How to Temporarily Remove and Reintegrate Cloud Resources from Terraform Management

Recently, I've set up ECS on Fargate and ELB (ALB). Generally, resources are managed through Terraform code. However, ECS task definitions and services require updates with each deployment (due to their short lifecycle), so I manage these using the open-source tool ecspresso.

Encountering a Challenge with ELB Configuration

I initially thought that once an ELB is built, it rarely needs updates. But after introducing Blue/Green deployments, I discovered that the target groups in the listener rules change with each deployment. This leads to discrepancies between the Terraform configuration files and the actual resources, causing issues when creating or updating other resources.

To address this issue, I first considered dynamically loading target groups. However, I felt that this approach would complicate the Terraform configuration. Instead, I opted to temporarily remove the frequently updated resources from Terraform's management and reintegrate them as needed.

Procedure to Remove Resources from Terraform Management

Consider the following listener rule managed in modules/elb/main.tf:

resource "aws_lb_listener_rule" "blue" {
  listener_arn = aws_lb_listener.https_443.arn
  priority     = 100

  action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.target_blue.arn
  }

  condition {
    host_header {
      values = ["dev.example.jp"]
    }
  }
}

Execute the following command in the directory where you perform terraform apply to remove this listener rule from Terraform's state file:

$ terraform state rm module.elb.aws_lb_listener_rule.blue

Finally, either comment out or delete the listener rule so that it does not affect the next terraform apply.

Procedure to Reintegrate Resources into Terraform Management

Verify the listener's ARN from the console and identify the listener rule's ARN using AWS CLI:

$ aws elbv2 describe-rules --listener-arn [listener's ARN]

The output will be as follows; copy the RuleArn:

{
    "Rules": [
        {
            "RuleArn": "arn:aws:elasticloadbalancing:ap-northeast-1:********:listener-rule/app/example-alb/********/********/********",
            "Priority": "100",
            "Conditions": [
                {
                    "Field": "host-header",
                    "Values": [
                        "dev.example.jp"
                    ],
                    "HostHeaderConfig": {
                        "Values": [
                            "dev.example.jp"
                        ]
                    }
                }
            ],

You can reintegrate the resource into Terraform management with the following command:

$ terraform import module.elb.aws_lb_listener_rule.blue [listener rule's ARN]

Conclusion

I am curious to know how others manage resources that frequently need updates like in this case.