Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

terraform updates aws_cloudfront_distribution every time over and over again #407

Closed
hashibot opened this issue Jun 13, 2017 · 2 comments · Fixed by #1785
Closed

terraform updates aws_cloudfront_distribution every time over and over again #407

hashibot opened this issue Jun 13, 2017 · 2 comments · Fixed by #1785
Labels
bug Addresses a defect in current functionality.

Comments

@hashibot
Copy link

This issue was originally opened by @vkulov as hashicorp/terraform#10535. It was migrated here as part of the provider split. The original body of the issue is below.

Hi,

I have a cloudfront distribution that updates every time apply is run.

module.s3_client_data.aws_cloudfront_distribution.main: Modifying...
  viewer_certificate.1540335073.acm_certificate_arn:            "" => ""
  viewer_certificate.1540335073.cloudfront_default_certificate: "" => "true"
  viewer_certificate.1540335073.iam_certificate_id:             "" => ""
  viewer_certificate.1540335073.minimum_protocol_version:       "" => "TLSv1"
  viewer_certificate.1540335073.ssl_support_method:             "" => "sni-only"
  viewer_certificate.2654384193.acm_certificate_arn:            "" => ""
  viewer_certificate.2654384193.cloudfront_default_certificate: "true" => "false"
  viewer_certificate.2654384193.iam_certificate_id:             "" => ""
  viewer_certificate.2654384193.minimum_protocol_version:       "SSLv3" => ""
  viewer_certificate.2654384193.ssl_support_method:             "" => ""
module.s3_client_data.aws_cloudfront_distribution.main: Modifications complete

The modification completes for a few seconds so it's not a big deal still it's annoying.

Here's my terraform code:


resource "aws_cloudfront_origin_access_identity" "main" {
  comment = "Client-Data Access Identity"
}

resource "aws_cloudfront_distribution" "main" {
  origin {
    domain_name = "${var.bucket_name}.s3.amazonaws.com"
    origin_id   = "${var.bucket_name}"

    s3_origin_config {
      origin_access_identity = "${aws_cloudfront_origin_access_identity.main.cloudfront_access_identity_path}"
    }
  }

  enabled             = true

  logging_config {
    include_cookies = false
    bucket          = "${var.log_bucket}.s3.amazonaws.com"
    prefix          = "${var.log_prefix}"
  }

  aliases = "${var.aliases}"

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${var.bucket_name}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  price_class = "${var.price_class}"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags {
    Name        = "Client Data"
    Environment = "${var.environment}"
  }

  viewer_certificate {
    cloudfront_default_certificate = true
    ssl_support_method = "sni-only"
    minimum_protocol_version = "TLSv1"
  }
}

I'm using Terraform v0.7.13
@hashibot hashibot added the bug Addresses a defect in current functionality. label Jun 13, 2017
@ekini ekini mentioned this issue Oct 1, 2017
Merged
ekini pushed a commit to ekini/terraform-provider-aws that referenced this issue Oct 1, 2017
If default cloudfront certificate is used, ignore minimum_protocol_ve…
52ad2b6 
…rsion

Fixes hashicorp#407
@JamesBelchamber
Copy link
Contributor

A short-term fix for this is to set minimum_protocol_version to TLSv1 - all this does is make Terraform config match what AWS is going to do regardless. We should merge #1785 to fix this.

jeancochrane pushed a commit to azavea/pfb-network-connectivity that referenced this issue Dec 14, 2018
Fix CloudFront errors
3517a2b 
CloudFront was complaining because:

* The distribution could not update properly while
  'minimum_protocol_version' was unset due to
  hashicorp/terraform-provider-aws#407
* The distribution domain name needed 'https://' to be appended to it
  before the app could retrieve tiles from it

Fix both of these issues. In addition, add an explicit 'jest' config
block to Tilegarden's package.json in order to prevent testing errors
in Babel 7.
jeancochrane pushed a commit to azavea/pfb-network-connectivity that referenced this issue Dec 17, 2018
Fix CloudFront errors
568ac4a 
CloudFront was complaining because:

* The distribution could not update properly while
  'minimum_protocol_version' was unset due to
  hashicorp/terraform-provider-aws#407
* The distribution domain name needed 'https://' to be appended to it
  before the app could retrieve tiles from it

Fix both of these issues. In addition, add an explicit 'jest' config
block to Tilegarden's package.json in order to prevent testing errors
in Babel 7.
@jeancochrane jeancochrane mentioned this issue Dec 17, 2018
Merged
@ghost
Copy link

ghost commented Apr 10, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality.
Projects
None yet
Milestone
No milestone
2 participants
@JamesBelchamber @hashibot