Support healthcheck.timeout of aws_lb_target_group when protocol is TCP

[posquit0]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Affected Resource(s)

• aws_lb_target_group

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Debug Output

Panic Output

Expected Behavior

I can confirm that AWS support healthcheck.timeout for target group of gateway loadbalancer.

Actual Behavior

I created aws_lb_target_group for gateway load balancer.

resource "aws_lb_target_group" "this" {
  name = var.name

  vpc_id = var.vpc_id

  target_type = "ip"
  protocol    = "GENEVE"
  port        = local.port

  ## Attributes
  deregistration_delay = var.deregistration_delay

  health_check {
    enabled = true

    port     = try(var.health_check.port, local.port)
    protocol = try(var.health_check.protocol, "TCP")

    healthy_threshold   = try(var.health_check.healthy_threshold, 3)
    unhealthy_threshold = try(var.health_check.unhealthy_threshold, 3)
    interval            = try(var.health_check.interval, 30)
    timeout             = try(var.health_check.timeout, 10)
  }
}

It occurs following an error.

│ Error: : health_check.timeout is not supported for target_groups with TCP protocol
│
│   with module.gwlb_ip.aws_lb_target_group.this,
│   on ../../../../../xxxxxxxx/modules/gwlb-ip-target-group/main.tf line 50, in resource "aws_lb_target_group" "this":
│   50: resource "aws_lb_target_group" "this" {

[posquit0]

One more case:

• healthy_threshold and unhealthy_threshold do not need to be the same. However, it occurs following error.

│ Error: arn:aws:elasticloadbalancing:ap-yyyyyy:xxxxxxxx:targetgroup/claud-tg-gwlb-ip/0068703ecc02db75f7: health_check.healthy_threshold 4 and health_check.unhealthy_threshold 5 must be the same for target_groups with TCP protocol
│
│   with module.gwlb_ip.aws_lb_target_group.this,
│   on ../../../../../txxxxxxxx/modules/gwlb-ip-target-group/main.tf line 50, in resource "aws_lb_target_group" "this":
│   50: resource "aws_lb_target_group" "this" {
│

[posquit0]

healthcheck.interval doesn't apply to the actual target group. The output from terraform is different from the AWS web console.

    {
      "enabled" = true
      "healthy_threshold" = 4
      "interval" = 20
      "matcher" = ""
      "path" = ""
      "port" = "81"
      "protocol" = "TCP"
      "timeout" = 5
      "unhealthy_threshold" = 4
    },

[nikhilo]

I noticed that if the target group already exists, then terraform plan gives such error. If you delete the target group, (and also delete any listener that is using the target group) and try to create it using the timeout parameter it should be able to create it.
This is merely a workaround. There's definitely something to fix in the code.

[julieerle]

REPRO

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "4.45.0"
    }
  }
}

provider "aws" {
  region = var.region
}

resource "aws_lb_target_group" "test" {
  name        = "test"
  port        = var.port
  target_type = "ip" 
  vpc_id      = var.vpc_id

  health_check {
    port                = var.port
    protocol            = "TCP"
    interval            = 30
    healthy_threshold   = 5
    unhealthy_threshold = 2
    timeout             = 10
  }
}

Executing terraform apply gives error:

 Error: : health_check.timeout is not supported for target_groups with TCP protocol
│ 
│   with aws_lb_target_group.test,
│   on main.tf line 14, in resource "aws_lb_target_group" "test":
│   14: resource "aws_lb_target_group" "test" {

[johnsonaj]

Issue resolved as part of #28018. Released in provider version v4.46.0

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.