'xxxxx' is currently in use by a listener or a rule