ignore_tags_changes module argument
Closed this issue · 2 comments
Is your request related to a new offering from AWS?
Is this functionality available in the AWS provider for Terraform? See CHANGELOG.md, too.
- Yes ✅: please list the AWS provider version which introduced this functionality
3.5.0
Is your request related to a problem? Please describe.
My team uses Terraform workspaces to manage different replicas of the same EKS cluster (e.g. prod vs. a copy of prod + a new feature). All clusters live in the same VPC, managed using this (awesome!) module (thank you!).
Adding a new cluster in a new workspace requires adding new subnet tags into the VPC. These are managed using aws_ec2_tag resources.
The use of these aws_ec2_tag resources conflicts with the VPC module, which constantly tries to overwrite those tags. I am able to partially get around this by using the solution recommended in this issue -- use ignore_tags in the aws TF provider.
The problem is the following: if I use ignore_tags in the aws TF provider, I get the problem described there:
If any resource configuration still has a tag matching one of the prefixes configured in the tags argument, it will display a perpetual difference until the tag is removed from the argument or ignore_changes is also used.
This is a problem because our CI/CD process checks for a clean terraform plan. And in general, it's bad practice to have a terraform plan that is practically a no-op but has suggested changes.
Describe the solution you'd like.
Rather than a generic, parameterized lifecycle argument discussed in #408, a single boolean input variable called ignore_tags_changes. Setting this variable to true would add a lifecycle directive to ignore changes to all tags in the VPC. This is a simple but effective solution that ensures ignore_tags on the aws provider can be used and result in a clean plan for this module.
Describe alternatives you've considered.
The easiest alternative involves changing our CI to accept a "dirty" plan. It would probably be easier to implement that, but doing so breaks one of the key invariants you get with terraform -- that the config and cloud are in sync if and only if the plan contains no changes.
Additional Context
Reading through this response makes me realize adding a "conditional lifecycle" block inside the module could be quite tricky since it's not a supported feature for terraform.
This is not something Terraform supports
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.