Terraform AWS Provider Issue: ElasticBeanstalk Environment Settings Unnecessarily Re-Applied

[ICeZer0]

Terraform and AWS Provider Version

Terraform AWS Provider v5.84.0
Terraform v1.10.5

Affected Resource(s) or Data Source(s)

aws_elastic_beanstalk_environment

Expected Behavior

If settings with the same namespace, name, and value exist in both the state and configuration, they should be recognized as identical regardless of resource attribute differences.

Actual Behavior

Every terraform plan shows settings being removed and re-added even when they haven't changed, for example:

  - setting {
      - name      = "ServiceRole" -> null
      - namespace = "aws:elasticbeanstalk:environment" -> null
      - value     = "aws-elasticbeanstalk-service-role" -> null
      # (1 unchanged attribute hidden)
    }
  + setting {
      + name      = "ServiceRole"
      + namespace = "aws:elasticbeanstalk:environment"
      + resource  = "AWSEBV2LoadBalancer"
      + value     = "aws-elasticbeanstalk-service-role"
    }

Relevant Error/Panic Output

Sample Terraform Configuration

Click to expand configuration

Steps to Reproduce

1. Create an Elastic Beanstalk environment with settings that include resource attributes
2. Run terraform apply to create the environment
3. Run terraform plan without changing any settings
4. Observe the plan shows settings being removed and re-added

Debug Logging

Click to expand log output

GenAI / LLM Assisted Development

n/a

Important Facts and References

The issue likely stems from how the AWS provider performs comparison of settings in the diff process.

Provider-Level Fix

1. Modify the resource comparison logic in aws_elastic_beanstalk_environment resource:

   // In the resourceElasticBeanstalkEnvironmentSettingHash function:
   // Currently likely using something like:
   hash := fmt.Sprintf("%s:%s:%s:%s", setting.Namespace, setting.Name, setting.Value, setting.Resource)
   
   // Change to ignore resource attribute in comparison:
   hash := fmt.Sprintf("%s:%s:%s", setting.Namespace, setting.Name, setting.Value)

2. Add normalization for resource attributes during plan/apply phases:

   • Maintain a mapping of namespace → expected resource attribute
   • When applying settings, use the provider's canonical resource attribute for each namespace/name combination
   • This preserves the attribute for AWS API calls while preventing unnecessary diffs

3. Add an option to control comparison behavior:

   resource "aws_elastic_beanstalk_environment" "example" {
     name = "example-env"
     # ...
     setting_comparison_mode = "exclude_resource_attribute" # Default: "include_all"
   }

References

https://registry.terraform.io/providers/hashicorp/aws/5.24.0/docs/resources/elastic_beanstalk_environment

reported issue back in 2016

hashicorp/terraform#8950

hashicorp/terraform-cdk#3899

Would you like to implement a fix?

Sure

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.