-
Notifications
You must be signed in to change notification settings - Fork 9.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudfront public key is associated when it's recreated. It errors as AWS asks for dissasociation before removal. #19093
Comments
I filled this as bug but now I realize it's more a feature than a bug 😉 sorry |
No worries about bug vs feature 🙂 Unfortunately, because of how Terraform currently models dependencies between resources, there isn't a good way to fix this problem. There is an open issue on Terraform core to address this. There is a potential workaround described at hashicorp/terraform#16065 (comment), which may work for you. Since this issue requires changes to the core Terraform dependency model, I'm going to close this issue. Once the support is available, we will address this and other issues caused by dependencies across resources. You may be able to find other workarounds or solutions in our forums for the AWS Provider or Terraform. |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
aws_cloudfront_key_group
aws_cloudfront_public_key
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
I will need to do a full separated test in another account to get a clean debug log.
Panic Output
Expected Behavior
During apply it should:
Steps to Reproduce
terraform apply
shows that will change the key group item and the public key encoded_key.First, a public_key.pem file is required in same working directory.
You need to create the two resources first with a usual
terraform apply
. It will succeed.Then modify the public_key.pem file to make terraform need to recreate the aws_cloudfront_public_key resource.
The next terraform apply is the one in the failure description.
I think there's nothing that could effect this two resources.
I think using
file("*.pem")
andfor_each
can do the trick without changing the tf code. But I also think this isn't much terraforming as I will have to do two applies and not really sure it will change anything as the order of the apply will be still start with theaws_cloudfront_key_group
. Usingdepends_on
gets to a cycle error (ofc).aws_cloudfront_key_group
was created some days ago:The text was updated successfully, but these errors were encountered: