search

terraform-aws-modules / terraform-aws-acm

Terraform module to create AWS ACM resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/acm/aws
Apache License 2.0
182 stars 229 forks source link

Unable to set renewal_eligibility #120

Closed SimonEdwardsMQA closed 1 year ago

SimonEdwardsMQA commented 1 year ago

Is your request related to a problem? Please describe.

Since creating the certificate with this module, the renewal_eligibility has been changed to "ELIGIBLE". However, the module wants to revert this back to "INELIGIBLE" and I can't see a way of setting this or where the module is setting this argument.

Describe the solution you'd like.

Allow renewal_eligibility = "ELIGIBLE" to be accepted by the module.

Describe alternatives you've considered.

I'm unable to use ignore_changes

Additional context

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.acm.aws_acm_certificate.this[0] has changed
  ~ resource "aws_acm_certificate" "this" {
        id                        = "arn:aws:acm:eu-west-2:8124********:certificate/cc7f****-80**-49**-8f**-2489********"
      ~ renewal_eligibility       = "INELIGIBLE" -> "ELIGIBLE"
dhoppe commented 1 year ago

@SimonEdwardsMQA Please check if the mentioned criteria are met. https://github.com/hashicorp/terraform-provider-aws/issues/8925#issuecomment-500480461

SimonEdwardsMQA commented 1 year ago

@SimonEdwardsMQA Please check if the mentioned criteria are met. hashicorp/terraform-provider-aws#8925 (comment)

The issue isn't with the cert itself, that is eligible, the problem I'm having is setting the renewal_eligibility so that Terraform is aware that it's eligible.

dhoppe commented 1 year ago

As far as I understood renewal_eligibility can not be managed directly by the AWS provider and is just provided as output. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate#renewal_eligibility

SimonEdwardsMQA commented 1 year ago

How do I get around the "Objects have changed outside of Terraform" issue when I run a plan? There must be something in TF that is trying to set renewal_eligibility

antonbabenko commented 1 year ago

I agree with @dhoppe and there is nothing we can do in this module. It is Terraform AWS provider issue.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.