S3 bucket lifecycle configuration gets alternately removed or added with no config changes
We are having an issue where if we run `terragrunt apply` on our module then either a `lifecycle_rule` on the s3 bucket will get removed or the `aws_s3_bucket_lifecycle_configuration` resource will get added. This happens when we have no changes to our configuration at all. We have the following configuration for an S3 bucket: ``` resource "aws_s3_bucket" "main" { bucket = var.bucket_name } resource "aws_s3_bucket_acl" "main_acl" { bucket = aws_s3_bucket.main.id acl = "private" } resource "aws_s3_bucket_lifecycle_configuration" "main_lifecycle_config" { bucket = aws_s3_bucket.main.id rule { id = "expiration" abort_incomplete_multipart_upload { days_after_initiation = 1 } expiration { days = 30 } status = "Enabled" } } ``` If the `aws_s3_bucket_lifecycle_configuration` resource is in the terraform state then we get this result from running `terrform apply`: ``` Terraform will perform the following actions: # aws_s3_bucket.main will be updated in-place ~ resource "aws_s3_bucket" "main" { id = "branchcms-dev-lambda-sources" tags = {} # (11 unchanged attributes hidden) - lifecycle_rule { - abort_incomplete_multipart_upload_days = 1 -> null - enabled = true -> null - id = "expiration" -> null - tags = {} -> null - expiration { - days = 30 -> null - expired_object_delete_marker = false -> null } } # (1 unchanged block hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ``` If we say "yes" to that change then if we run `terraform apply` again with no changes to our Terraform code then we get the following response: ``` Note: Objects have changed outside of Terraform Terraform detected the following changes made outside of Terraform since the last "terraform apply": # aws_s3_bucket_lifecycle_configuration.main_lifecycle_config has been deleted - resource "aws_s3_bucket_lifecycle_configuration" "main_lifecycle_config" { - bucket = "branchcms-dev-lambda-sources" -> null - id = "branchcms-dev-lambda-sources" -> null - rule { - id = "expiration" -> null - status = "Enabled" -> null - abort_incomplete_multipart_upload { - days_after_initiation = 1 -> null } - expiration { - days = 30 -> null - expired_object_delete_marker = false -> null } - filter { } } } Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes. ───────────────────────────────────────────────────────────────────────────── Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_s3_bucket_lifecycle_configuration.main_lifecycle_config will be created + resource "aws_s3_bucket_lifecycle_configuration" "main_lifecycle_config" { + bucket = "branchcms-dev-lambda-sources" + id = (known after apply) + rule { + id = "expiration" + status = "Enabled" + abort_incomplete_multipart_upload { + days_after_initiation = 1 } + expiration { + days = 30 + expired_object_delete_marker = (known after apply) } } } Plan: 1 to add, 0 to change, 0 to destroy. ``` It seems to go in a cycle of destroying and adding the lifecycle configuration. Do you see anything wrong with our Terraform code? We are on Terraform 1.1.9 and Terragrunt 0.38.5. We are also using `registry.terraform.io/hashicorp/aws`: ``` version = "3.75.2" constraints = "~> 3.7" ``` --- <ins datetime="2022-07-15T16:48:11Z"> <p><a href="https://support.gruntwork.io/hc/requests/108993">Tracked in ticket #108993</a></p> </ins>
This is a known issue with the new configuration blocks in the `aws` provider. To handle this, you need to add an `ignore_changes` lifecycle config on `aws_s3_bucket`, as [recommended here](https://github.com/hashicorp/terraform-provider-aws/issues/23758) by the terraform provider team. E.g., ```hcl resource "aws_s3_bucket" "main" { bucket = var.bucket_name lifecycle { ignore_changes = [lifecycle_rule] } } ```