-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNS validation records are always created and destroyed when creating aws_acm_certificate with aws_route53_record #13317
Comments
It looks like the subject_alternative_names setting is causing the aws_acm_certificate to be tainted even if the list is unchanged. I believe this is the primary issue.
Secondary issue is related to unsorted validation records, which might be able to be worked around.
|
We had an issue where extra_aliases = ["atua.org.au", "www.atua.org.au"] kept getting the same kind of error. When we changed it to extra_aliases = ["www.atua.org.au", "atua.org.au"] it worked. |
The fix to prevent ordering differences with the |
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Terraform Version
$ terraform -v
Terraform v0.12.24
Affected Resource(s)
Terraform Configuration Files
The following has been created as a module based on various examples on the internet and an attempt to use for_each to avoid a changing order triggering the resources to be tainted on every run. It didn't work. This does as much autodiscovery as I could possibly get it to do, but it still always creates and destroys validation records even when nothing has changed. This works similar to:
https://github.com/cloudposse/terraform-aws-acm-request-certificate
vars.tf
main.tf
locals.tf
Debug Output
Just running the terraform multiple times causes all validation records to always destroy and create, even when using for_each. I've tried everything... I don't know what debug output here can do to help.
Panic Output
N/A
Expected Behavior
The acm certificate and validation records should only be recreated and destroyed when they change.
Actual Behavior
The acm certification and validation records are recreated and destroyed on every run even when nothing has changed.
Steps to Reproduce
terraform apply
Important Factoids
Nothing important to note.
References
aws_acm_certificate subject_alternative_names & domain_validation_options get returned in a different order each time #8531 - this is exactly the issue that drove me to write the above terraform, but for_each still causes revalidation.
Research: aws_acm_certificate redesign #13053 - I would love whatever mechanism is chosen to work with for_each.
edit: typos and clarity
The text was updated successfully, but these errors were encountered: