Open fields opened 4 years ago
I'm getting this too. It's actually making the change, too, it's not just a NO-OP
We recently went from 0.11 to 0.12, and thats when it started happening. Highly frustrating.
Confirmed this happens with 0.12.13 and 2.33.0. Tried ordering the origins the same as they are in the console - nope.
I have managed to reproduce it consistently with an empty origin_access_identity for an S3 origin:
resource "aws_cloudfront_distribution" "this" {
comment = "terraform-provider-aws-issue-10526"
is_ipv6_enabled = true
default_cache_behavior {
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
forwarded_values {
cookies {
forward = "none"
}
headers = [
"Access-Control-Request-Headers",
"Access-Control-Request-Method",
"Origin"
]
query_string = true
}
target_origin_id = "origin"
// require presigned URLS
trusted_signers = ["self"]
viewer_protocol_policy = "redirect-to-https"
}
default_root_object = "index.html"
enabled = true
origin {
domain_name = "mylovelybucket.s3.amazonaws.com"
origin_id = "origin"
s3_origin_config {
origin_access_identity = ""
}
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
minimum_protocol_version = "TLSv1"
ssl_support_method = "sni-only"
}
}
In our project, we have multiple distributions and only one of them has an S3 origin without an access identity. Only this distribution shows up in plan
even if we don't touch it.
Hey y'all 👋 Thank you for taking the time to file this issue! Given that there's been a number of AWS provider releases since you initially filed it, can anyone confirm whether you're still experiencing this behavior?
Hi I'm on provider 4.0.0
and it's still happening to me. I just ran into this problem today (14-Feb-2022) and looked it up and found this github issue.
I copied the -
and +
blocks from the plan output and diff'd them and they're identical.
For some context in my situation, I have an existing manually-created CF distribution from years ago and I've imported it into Terraform and I'm trying to get a clean plan to make sure my terraform files match current reality in my AWS account.
UPDATE: I went ahead and applied the changes terraform thought needed applying and it was successful. I did another plan
and it shows that "Objects have changed outside of terraform" (which isn't true, I ran plan
immediately after the apply
was finished), but at the bottom it says that no changes are required and "Your infrastructure matches the configuration".
Hi all 👋 Thank you for the additional context here. I've marked this as a bug so that we can look into it as soon as possible.
It is still happening for me on 4.47.0.
My guess is there is probably some non-determinism in the OriginHash
function. Or maybe there is an attribute that has a default value stored in the state, but not in the configuration?
Currently having this issue. Began when I updated terraform scripts from v0.12.23 to Terraform v1.6.2 on darwin_arm64
Edit: Importing didn't help either
Edit edit: Fixed. Was an issue with origin shield. In the previous terraform version, I had to add origin shield through the AWS console since it wasn't a feature in the cloudfront distribution resource. I added the feature to the resource and that fixed the issue.
have the same issue when trying to import existing cloudfront configuration. After the import and running terraform plan it is trying to recreate all origins, despite not showing any real changes between the current state and terraform
Terraform v1.6.6
on linux_amd64
+ provider registry.terraform.io/hashicorp/aws v5.31.0
I'm getting the same here, after importing a resource created from cloudformation, the distribution is being imported, but it's trying to replace the origin, here's the output (the 2 values are exact the same, I just censored but they are a exact match):
using:
I'm trying to add two new origins to an existing distribution and Terraform wants to remove all the existing origins and re-add them all in the same order.
I don't seem to be able to get it to just add the new origins. Has anyone found any tricks?
If this helps: Both the existing origins and the new origins are pointed at an ALB, nothing to do with S3.
I'm experiencing the same behavior here. Currently on Terraform v.1.85 and AWS v5.54.1.
Community Note
Terraform Version
Terraform v0.12.10
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
After apply, there should not be a change on subsequent plans.
Actual Behavior
On every subsequent run, the plan shows:
It appears that the s3 origin access identity is still set correctly, even though it is not listed in the plan.
Steps to Reproduce
terraform plan
terraform apply