access_logs settings are not included when when importing aws_lb

[leszekeljasz]

Terraform Version

Terraform v0.11.2
+ provider.aws v1.6.0

Affected Resource(s)

• aws_lb

Terraform Configuration Files

provider "aws" {
    region = "eu-central-1"
    shared_credentials_file = "~/.aws/config"
    profile = "default"
}

data "aws_availability_zones" "available" {}
data "aws_elb_service_account" "main" {}

resource "aws_s3_bucket" "logs" {
    bucket_prefix	= "mybucketforlogs-"
    force_destroy   = true
}

resource "aws_s3_bucket_policy" "allow_lb_logs" {
  bucket = "${aws_s3_bucket.logs.id}"
  policy =<<-EOF
    {
        "Version": "2012-10-17",
        "Id": "Policy1429136655940",
        "Statement": [
            {
                "Sid": "Stmt1429136633762",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "${data.aws_elb_service_account.main.arn}"
                },
                "Action": "s3:PutObject",
                "Resource": "arn:aws:s3:::${aws_s3_bucket.logs.id}/logs/*"
            }
        ]
    }
    EOF
}

resource "aws_vpc" "myvpc" {
  cidr_block = "10.0.0.0/16"
}

resource "aws_internet_gateway" "igw" {
    vpc_id = "${aws_vpc.myvpc.id}"
}

resource "aws_route_table" "rt" {
    vpc_id = "${aws_vpc.myvpc.id}"
}

resource "aws_route" "DefaultRoute" {
    destination_cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.igw.id}"
    route_table_id = "${aws_route_table.rt.id}"
}

resource "aws_subnet" "sub_a" {
    vpc_id	= "${aws_vpc.myvpc.id}"
    cidr_block	= "10.0.0.0/24"
    availability_zone = "${data.aws_availability_zones.available.names[0]}"
}

resource "aws_subnet" "sub_b" {
    vpc_id      = "${aws_vpc.myvpc.id}"
    cidr_block  = "10.0.1.0/24"
    availability_zone = "${data.aws_availability_zones.available.names[1]}"
}

resource "aws_route_table_association" "sub_a_rt" {
    subnet_id = "${aws_subnet.sub_a.id}"
    route_table_id = "${aws_route_table.rt.id}"
}

resource "aws_route_table_association" "sub_b_rt" {
    subnet_id = "${aws_subnet.sub_b.id}"
    route_table_id = "${aws_route_table.rt.id}"
}

resource "aws_lb" "alb" {
    # not using name_prefix here because it's problematic when importing
    name         = "alb-test-access-logs"
    subnets		= [
        "${aws_subnet.sub_a.id}",
        "${aws_subnet.sub_b.id}"
    ]
    access_logs {
        enabled         = true
        bucket          = "${aws_s3_bucket.logs.id}"
        prefix          = "logs"
    }
    depends_on = ["aws_s3_bucket_policy.allow_lb_logs"]
}

Debug Output

None.

Panic Output

None.

Expected Behavior

When importing ALB, Terraform should also import settings for access logs.

Actual Behavior

Settings for access logs are not imported.

Steps to Reproduce

Create the resources from .tf file above, then delete ALB from terraform state and import, access logs settings will be gone:

1. terraform apply
2. terraform state show aws_lb.alb # confirm access logs settings are present, save ALB's id
3. terraform state rm aws_lb.alb
4. terraform import aws_lb.alb ALB_ARN
5. terraform state show aws_lb.alb # access logs settings are not present
6. terraform plan # asks to add access logs settings

Important Factoids

None.

References

None.

[bflad]

Redirected #2434 and #3222 here.

[bflad]

Bugfix PR submitted: #4517

[bflad]

The fix for this has been merged and will release with v1.19.0 of the AWS provider, likely middle of next week.

[bflad]

This has been released in version 1.19.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[leszekeljasz]

Fantastic!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!