Open cannereau opened 4 months ago
Voting for Prioritization
Volunteering to Work on This Issue
It's not ideal, but you can work around this by using the external provider to run the AWS CLI to fetch the actual ID.
bash script "get_kvs.sh" in the module directory:
#!/usr/bin/env bash
set -e
eval "$(jq -r '@sh "KVS_NAME=\(.kvs_name)"')"
aws cloudfront describe-key-value-store --name $KVS_NAME --query 'KeyValueStore' --output json | jq
Terraform code, where the function source code file has a placeholder KEY_VALUE_STORE_ID
for the ID:
resource "aws_cloudfront_key_value_store" "function_data" {
name = "my-function-data"
comment = "Cloudfront function data"
}
data "external" "key_value_store" {
program = ["bash", "${path.module}/get_kvs.sh"]
query = {
kvs_name = aws_cloudfront_key_value_store.function_data.name
}
}
resource "aws_cloudfront_function" "redirect" {
name = "redirect-function"
runtime = "cloudfront-js-2.0"
comment = "Redirects"
publish = true
code = replace(file("${path.module}/redirect_function.js"), "KEY_VALUE_STORE_ID", data.external.key_value_store.result.Id)
key_value_store_associations = [aws_cloudfront_key_value_store.function_data.arn]
}
There is more simple way. KVS id is the part of KVS arn In my case its looks like arn:aws:cloudfront::XXXXXXXXX:key-value-store/XXXXX-XXXXX-XXXXX-XXXXXX-XXXXXXXXX
So you can get the id with making some  transformations with arn For example -
template = file("${path.module}/scripts/viewer-request-function.js")
vars = {
kvs_id = element(split("/", "${aws_cloudfront_key_value_store.test_kv.arn}"), length(split("/", "${aws_cloudfront_key_value_store.test_kv.arn}")) - 1)
}
Of course its looks like workaround, but it works for me.
Terraform Core Version
1.7.1
AWS Provider Version
5.49.0
Affected Resource(s)
aws_cloudfront_key_value_store
Expected Behavior
Users expect to retrieve unique
ID
when they useaws_cloudfront_key_value_store
resource https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_DescribeKeyValueStore.html Then, thisID
can be injected in the JS code of anaws_cloudfront_function
resource In fact, thisID
is mandatory for working withaws_cloudfront_key_value_store
within anaws_cloudfront_function
https://aws.amazon.com/fr/blogs/aws/introducing-amazon-cloudfront-keyvaluestore-a-low-latency-datastore-for-cloudfront-functions/Actual Behavior
Currently, the
id
attribute ofaws_cloudfront_key_value_store
resource returns the unuseful name of the resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_key_value_store#attribute-referenceRelevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
terraform apply
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None