Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error during apply of aws_cloudfront_distribution using aws_cloudfront_origin_access_identity #824

Closed
hashibot opened this issue Jun 13, 2017 · 5 comments · Fixed by #7732
Labels
bug Addresses a defect in current functionality. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Milestone

Comments

@hashibot
Copy link

This issue was originally opened by @billyboingo as hashicorp/terraform#15028. It was migrated here as part of the provider split. The original body of the issue is below.


Terraform Version

0.9.6

Affected Resource(s)

  • aws_cloudfront_distribution

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

data "aws_route53_zone" "hosted_zone" {
  name = "${var.hosted_zone_name}"
}

resource "aws_cloudfront_distribution" "distribution" {
  origin {
    domain_name = "${var.bucket_domain_name}"
    origin_id   = "S3-${var.bucket_name}"

    s3_origin_config {
      origin_access_identity = "${var.origin_access_identity == "" ? "" : "origin-access-identity/cloudfront/${var.origin_access_identity}"}"
    }
  }

  enabled             = true
  is_ipv6_enabled     = true
  comment             = "Distribution for ${var.bucket_name} S3 Bucket."
  default_root_object = "${var.default_object}"

  aliases = ["${var.host_name}.${var.hosted_zone_name}"]

  price_class = "${var.price_class}"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = false
    acm_certificate_arn            = "${module.ssl_cert.arn}"
    minimum_protocol_version       = "TLSv1"
    ssl_support_method             = "sni-only"
  }

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3-${var.bucket_name}"

    forwarded_values {
      query_string            = true
      query_string_cache_keys = ["version"]

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  cache_behavior {
    path_pattern     = "/data/*"
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "S3-${var.bucket_name}"
    trusted_signers  = ["self"]

    forwarded_values {
      query_string            = true
      query_string_cache_keys = ["version"]

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 60
    max_ttl                = 31536000
  }
}

resource "aws_route53_record" "dns_record" {
  zone_id = "${data.aws_route53_zone.hosted_zone.zone_id}"
  name    = "${var.host_name}.${var.hosted_zone_name}"
  type    = "A"

  alias {
    name                   = "${aws_cloudfront_distribution.distribution.domain_name}"
    zone_id                = "Z2FDTNDATAQYW2"
    evaluate_target_health = false
  }
}

Debug Output

https://gist.github.com/billyboingo/73982918f56eba123fd389113cff4455

Panic Output

Remain calm and carry on.

Expected Behavior

A new cloudfront distribution should have been created with restricted access to an S3 bucket via the origin access identity.

Actual Behavior

It blows up with the provided output.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

Important Factoids

This looks like it could be a regression of the issue referenced below...

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

@hashibot hashibot added the bug Addresses a defect in current functionality. label Jun 13, 2017
@ErrantConstruct
Copy link

We've been experiencing this issue anytime we rebuild our cloudfront distribution. Is there any work around other then running the same apply again?

@bflad bflad added the service/cloudfront Issues and PRs that pertain to the cloudfront service. label Jan 19, 2018
@martinb3
Copy link

martinb3 commented Nov 8, 2018

Sorry, what is the original issue? The gist linked here is gone.

@wweiss
Copy link

wweiss commented Nov 9, 2018

Sorry, the url has changed:
https://gist.github.com/wweiss/73982918f56eba123fd389113cff4455

bflad added a commit that referenced this issue Feb 26, 2019
…ributes for better difference handling

References:
* #7709
* #5526
* #4338
* #3842
* #3766
* #3256
* #1194
* #824
* #416

The usage of `TypeSet` for single container block attributes can cause unnecessary problems with Terraform's difference logic and makes plan output unnecessarily more difficult to read. Here we adjust these to `TypeList`.

Converted the following from `Type: schema.TypeSet` and `MaxItems: 1` to `Type: schema.TypeList`:

* `default_cache_behavior` configuration block
* `default_cache_behavior` configuration block `forwarded_values` configuration block
* `default_cache_behavior` configuration block `forwarded_values` configuration block `cookies` configuration block
* `logging_config` configuration block
* `origin` configuration block `custom_origin_config` configuration block
* `origin` configuration block `s3_origin_config` configuration block
* `ordered_cache_behavior` configuration block `forwarded_values` configuration block
* `ordered_cache_behavior` configuration block `forwarded_values` configuration block `cookies` configuration block
* `restrictions` configuration block
* `restrictions` configuration block `geo_restriction` configuration block
* `viewer_certificate` configuration block

The usage of `TypeList` for arguments where ordering does not matter causes unnecessary hassle for operators to match their configuration to the CloudFront API. Here we replace these with `TypeSet` to ignore ordering.

Converted the following from `Type: schema.TypeList` to `Type: schema.TypeSet`:

* `default_cache_behavior` configuration block `allowed_methods` argument
* `default_cache_behavior` configuration block `cached_methods` argument
* `origin` configuration block `custom_origin_config` configuration block `origin_ssl_protocols` argument
* `restrictions` configuration block `geo_restriction` configuration block `locations` argument

This change was verified with a live configuration outside the acceptance testing framework with Terraform 0.11 as effectively a no-op for the most common use case configurations that do not later reference these attributes.

```console
$ terraform apply
...
aws_cloudfront_distribution.test: Creating...
  active_trusted_signers.%:                                                                             "" => "<computed>"
  arn:                                                                                                  "" => "<computed>"
  caller_reference:                                                                                     "" => "<computed>"
  default_cache_behavior.#:                                                                             "0" => "1"
  default_cache_behavior.1848826977.allowed_methods.#:                                                  "0" => "7"
  default_cache_behavior.1848826977.allowed_methods.0:                                                  "" => "DELETE"
  default_cache_behavior.1848826977.allowed_methods.1:                                                  "" => "GET"
  default_cache_behavior.1848826977.allowed_methods.2:                                                  "" => "HEAD"
  default_cache_behavior.1848826977.allowed_methods.3:                                                  "" => "OPTIONS"
  default_cache_behavior.1848826977.allowed_methods.4:                                                  "" => "PATCH"
  default_cache_behavior.1848826977.allowed_methods.5:                                                  "" => "POST"
  default_cache_behavior.1848826977.allowed_methods.6:                                                  "" => "PUT"
  default_cache_behavior.1848826977.cached_methods.#:                                                   "0" => "2"
  default_cache_behavior.1848826977.cached_methods.0:                                                   "" => "GET"
  default_cache_behavior.1848826977.cached_methods.1:                                                   "" => "HEAD"
  default_cache_behavior.1848826977.compress:                                                           "" => "false"
  default_cache_behavior.1848826977.default_ttl:                                                        "" => "100"
  default_cache_behavior.1848826977.field_level_encryption_id:                                          "" => ""
  default_cache_behavior.1848826977.forwarded_values.#:                                                 "0" => "1"
  default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.#:                              "0" => "1"
  default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.1870923232.forward:             "" => "all"
  default_cache_behavior.1848826977.forwarded_values.2510654351.cookies.1870923232.whitelisted_names.#: "0" => "0"
  default_cache_behavior.1848826977.forwarded_values.2510654351.headers.#:                              "0" => "0"
  default_cache_behavior.1848826977.forwarded_values.2510654351.query_string:                           "" => "false"
  default_cache_behavior.1848826977.forwarded_values.2510654351.query_string_cache_keys.#:              "0" => "0"
  default_cache_behavior.1848826977.lambda_function_association.#:                                      "0" => "0"
  default_cache_behavior.1848826977.max_ttl:                                                            "" => "100"
  default_cache_behavior.1848826977.min_ttl:                                                            "" => "100"
  default_cache_behavior.1848826977.smooth_streaming:                                                   "" => "true"
  default_cache_behavior.1848826977.target_origin_id:                                                   "" => "myCustomOrigin"
  default_cache_behavior.1848826977.trusted_signers.#:                                                  "0" => "0"
  default_cache_behavior.1848826977.viewer_protocol_policy:                                             "" => "allow-all"
  domain_name:                                                                                          "" => "<computed>"
  enabled:                                                                                              "" => "true"
  etag:                                                                                                 "" => "<computed>"
  hosted_zone_id:                                                                                       "" => "<computed>"
  http_version:                                                                                         "" => "http2"
  in_progress_validation_batches:                                                                       "" => "<computed>"
  is_ipv6_enabled:                                                                                      "" => "false"
  last_modified_time:                                                                                   "" => "<computed>"
  ordered_cache_behavior.#:                                                                             "0" => "2"
  ordered_cache_behavior.0.allowed_methods.#:                                                           "0" => "7"
  ordered_cache_behavior.0.allowed_methods.1012961568:                                                  "" => "POST"
  ordered_cache_behavior.0.allowed_methods.1040875975:                                                  "" => "GET"
  ordered_cache_behavior.0.allowed_methods.1445840968:                                                  "" => "HEAD"
  ordered_cache_behavior.0.allowed_methods.1741119464:                                                  "" => "PATCH"
  ordered_cache_behavior.0.allowed_methods.348445828:                                                   "" => "DELETE"
  ordered_cache_behavior.0.allowed_methods.3982006612:                                                  "" => "OPTIONS"
  ordered_cache_behavior.0.allowed_methods.4024585617:                                                  "" => "PUT"
  ordered_cache_behavior.0.cached_methods.#:                                                            "0" => "2"
  ordered_cache_behavior.0.cached_methods.1040875975:                                                   "" => "GET"
  ordered_cache_behavior.0.cached_methods.1445840968:                                                   "" => "HEAD"
  ordered_cache_behavior.0.compress:                                                                    "" => "false"
  ordered_cache_behavior.0.default_ttl:                                                                 "" => "50"
  ordered_cache_behavior.0.forwarded_values.#:                                                          "0" => "1"
  ordered_cache_behavior.0.forwarded_values.2555876073.cookies.#:                                       "0" => "1"
  ordered_cache_behavior.0.forwarded_values.2555876073.cookies.2625240281.forward:                      "" => "none"
  ordered_cache_behavior.0.forwarded_values.2555876073.cookies.2625240281.whitelisted_names.#:          "0" => "0"
  ordered_cache_behavior.0.forwarded_values.2555876073.headers.#:                                       "0" => "0"
  ordered_cache_behavior.0.forwarded_values.2555876073.query_string:                                    "" => "true"
  ordered_cache_behavior.0.forwarded_values.2555876073.query_string_cache_keys.#:                       "0" => "0"
  ordered_cache_behavior.0.max_ttl:                                                                     "" => "50"
  ordered_cache_behavior.0.min_ttl:                                                                     "" => "50"
  ordered_cache_behavior.0.path_pattern:                                                                "" => "images1/*.jpg"
  ordered_cache_behavior.0.target_origin_id:                                                            "" => "myCustomOrigin"
  ordered_cache_behavior.0.viewer_protocol_policy:                                                      "" => "allow-all"
  ordered_cache_behavior.1.allowed_methods.#:                                                           "0" => "7"
  ordered_cache_behavior.1.allowed_methods.1012961568:                                                  "" => "POST"
  ordered_cache_behavior.1.allowed_methods.1040875975:                                                  "" => "GET"
  ordered_cache_behavior.1.allowed_methods.1445840968:                                                  "" => "HEAD"
  ordered_cache_behavior.1.allowed_methods.1741119464:                                                  "" => "PATCH"
  ordered_cache_behavior.1.allowed_methods.348445828:                                                   "" => "DELETE"
  ordered_cache_behavior.1.allowed_methods.3982006612:                                                  "" => "OPTIONS"
  ordered_cache_behavior.1.allowed_methods.4024585617:                                                  "" => "PUT"
  ordered_cache_behavior.1.cached_methods.#:                                                            "0" => "2"
  ordered_cache_behavior.1.cached_methods.1040875975:                                                   "" => "GET"
  ordered_cache_behavior.1.cached_methods.1445840968:                                                   "" => "HEAD"
  ordered_cache_behavior.1.compress:                                                                    "" => "false"
  ordered_cache_behavior.1.default_ttl:                                                                 "" => "51"
  ordered_cache_behavior.1.forwarded_values.#:                                                          "0" => "1"
  ordered_cache_behavior.1.forwarded_values.2555876073.cookies.#:                                       "0" => "1"
  ordered_cache_behavior.1.forwarded_values.2555876073.cookies.2625240281.forward:                      "" => "none"
  ordered_cache_behavior.1.forwarded_values.2555876073.cookies.2625240281.whitelisted_names.#:          "0" => "0"
  ordered_cache_behavior.1.forwarded_values.2555876073.headers.#:                                       "0" => "0"
  ordered_cache_behavior.1.forwarded_values.2555876073.query_string:                                    "" => "true"
  ordered_cache_behavior.1.forwarded_values.2555876073.query_string_cache_keys.#:                       "0" => "0"
  ordered_cache_behavior.1.max_ttl:                                                                     "" => "51"
  ordered_cache_behavior.1.min_ttl:                                                                     "" => "51"
  ordered_cache_behavior.1.path_pattern:                                                                "" => "images2/*.jpg"
  ordered_cache_behavior.1.target_origin_id:                                                            "" => "myCustomOrigin"
  ordered_cache_behavior.1.viewer_protocol_policy:                                                      "" => "allow-all"
  origin.#:                                                                                             "0" => "1"
  origin.1857972443.custom_header.#:                                                                    "0" => "0"
  origin.1857972443.custom_origin_config.#:                                                             "0" => "1"
  origin.1857972443.custom_origin_config.3832794885.http_port:                                          "" => "80"
  origin.1857972443.custom_origin_config.3832794885.https_port:                                         "" => "443"
  origin.1857972443.custom_origin_config.3832794885.origin_keepalive_timeout:                           "" => "5"
  origin.1857972443.custom_origin_config.3832794885.origin_protocol_policy:                             "" => "http-only"
  origin.1857972443.custom_origin_config.3832794885.origin_read_timeout:                                "" => "30"
  origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.#:                             "0" => "2"
  origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.0:                             "" => "SSLv3"
  origin.1857972443.custom_origin_config.3832794885.origin_ssl_protocols.1:                             "" => "TLSv1"
  origin.1857972443.domain_name:                                                                        "" => "www.example.com"
  origin.1857972443.origin_id:                                                                          "" => "myCustomOrigin"
  origin.1857972443.origin_path:                                                                        "" => ""
  origin.1857972443.s3_origin_config.#:                                                                 "0" => "0"
  price_class:                                                                                          "" => "PriceClass_All"
  restrictions.#:                                                                                       "0" => "1"
  restrictions.811065190.geo_restriction.#:                                                             "0" => "1"
  restrictions.811065190.geo_restriction.1303118592.locations.#:                                        "0" => "4"
  restrictions.811065190.geo_restriction.1303118592.locations.0:                                        "" => "US"
  restrictions.811065190.geo_restriction.1303118592.locations.1:                                        "" => "CA"
  restrictions.811065190.geo_restriction.1303118592.locations.2:                                        "" => "GB"
  restrictions.811065190.geo_restriction.1303118592.locations.3:                                        "" => "DE"
  restrictions.811065190.geo_restriction.1303118592.restriction_type:                                   "" => "whitelist"
  retain_on_delete:                                                                                     "" => "false"
  status:                                                                                               "" => "<computed>"
  viewer_certificate.#:                                                                                 "0" => "1"
  viewer_certificate.69840937.acm_certificate_arn:                                                      "" => ""
  viewer_certificate.69840937.cloudfront_default_certificate:                                           "" => "true"
  viewer_certificate.69840937.iam_certificate_id:                                                       "" => ""
  viewer_certificate.69840937.minimum_protocol_version:                                                 "" => "TLSv1"
  viewer_certificate.69840937.ssl_support_method:                                                       "" => ""
aws_cloudfront_distribution.test: Creation complete after 0s (ID: E3K1GJF3SSNJRN)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

$ cp ~/go/bin/terraform-provider-aws .terraform/plugins/darwin_amd64/terraform-provider-aws_v1.60.0_x4; terraform init # this binary is an updated Terraform AWS Provider built with these changes

$ terraform apply # Here we see no state migration required
aws_cloudfront_distribution.test: Refreshing state... (ID: E3K1GJF3SSNJRN)

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

$ terraform state show aws_cloudfront_distribution.test # Here we see a successful state refresh with the new layout
id                                                                        = E3K1GJF3SSNJRN
active_trusted_signers.%                                                  = 2
active_trusted_signers.enabled                                            = false
active_trusted_signers.items.#                                            = 0
aliases.#                                                                 = 0
arn                                                                       = arn:aws:cloudfront::187416307283:distribution/E3K1GJF3SSNJRN
caller_reference                                                          = 2019-02-25T14:51:42.674464-05:00
custom_error_response.#                                                   = 0
default_cache_behavior.#                                                  = 1
default_cache_behavior.0.allowed_methods.#                                = 7
default_cache_behavior.0.allowed_methods.1012961568                       = POST
default_cache_behavior.0.allowed_methods.1040875975                       = GET
default_cache_behavior.0.allowed_methods.1445840968                       = HEAD
default_cache_behavior.0.allowed_methods.1741119464                       = PATCH
default_cache_behavior.0.allowed_methods.348445828                        = DELETE
default_cache_behavior.0.allowed_methods.3982006612                       = OPTIONS
default_cache_behavior.0.allowed_methods.4024585617                       = PUT
default_cache_behavior.0.cached_methods.#                                 = 2
default_cache_behavior.0.cached_methods.1040875975                        = GET
default_cache_behavior.0.cached_methods.1445840968                        = HEAD
default_cache_behavior.0.compress                                         = false
default_cache_behavior.0.default_ttl                                      = 100
default_cache_behavior.0.field_level_encryption_id                        =
default_cache_behavior.0.forwarded_values.#                               = 1
default_cache_behavior.0.forwarded_values.0.cookies.#                     = 1
default_cache_behavior.0.forwarded_values.0.cookies.0.forward             = all
default_cache_behavior.0.forwarded_values.0.cookies.0.whitelisted_names.# = 0
default_cache_behavior.0.forwarded_values.0.headers.#                     = 0
default_cache_behavior.0.forwarded_values.0.query_string                  = false
default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.#     = 0
default_cache_behavior.0.lambda_function_association.#                    = 0
default_cache_behavior.0.max_ttl                                          = 100
default_cache_behavior.0.min_ttl                                          = 100
default_cache_behavior.0.smooth_streaming                                 = true
default_cache_behavior.0.target_origin_id                                 = myCustomOrigin
default_cache_behavior.0.trusted_signers.#                                = 0
default_cache_behavior.0.viewer_protocol_policy                           = allow-all
default_root_object                                                       =
domain_name                                                               = dot6h04nf0cmx.cloudfront.net
enabled                                                                   = true
etag                                                                      = E33ZADXZHBHVXT
hosted_zone_id                                                            = Z2FDTNDATAQYW2
http_version                                                              = http2
in_progress_validation_batches                                            = 0
is_ipv6_enabled                                                           = false
last_modified_time                                                        = 2019-02-26 02:22:40.558 +0000 UTC
logging_config.#                                                          = 0
ordered_cache_behavior.#                                                  = 2
ordered_cache_behavior.0.allowed_methods.#                                = 7
ordered_cache_behavior.0.allowed_methods.1012961568                       = POST
ordered_cache_behavior.0.allowed_methods.1040875975                       = GET
ordered_cache_behavior.0.allowed_methods.1445840968                       = HEAD
ordered_cache_behavior.0.allowed_methods.1741119464                       = PATCH
ordered_cache_behavior.0.allowed_methods.348445828                        = DELETE
ordered_cache_behavior.0.allowed_methods.3982006612                       = OPTIONS
ordered_cache_behavior.0.allowed_methods.4024585617                       = PUT
ordered_cache_behavior.0.cached_methods.#                                 = 2
ordered_cache_behavior.0.cached_methods.1040875975                        = GET
ordered_cache_behavior.0.cached_methods.1445840968                        = HEAD
ordered_cache_behavior.0.compress                                         = false
ordered_cache_behavior.0.default_ttl                                      = 50
ordered_cache_behavior.0.field_level_encryption_id                        =
ordered_cache_behavior.0.forwarded_values.#                               = 1
ordered_cache_behavior.0.forwarded_values.0.cookies.#                     = 1
ordered_cache_behavior.0.forwarded_values.0.cookies.0.forward             = none
ordered_cache_behavior.0.forwarded_values.0.cookies.0.whitelisted_names.# = 0
ordered_cache_behavior.0.forwarded_values.0.headers.#                     = 0
ordered_cache_behavior.0.forwarded_values.0.query_string                  = true
ordered_cache_behavior.0.forwarded_values.0.query_string_cache_keys.#     = 0
ordered_cache_behavior.0.lambda_function_association.#                    = 0
ordered_cache_behavior.0.max_ttl                                          = 50
ordered_cache_behavior.0.min_ttl                                          = 50
ordered_cache_behavior.0.path_pattern                                     = images1/*.jpg
ordered_cache_behavior.0.smooth_streaming                                 = false
ordered_cache_behavior.0.target_origin_id                                 = myCustomOrigin
ordered_cache_behavior.0.trusted_signers.#                                = 0
ordered_cache_behavior.0.viewer_protocol_policy                           = allow-all
ordered_cache_behavior.1.allowed_methods.#                                = 7
ordered_cache_behavior.1.allowed_methods.1012961568                       = POST
ordered_cache_behavior.1.allowed_methods.1040875975                       = GET
ordered_cache_behavior.1.allowed_methods.1445840968                       = HEAD
ordered_cache_behavior.1.allowed_methods.1741119464                       = PATCH
ordered_cache_behavior.1.allowed_methods.348445828                        = DELETE
ordered_cache_behavior.1.allowed_methods.3982006612                       = OPTIONS
ordered_cache_behavior.1.allowed_methods.4024585617                       = PUT
ordered_cache_behavior.1.cached_methods.#                                 = 2
ordered_cache_behavior.1.cached_methods.1040875975                        = GET
ordered_cache_behavior.1.cached_methods.1445840968                        = HEAD
ordered_cache_behavior.1.compress                                         = false
ordered_cache_behavior.1.default_ttl                                      = 51
ordered_cache_behavior.1.field_level_encryption_id                        =
ordered_cache_behavior.1.forwarded_values.#                               = 1
ordered_cache_behavior.1.forwarded_values.0.cookies.#                     = 1
ordered_cache_behavior.1.forwarded_values.0.cookies.0.forward             = none
ordered_cache_behavior.1.forwarded_values.0.cookies.0.whitelisted_names.# = 0
ordered_cache_behavior.1.forwarded_values.0.headers.#                     = 0
ordered_cache_behavior.1.forwarded_values.0.query_string                  = true
ordered_cache_behavior.1.forwarded_values.0.query_string_cache_keys.#     = 0
ordered_cache_behavior.1.lambda_function_association.#                    = 0
ordered_cache_behavior.1.max_ttl                                          = 51
ordered_cache_behavior.1.min_ttl                                          = 51
ordered_cache_behavior.1.path_pattern                                     = images2/*.jpg
ordered_cache_behavior.1.smooth_streaming                                 = false
ordered_cache_behavior.1.target_origin_id                                 = myCustomOrigin
ordered_cache_behavior.1.trusted_signers.#                                = 0
ordered_cache_behavior.1.viewer_protocol_policy                           = allow-all
origin.#                                                                  = 1
origin.1857972443.custom_header.#                                         = 0
origin.1857972443.custom_origin_config.#                                  = 1
origin.1857972443.custom_origin_config.0.http_port                        = 80
origin.1857972443.custom_origin_config.0.https_port                       = 443
origin.1857972443.custom_origin_config.0.origin_keepalive_timeout         = 5
origin.1857972443.custom_origin_config.0.origin_protocol_policy           = http-only
origin.1857972443.custom_origin_config.0.origin_read_timeout              = 30
origin.1857972443.custom_origin_config.0.origin_ssl_protocols.#           = 2
origin.1857972443.custom_origin_config.0.origin_ssl_protocols.1162609714  = TLSv1
origin.1857972443.custom_origin_config.0.origin_ssl_protocols.2159350162  = SSLv3
origin.1857972443.domain_name                                             = www.example.com
origin.1857972443.origin_id                                               = myCustomOrigin
origin.1857972443.origin_path                                             =
origin.1857972443.s3_origin_config.#                                      = 0
price_class                                                               = PriceClass_All
restrictions.#                                                            = 1
restrictions.0.geo_restriction.#                                          = 1
restrictions.0.geo_restriction.0.locations.#                              = 4
restrictions.0.geo_restriction.0.locations.3034033770                     = DE
restrictions.0.geo_restriction.0.locations.3047936762                     = US
restrictions.0.geo_restriction.0.locations.3589570027                     = CA
restrictions.0.geo_restriction.0.locations.4191192820                     = GB
restrictions.0.geo_restriction.0.restriction_type                         = whitelist
retain_on_delete                                                          = false
status                                                                    = Deployed
tags.%                                                                    = 0
viewer_certificate.#                                                      = 1
viewer_certificate.0.acm_certificate_arn                                  =
viewer_certificate.0.cloudfront_default_certificate                       = true
viewer_certificate.0.iam_certificate_id                                   =
viewer_certificate.0.minimum_protocol_version                             = TLSv1
viewer_certificate.0.ssl_support_method                                   =
web_acl_id                                                                =
```

Output from acceptance testing:

```
--- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyOriginID (1.04s)
--- PASS: TestAccAWSCloudFrontDistribution_Origin_EmptyDomainName (1.12s)
--- PASS: TestAccAWSCloudFrontDistribution_orderedCacheBehavior (1082.43s)
--- PASS: TestAccAWSCloudFrontDistribution_HTTP11Config (1082.47s)
--- PASS: TestAccAWSCloudFrontDistribution_noCustomErrorResponseConfig (1083.16s)
--- PASS: TestAccAWSCloudFrontDistribution_noOptionalItemsConfig (1083.56s)
--- PASS: TestAccAWSCloudFrontDistribution_S3OriginWithTags (1084.20s)
--- PASS: TestAccAWSCloudFrontDistribution_IsIPV6EnabledConfig (1089.11s)
--- PASS: TestAccAWSCloudFrontDistribution_S3Origin (1090.38s)
--- PASS: TestAccAWSCloudFrontDistribution_customOrigin (1092.54s)
--- PASS: TestAccAWSCloudFrontDistribution_multiOrigin (1093.67s)
```
@bflad bflad added this to the v2.0.0 milestone Feb 27, 2019
@bflad
Copy link
Contributor

bflad commented Feb 27, 2019

Hi folks 👋 Sorry for the trouble with the aws_cloudfront_distribution resource. Since its original implementation, there were many configuration blocks that did not benefit from certain difference simplifications and arguments that were incorrectly using ordered lists instead of sets. Usually these type of implementation details surface in unexpected ways during Terraform runs as diffs didn't match during apply error in Terraform 0.11 and prior. (Aside: in Terraform 0.12 and later, these types of errors will include much better diagnostic information rather than dumping the raw differences.)

The configuration block simplifications and fixes were applied to the resource logic in version 2.0.0 of the Terraform AWS Provider, which will be releasing very shortly. Existing configurations should mostly work as they did previously, but aws_cloudfront_distribution resource updates and recreations should perform more reliably now without these errors. Since there were a large amount of varying diffs didn't match during apply reports, we are opting to close all these issues which appear to fall under this category.

We encourage everyone to file a new GitHub issue once upgraded to version 2.0.0 of the Terraform AWS Provider, should there be any further problems, so we can appropriately triage them. Thanks for your understanding and hope the upgrade is helpful. 😄

@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Addresses a defect in current functionality. service/cloudfront Issues and PRs that pertain to the cloudfront service.
Projects
None yet
5 participants