Explicitly setting http_tcp_listener.action_type to "forward" fails

[Jarodiv]

Description

A change introduced with #269 currently prevents the user from explicitly setting a http_tcp_listeners attribute action_type to "forward". Most of the time this isn't an issue but if you need to set the value of action_type explicitly, there is no working way to do so.

• ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 8.4.0
• Terraform version:

  Terraform v1.4.0
  on darwin_arm64
  

• Provider version(s):

  provider registry.terraform.io/hashicorp/aws v4.53.0
  

Reproduction Code [Required]

In the following example a flag local.lb_listen_to_http decides if the ALB should forward or redirect HTTP traffic.

module "alb" {
  source  = "terraform-aws-modules/alb/aws"
  version = "~> 8.0"

  name = "my-alb"

  load_balancer_type = "application"
  vpc_id             = module.vpc.vpc_id
  subnets            = module.vpc.public_subnets

  http_tcp_listeners = [
    {
      action_type = local.lb_listen_to_http ? "forward" : "redirect"
      port        = 80
      protocol    = "HTTP"

      redirect = local.lb_listen_to_http ? {} : {
        port        = "443"
        protocol    = "HTTPS"
        status_code = "HTTP_301"
      }
    }
  ]

  https_listeners = local.lb_listen_to_https ? [
    {
      certificate_arn = var.lb_ssl_certificate_arn
      port            = 443
      protocol        = "HTTPS"
    }
  ] : []
}

Steps to reproduce the behavior:

• Set local.lb_listen_to_http to true and apply the code.

Expected behavior

The code runs and HTTP Listener is being created.

Actual behavior

Applying the above code with , will result in the error

| Error: creating ELBv2 Listener [...] ValidationError: A target group ARN must be specified
| [...]
| 618: resource "aws_lb_listener" "frontend_http_tcp" {

Additional context

The error is caused by L632 in the ALB module:

resource "aws_lb_listener" "frontend_https" {
  [...]
  dynamic "default_action" {
    [...]
    content {
     target_group_arn = contains([null, ""], lookup(default_action.value, "action_type", "")) ? aws_lb_target_group.main[lookup(default_action.value, "target_group_index", count.index)].id : null

• If action_type is not set or set to something other than "forward", everything is working fine
• If action_type is set to "forward", the statement tries to assign null as target_group_arn, which is invalid
• If action_type is set to null the code fails with Invalid value for "value" parameter: argument must not be null.

The fix would be to add forward to the contains functions first parameter, as it has been already done until #269 was merged.

[Erokos]

Just ran into this and have been cracking my head as to what was wrong with my configuration.... Thnx for this, by commenting out the explicit action I was able to successfully create my listeners.

[github-actions]

This issue has been automatically marked as stale because it has been open 30 days
with no activity. Remove stale label or comment or this issue will be closed in 10 days

[Jarodiv]

Keep alive post

[igoratencompass]

As per the documentation:

[forward](https://registry.terraform.io/providers/hashicorp/aws/4.59.0/docs/resources/lb_listener#forward) - (Optional) Configuration block for creating an action that distributes requests among one or more target groups. Specify only if type is forward. If you specify both forward block and target_group_arn attribute, you can specify only one target group using forward and it must be the same target group specified in target_group_arn. Detailed below.

meaning when the action_type = forward AND you have a forward block as per the feature here https://github.com/terraform-aws-modules/terraform-aws-alb/pull/269/files#diff-72a83cfb8beb4cff79a6274a80ed67b89ab9082a3209c649095451da06eb4a53R79 you can not have the target_group_arn attribute set in the same time. Hence, as I understand it, you need to specify the action_type = forward only if you are including the forward block too in your listener. Seems properly fixing it to support both cases would mean some more complicated checks that make sure that when action_type = forward is specified the forward section does not exist OR if it exists it has only one target_group referenced AND that target_group is the same one as in the target_group_arn attribute.

[antonbabenko]

Fixed in #281

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.