I have ALB created using k8’s helm charts.Now I want to enable access logs on top of it using terraform. I am trying to use data source but it seems not working and I am getting error while I plan it.
data "aws_lb" "ecs_public_alb" {
name = "my-load-balancer-name"
}
resource "aws_lb" "example" {
arn = data.aws_lb.existing_lb.arn
load_balancer_type = "application"
access_logs {
bucket = "example-bucket"
prefix = "lb-access-logs"
enabled = true
}
tags = {
Terraform = "true"
Environment = "dev"
}
}
The error I am getting is
Can't configure a value for "arn": its value will be decided automatically based on the result of applying this configuration.
Not sure what is going wrong here
2
Answers
You have to import your alb into TF first, before you can modify it using TF. What you are doing now with
resource "aws_lb" "example"is trying to create new alb, rather then using the existing one.The proximal cause of your error is that
arnis a read-only attribute and you cannot write to it. Thearnwill be set by AWS once the resource has been created.The real issue is that you need to decide what will manage the load balancer, Helm or Terraform. You can’t have it both ways, creating the load balancer with Helm and then modifying it with Terraform. If you ever try to update or reconcile the Helm chart, it will remove the logging configuration.
Here’s what I would do:
If you absolutely cannot recreate the load balancer, then find a way to stop Helm from managing it in the future.
Source: I have tried to have Kubernetes and Terraform share management responsibilities of resources, and it was a miserable failure. It’s much better to have clear boundaries and only one system managing resources.