-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Importing certificate FROM an ACM CA via aws_acm_certificate forces re-creation every apply #11201
Comments
I seem to be having this issue. After creating these certs + validations, the next run recreates the certs and validations, and attaches the new certs to the CF repos.
here are what I think are some relevant snippets from the module I wrote for our cf + s3 + acm setup.
|
Hey all 👋 Thank you for taking the time to file this issue, and for the additional information. @LukasKnuthImagineOn - since you'd initially filed the report (and because I don't want to only address the newer comment!), given that there's been a number of AWS provider and Terraform releases since you initially filed it, are you able to confirm if you're still running into the original behavior? @jordanbcooper - since you reported this more recently; is this occurring after an import as well, as mentioned in the initial report, or are you seeing this looping behavior after only creating the resource(s)? |
@justinretzolk These are new resources, never imported. |
Hey @jordanbcooper 👋 Thanks for confirming that. Since your situation isn't after an import, and it looks like you're not using imported (existing) certificates, I think the behavior you're experiencing might differ a bit from the original issue reported here. Would you mind opening a new issue with the relevant information in the issue template so we can separate these out a bit so that we don't cause any unnecessary confusion? |
Will do, sorry about that @justinretzolk |
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! |
Community Note
Terraform Version
Terraform v0.12.16
Affected Resource(s)
Terraform Configuration Files
This is not the full config, but (as far as I can reason) the relevant parts of it.
Panic Output
No panic
Plan Output
Note: I have shortened the output for the load-balancer to the relvant listener. Also, I have replaced the Account-IDs in both ARNs.
Expected Behavior
Important The certificate I'm importing is created via AWS ACM CA from another account. Then, I export the certificate via the console, use OpenSSL to decrypt the private-key and import it via Terraform.
I expect the certificate to be importet successfully (which it is) and to remain unchanged on subsequent Terraform runs.
Actual Behavior
The certificate is scheduled to be re-importet on every run. Any dependencies (such as ELB) are re-created aswell.
The plan output shows that the contents of the certificate haven't changed, but the
certificate_authority_arn
-field forces the replacement. My guess is that since the cert was exported from another account and the ARN refers to it, this causes weird behaviour?Steps to Reproduce
openssl rsa -in priv.pem -out priv_no_enc.pem
Important Factoids
To re-iterate: The certificate I'm importing is created via AWS ACM CA from another account. Then, I export the certificate via the console, use OpenSSL to decrypt the private-key and import it via Terraform.
References
The text was updated successfully, but these errors were encountered: