DEV Community

Atsushi Suzuki
Atsushi Suzuki

Posted on

How to Temporarily Remove and Reintegrate Cloud Resources from Terraform Management

#webdev #terraform #aws #devops

Recently, I've set up ECS on Fargate and ELB (ALB). Generally, resources are managed through Terraform code. However, ECS task definitions and services require updates with each deployment (due to their short lifecycle), so I manage these using the open-source tool ecspresso.

Encountering a Challenge with ELB Configuration

I initially thought that once an ELB is built, it rarely needs updates. But after introducing Blue/Green deployments, I discovered that the target groups in the listener rules change with each deployment. This leads to discrepancies between the Terraform configuration files and the actual resources, causing issues when creating or updating other resources.

To address this issue, I first considered dynamically loading target groups. However, I felt that this approach would complicate the Terraform configuration. Instead, I opted to temporarily remove the frequently updated resources from Terraform's management and reintegrate them as needed.

Procedure to Remove Resources from Terraform Management

Consider the following listener rule managed in modules/elb/main.tf:

resource "aws_lb_listener_rule" "blue" {
  listener_arn = aws_lb_listener.https_443.arn
  priority     = 100

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.target_blue.arn
  }

  condition {
    host_header {
      values = ["dev.example.jp"]
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Execute the following command in the directory where you perform terraform apply to remove this listener rule from Terraform's state file:

$ terraform state rm module.elb.aws_lb_listener_rule.blue
Enter fullscreen mode Exit fullscreen mode

Finally, either comment out or delete the listener rule so that it does not affect the next terraform apply.

Procedure to Reintegrate Resources into Terraform Management

Verify the listener's ARN from the console and identify the listener rule's ARN using AWS CLI:

$ aws elbv2 describe-rules --listener-arn [listener's ARN]
Enter fullscreen mode Exit fullscreen mode

The output will be as follows; copy the RuleArn:

{
    "Rules": [
        {
            "RuleArn": "arn:aws:elasticloadbalancing:ap-northeast-1:********:listener-rule/app/example-alb/********/********/********",
            "Priority": "100",
            "Conditions": [
                {
                    "Field": "host-header",
                    "Values": [
                        "dev.example.jp"
                    ],
                    "HostHeaderConfig": {
                        "Values": [
                            "dev.example.jp"
                        ]
                    }
                }
            ],
Enter fullscreen mode Exit fullscreen mode

You can reintegrate the resource into Terraform management with the following command:

$ terraform import module.elb.aws_lb_listener_rule.blue [listener rule's ARN]
Enter fullscreen mode Exit fullscreen mode

Conclusion

I am curious to know how others manage resources that frequently need updates like in this case.

Top comments (0)

Read next

manchicken profile image

Secrets in Lambda Env Vars

Mike Stemle -

laeline profile image

Github ARC Runners sur EKS - Assume roles

Thibault CORDIER ☁ -

kajal393 profile image

Free Project Management Software

Kajal Shrama -

rinaxsumomo profile image

Importing existing AWS IAM resources to Terraform

rinaxsumomo -