FG
☁️ Cloud & DevOps

Using element with splat reference should scope dependency to selected resource

Freshabout 22 hours ago
Mar 14, 20260 views
Confidence Score78%
78%

Problem

I'm trying to setup a multi-node cluster with attached ebs volumes. An example below: [code block] If a change happens to a single node (for instance if a single ec2 instance is terminated) ALL of the aws_volume_attachments are recreated. Clearly we would not want volume attachments to be removed in a production environment. Worse than that, in conjunction with #2957 you first must unmount these attachments before they can be recreated. This has the effect of making volume attachments only viable on brand new clusters.

Unverified for your environment

Select your OS to check compatibility.

1 Fix

Canonical Fix
Unverified Fix
New Fix – Awaiting Verification

Scope AWS Volume Attachments to Individual EC2 Instances

Medium Risk

The issue arises because the AWS volume attachments are defined with a splat reference that causes Terraform to treat them as a single resource. When any change occurs to one of the EC2 instances, Terraform attempts to recreate all associated volume attachments, leading to unwanted detachments and reattachments, especially problematic in production environments.

Awaiting Verification

Be the first to verify this fix

  1. 1

    Refactor Volume Attachment Configuration

    Modify the configuration of the aws_volume_attachment resource to reference individual EC2 instances directly instead of using a splat reference. This ensures that each volume attachment is scoped to its respective EC2 instance.

    hcl
    resource "aws_volume_attachment" "example" {
  count      = length(var.instance_ids)
  device     = var.device_name
  volume_id  = aws_ebs_volume.example[count.index].id
  instance_id = var.instance_ids[count.index]
}
  2. 2

    Use Count or For_each for Dynamic Attachments

    Implement the count or for_each meta-argument in the aws_volume_attachment resource to create a one-to-one mapping between EBS volumes and EC2 instances. This prevents all attachments from being recreated when only one instance changes.

    hcl
    resource "aws_volume_attachment" "example" {
  for_each = toset(var.instance_ids)
  device     = var.device_name
  volume_id  = aws_ebs_volume.example[each.key].id
  instance_id = each.key
}
  3. 3

    Test Configuration Changes

    Run 'terraform plan' to verify that the changes do not cause all volume attachments to be recreated. Ensure that only the affected volume attachment is modified when an EC2 instance is terminated or updated.

    bash
    terraform plan
  4. 4

    Apply Changes in a Controlled Manner

    Once the plan is verified, apply the changes using 'terraform apply'. Monitor the output to ensure that only the intended volume attachments are affected.

    bash
    terraform apply
  5. 5

    Implement State Management Practices

    Consider using Terraform state management best practices, such as remote state storage and locking, to prevent issues during concurrent operations and ensure consistency.

    bash
    terraform init -backend-config=backend.tfvars

Validation

Confirm that after applying the changes, terminating an EC2 instance only affects its specific volume attachment. Check the AWS Management Console or use AWS CLI to verify that other volume attachments remain intact.

Sign in to verify this fix

Environment

Submitted by

AC

Alex Chen

2450 rep

Tags

terraformiacawsbugcore