Is there a way to add access logs on already existing application load balancer in aws using terraform

I have ALB created using k8's helm charts.Now I want to enable access logs on top of it using terraform. I am trying to use data source but it seems not working and I am getting error while I plan it.

data "aws_lb" "ecs_public_alb" {
  name = "my-load-balancer-name"
}

resource "aws_lb" "example" {
  arn                = data.aws_lb.existing_lb.arn
  load_balancer_type = "application"

  access_logs {
    bucket  = "example-bucket"
    prefix  = "lb-access-logs"
    enabled = true
  }

  tags = {
    Terraform   = "true"
    Environment = "dev"
  }
}

The error I am getting is
Can't configure a value for "arn": its value will be decided automatically based on the result of applying this configuration.

Not sure what is going wrong here

You have to import your alb into TF first, before you can modify it using TF. What you are doing now with resource "aws_lb" "example" is trying to create new alb, rather then using the existing one.

The proximal cause of your error is that arn is a read-only attribute and you cannot write to it. The arn will be set by AWS once the resource has been created.

The real issue is that you need to decide what will manage the load balancer, Helm or Terraform. You can't have it both ways, creating the load balancer with Helm and then modifying it with Terraform. If you ever try to update or reconcile the Helm chart, it will remove the logging configuration.

Here's what I would do:

• Remove the Helm release and destroy the load balancer
• Create a new load balancer in Terraform with the logging configuration

If you absolutely cannot recreate the load balancer, then find a way to stop Helm from managing it in the future.

Source: I have tried to have Kubernetes and Terraform share management responsibilities of resources, and it was a miserable failure. It's much better to have clear boundaries and only one system managing resources.