Explaining AWS Launch Configuration Changes via Terraform
The aim of this page📝 is to explain how to create a launch configuration for an EC2 instance using Terraform based on the particular example of updating an AMI attribute of launch configuration for an ASG due as part of regular maintenance (CVE removals).
3 min readOct 25, 2023
1-to-many: There is 1-to-many cardinality between launch config and autoscaling groups
- ..You can specify 1 launch configuration for many Auto Scaling groups.
- ..However, 1 ASG can have only 1 launch configuration at a time
immutability: Launch configurations are immutable — You can’t modify a launch configuration after you’ve created it.
- To change the launch configuration for an Auto Scaling group, you must create a new launch configuration and then update your Auto Scaling group with it.
- A launch configuration is an instance configuration template that an Auto Scaling group uses to launch EC2 instances.
- In Terraform, you can find the launch configuration resource in the AWS provider.
In terraform, the aws_launch_configuration resource allows you to create and manage an Amazon EC2 Auto Scaling launch configuration.
- You can specify the launch configuration details such as the Amazon Machine Image (AMI), instance type, key pair, security groups, and block device mapping when creating a launch configuration using Terraform.
resource "aws_launch_configuration" "example" {
name = "example"
image_id = "ami-002"
instance_type = "t2.micro"
}
resource "aws_autoscaling_group" "example" {
launch_configuration = aws_launch_configuration.example.id
min_size = 1
max_size = 2
}updating image_id recreates launch configuration resource and updates autoscaling group resource
- We are often updating the AMIs we’re using due to security issues and CVE discovery
- The Auto Scaling Group is being updated in place, meaning it’s being modified without being destroyed and recreated.
- The change in the Auto Scaling Group is in the
launch_configurationattribute. - The Launch Configuration needs to be replaced due to a change in the
image_idattribute. - The
image_idattribute specifies the Amazon Machine Image (AMI) that will be used to launch new instances in the Auto Scaling group. - Changes to specific attributes like
image_idrequire the resource to be replaced. - This is why Terraform plans to destroy and recreate your launch configuration.
- When the Launch Configuration is replaced, the Auto Scaling Group needs to be updated to point to the new Launch Configuration.
- This update can be performed without destroying and recreating the Auto Scaling Group.
In the output below, an AWS Launch Configuration and an Auto Scaling Group are defined. If the image_id in the Launch Configuration is changed, Terraform will replace the Launch Configuration and update the Auto Scaling Group accordingly.
- The drift would look as follows
# 06:23:46 Deploying 'stacks/apply_last' '0.1.0' to 'acme-us-east-2-a' 'foobar_module' (dry_run:true)
## PLAN: Terraform will perform the following actions:
### module.ec2.aws_autoscaling_group.example_asg will be updated in-place
~ resource "aws_autoscaling_group" "example_asg" {
id = "acme-us-east-2"
~ launch_configuration = "acme-us-east-2-20231009074215927400000001" -> (known after apply)
name = "acme-us-east-2"
# (23 unchanged attributes hidden)
}
### module.ec2.aws_launch_configuration.example_lc must be replaced
+/- resource "aws_launch_configuration" "example_lc" {
~ arn = "arn:aws:autoscaling:us-east-2:204004877656:launchConfiguration:d0737a01-dab9-4592-a147-af755884b25f:launchConfigurationName/acme-us-east-2-20231009074215927400000001" -> (known after apply)
~ id = "acme-us-east-2-20231009074215927400000001" -> (known after apply)
~ image_id = "ami-001" -> "ami-002" # forces replacement
~ name = "acme-us-east-2-20231009074215927400000001" -> (known after apply)
# (9 unchanged attributes hidden)
}
Plan: 1 to add, 1 to change, 1 to destroy.
