Incomplete listener rules from data.aws_lb_listener & Data source request - data.aws_lb_listener_rule

[nicholastcs]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Data source data.aws_lb_listener, which it returns only default_action but not of its full listener rules.

Therefore, I'm unable to retrieve the particular listener rule's target group to generate cloudwatch dashboard (i.e. unhealthy host count).

This can be fix directly on data.aws_lb_listener to retrieve its full listener rules or, implementing new data source of data.aws_lb_listener_rule

New or Affected Resource(s)

• data.aws_lb_listener returning incomplete listener rule.

• Potential new implementation of data source data.aws_lb_listener_rule.

Potential Terraform Configuration

Example of possible configuration of data.aws_lb_listener_rule

data "aws_lb_listener" "lb_listener" {
  load_balancer_arn = data.aws_lb.load_balancer.arn
  port              = 443
}

# unimplemented data source
data "aws_lb_listener_rule" "listener_rule" {
  listener_arn = data.aws_lb_listener.lb_listener.arn
  priority     = "1"
}

output "example_output" {
  value = {
    target_group_arn = data.aws_lb_listener_rule.listener_rule.target_group_arn
  }
}

Workaround

• Possible workaround is to implement a shell execution likely from scottwinkler/shell provider or native Terraform built-in local-exec, retrieving target_group_arn from the listener with AWS CLI. However, it proved to be hacky and doesn't bode well for long term maintenance.

• Retrieve output of target_group_arn possibly from remote state's output, terraform-remote-state.

References

Here is possible linked issue.

• #10514

I'll gladly to provide further info if the provider team needed.

[marcuz]

I have the exact same use-case/issue: ALB created via kubernetes_ingress/kubernetes_ingress_v1 resource and need to get the target_group_arn (or name) to be able to use TargetGroup dimension in an aws_cloudwatch_metric_alarm resource.

[marcuz]

@nicholastcs have you found any other way to achieve the following without actually using aws CLI?

$ aws --region [REDACTED] elbv2 describe-rules --listener-arn arn:aws:elasticloadbalancing:[REDACTED]:[REDACTED]:listener/app/[REDACTED]/[REDACTED] --query 'Rules[0].Actions[0].TargetGroupArn'
"arn:aws:elasticloadbalancing:[REDACTED]:[REDACTED]:targetgroup/[REDACTED]"

I am running out of ideas and I might need to go down the local-exec road. 😞

[marcuz]

Assuming you have your AWS region local.aws_region and ALB rules all using the same target group (Rules[0].Actions[0].TargetGroupArn - easily tuned to match what you need), the following does the trick:

data "aws_lb" "alb" {
  # ...
}

data "aws_lb_listener" "alb" {
  # ...
}

data "external" "alb_targetgroup" {
  program = ["sh", "-c", "aws --region ${local.aws_region} elbv2 describe-rules --listener-arn ${data.aws_lb_listener.alb.arn} --query 'Rules[0].Actions[0].TargetGroupArn' | jq -r '. | {target_group_arn: .}'"]
}

locals {
  target_group_arn = data.external.alb_targetgroup.result["target_group_arn"]
  target_group_arn_suffix = element(
    split(":", local.target_group_arn),
    length(split(":", local.target_group_arn)) - 1
  )
}

resource "aws_cloudwatch_metric_alarm" "UnHealthyHostCount" {
  # ...

  dimensions = {
    LoadBalancer = data.aws_lb.alb.arn_suffix
    TargetGroup  = local.target_group_arn_suffix
  }
}

In case someone needs it. 😄

[nicholastcs]

@marcuz, it is all working and fine, but too much workaround for me.

The best case is provider maintainer to implement them.

[marcuz]

@marcuz, it is all working and fine, but too much workaround for me.

The best case is provider maintainer to implement them.

Absolutely, I am looking forward to get rid of this crap! I needed to unblock this work and this is by far the cleanest solution I came up with. 😄

[piersatdoshii]

In my case I need to be able to dynamically insert a new listener rule before an existing one, so being able to lookup that rule is rather important.

[github-actions]

Warning

This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.

Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.

[github-actions]

This functionality has been released in v5.74.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.