aws_acm_certificate: fix subject_alternative_names forces recreation #11300
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ghost
added
needs-triage
|
This is a breaking change as Any comments, ideas and requirements are welcome! |
|
I don't believe this change will actually resolve the problem. The problem is that the subject_alternative_names and domain_validation_options order must be predictable and consistent, due in part to aws_route53_records referencing this output from the aws_acm_certificate based on the count of SANs provided. As I understand it, the AWS API for describing the certificate does not guarantee the order of the returned subject_alternative_names, nor the order of the domain_validation_options. So, some order must be used that, once set, never changes. So, merely changing the SANs to a Set won't help. A Set, I believe, conveys that order does not matter. But, actually, order is critical here. So, our solution ensures that any responses from AWS are re-ordered to the order provided by the user. If the user changes the order, then, yes, it will force re-creation of resources. But, at least it allows them to control that order and prevent resource re-creation. |
|
With all due respect - I do not see the need for an order... provider "aws" {
max_retries = 1337
region = "eu-central-1"
profile = "devops"
}
data "aws_route53_zone" "zone" {
name = "test.dev.reservix.cloud."
private_zone = false
}
locals {
domain = trimsuffix(data.aws_route53_zone.zone.name, ".")
subject_alternative_names = [
for subdomain in [
"one",
"two",
"three",
"four",
"fife",
"six",
"seven",
"eight",
"nine"
] : format("%s.%s", subdomain, local.domain)
]
}
resource "aws_acm_certificate" "cert" {
domain_name = data.aws_route53_zone.zone.name
validation_method = "DNS"
subject_alternative_names = local.subject_alternative_names
}
resource "aws_route53_record" "cert_validation" {
for_each = { for n in flatten([local.domain, local.subject_alternative_names]) : n => n }
name = [for domain_validation_options in aws_acm_certificate.cert.domain_validation_options :
domain_validation_options.resource_record_name if domain_validation_options.domain_name == each.value
][0]
type = [for domain_validation_options in aws_acm_certificate.cert.domain_validation_options :
domain_validation_options.resource_record_type if domain_validation_options.domain_name == each.value
][0]
records = [for domain_validation_options in aws_acm_certificate.cert.domain_validation_options :
domain_validation_options.resource_record_value if domain_validation_options.domain_name == each.value
]
zone_id = data.aws_route53_zone.zone.id
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [
for cert_validation in aws_route53_record.cert_validation :
cert_validation.fqdn
]
}$ tf apply
data.aws_route53_zone.zone: Refreshing state...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_acm_certificate.cert will be created
+ resource "aws_acm_certificate" "cert" {
+ arn = (known after apply)
+ domain_name = "test.dev.reservix.cloud"
+ domain_validation_options = (known after apply)
+ id = (known after apply)
+ subject_alternative_names = [
+ "eight.test.dev.reservix.cloud",
+ "fife.test.dev.reservix.cloud",
+ "four.test.dev.reservix.cloud",
+ "nine.test.dev.reservix.cloud",
+ "one.test.dev.reservix.cloud",
+ "seven.test.dev.reservix.cloud",
+ "six.test.dev.reservix.cloud",
+ "three.test.dev.reservix.cloud",
+ "two.test.dev.reservix.cloud",
]
+ validation_emails = (known after apply)
+ validation_method = "DNS"
}
# aws_acm_certificate_validation.cert will be created
+ resource "aws_acm_certificate_validation" "cert" {
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ validation_record_fqdns = (known after apply)
}
# aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["four.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["one.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["six.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["three.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation["two.test.dev.reservix.cloud"] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = true
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
Plan: 12 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_acm_certificate.cert: Creating...
aws_acm_certificate.cert: Still creating... [10s elapsed]
aws_acm_certificate.cert: Still creating... [20s elapsed]
aws_acm_certificate.cert: Creation complete after 20s [id=arn:aws:acm:eu-central-1:159388291991:certificate/003a08ce-9c40-400f-b765-3c56daa6e5d7]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Creating...
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still creating... [10s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still creating... [20s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still creating... [30s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Creation complete after 37s [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Creation complete after 39s [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Creation complete after 39s [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Creation complete after 39s [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Creation complete after 40s [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still creating... [40s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still creating... [40s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still creating... [40s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still creating... [40s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still creating... [40s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Creation complete after 40s [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Creation complete after 41s [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Creation complete after 41s [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Creation complete after 41s [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Creation complete after 41s [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Creating...
aws_acm_certificate_validation.cert: Still creating... [10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [40s elapsed]
aws_acm_certificate_validation.cert: Still creating... [50s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m0s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m40s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m50s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m0s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m40s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m50s elapsed]
aws_acm_certificate_validation.cert: Still creating... [3m0s elapsed]
aws_acm_certificate_validation.cert: Still creating... [3m10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [3m20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [3m30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [3m40s elapsed]
aws_acm_certificate_validation.cert: Creation complete after 3m46s [id=2019-12-15 18:31:22 +0000 UTC]
Apply complete! Resources: 12 added, 0 changed, 0 destroyed.
$ tf apply
data.aws_route53_zone.zone: Refreshing state...
aws_acm_certificate.cert: Refreshing state... [id=arn:aws:acm:eu-central-1:159388291991:certificate/003a08ce-9c40-400f-b765-3c56daa6e5d7]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Refreshing state... [id=2019-12-15 18:31:22 +0000 UTC]
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
$ tf destroy
data.aws_route53_zone.zone: Refreshing state...
aws_acm_certificate.cert: Refreshing state... [id=arn:aws:acm:eu-central-1:159388291991:certificate/1a6eb33c-003c-4373-9b44-3f6bfa6c5d9d]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Refreshing state... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Refreshing state... [id=2019-12-15 19:48:24 +0000 UTC]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_acm_certificate.cert will be destroyed
- resource "aws_acm_certificate" "cert" {
- arn = "arn:aws:acm:eu-central-1:159388291991:certificate/1a6eb33c-003c-4373-9b44-3f6bfa6c5d9d" -> null
- domain_name = "test.dev.reservix.cloud" -> null
- domain_validation_options = [
- {
- domain_name = "test.dev.reservix.cloud"
- resource_record_name = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_eeccaa8d5151bfd6357930ad538b0b28.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "four.test.dev.reservix.cloud"
- resource_record_name = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_c73a6232e9d56e0ab5df70eb480fbf12.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "six.test.dev.reservix.cloud"
- resource_record_name = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_f1ad70f2f2d5723b89e3ef8c853a7ba4.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "nine.test.dev.reservix.cloud"
- resource_record_name = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_29f21634897e69eb0d5fdcf8270f6a0c.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "seven.test.dev.reservix.cloud"
- resource_record_name = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_fdd1bb8eac7cca3db127c4ba313418df.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "three.test.dev.reservix.cloud"
- resource_record_name = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_9e05a42d23907dd06acfc39c33474579.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "fife.test.dev.reservix.cloud"
- resource_record_name = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_482d1920318797f2c3e4b7c5dd929198.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "one.test.dev.reservix.cloud"
- resource_record_name = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_6cdfde15f0ed0a234cb4f5691ce1d5a8.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "eight.test.dev.reservix.cloud"
- resource_record_name = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_abbd0d5a6d7e4279c69401c09b65b50e.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "two.test.dev.reservix.cloud"
- resource_record_name = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_95e3ff8ba342f8d95916c0fbf5a7f426.mzlfeqexyx.acm-validations.aws."
},
] -> null
- id = "arn:aws:acm:eu-central-1:159388291991:certificate/1a6eb33c-003c-4373-9b44-3f6bfa6c5d9d" -> null
- subject_alternative_names = [
- "eight.test.dev.reservix.cloud",
- "fife.test.dev.reservix.cloud",
- "four.test.dev.reservix.cloud",
- "nine.test.dev.reservix.cloud",
- "one.test.dev.reservix.cloud",
- "seven.test.dev.reservix.cloud",
- "six.test.dev.reservix.cloud",
- "three.test.dev.reservix.cloud",
- "two.test.dev.reservix.cloud",
] -> null
- tags = {} -> null
- validation_emails = [] -> null
- validation_method = "DNS" -> null
- options {
- certificate_transparency_logging_preference = "ENABLED" -> null
}
}
# aws_acm_certificate_validation.cert will be destroyed
- resource "aws_acm_certificate_validation" "cert" {
- certificate_arn = "arn:aws:acm:eu-central-1:159388291991:certificate/1a6eb33c-003c-4373-9b44-3f6bfa6c5d9d" -> null
- id = "2019-12-15 19:48:24 +0000 UTC" -> null
- validation_record_fqdns = [
- "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud",
- "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud",
- "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud",
- "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud",
- "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud",
- "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud",
- "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud",
- "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud",
- "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud",
- "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud",
] -> null
}
# aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME" -> null
- name = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud" -> null
- records = [
- "_abbd0d5a6d7e4279c69401c09b65b50e.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME" -> null
- name = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud" -> null
- records = [
- "_482d1920318797f2c3e4b7c5dd929198.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["four.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME" -> null
- name = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud" -> null
- records = [
- "_c73a6232e9d56e0ab5df70eb480fbf12.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME" -> null
- name = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud" -> null
- records = [
- "_29f21634897e69eb0d5fdcf8270f6a0c.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["one.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME" -> null
- name = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud" -> null
- records = [
- "_6cdfde15f0ed0a234cb4f5691ce1d5a8.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME" -> null
- name = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud" -> null
- records = [
- "_fdd1bb8eac7cca3db127c4ba313418df.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["six.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME" -> null
- name = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud" -> null
- records = [
- "_f1ad70f2f2d5723b89e3ef8c853a7ba4.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME" -> null
- name = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud" -> null
- records = [
- "_eeccaa8d5151bfd6357930ad538b0b28.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["three.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME" -> null
- name = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud" -> null
- records = [
- "_9e05a42d23907dd06acfc39c33474579.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation["two.test.dev.reservix.cloud"] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME" -> null
- name = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud" -> null
- records = [
- "_95e3ff8ba342f8d95916c0fbf5a7f426.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
Plan: 0 to add, 0 to change, 12 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_acm_certificate_validation.cert: Destroying... [id=2019-12-15 19:48:24 +0000 UTC]
aws_acm_certificate_validation.cert: Destruction complete after 0s
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation["one.test.dev.reservix.cloud"]: Destruction complete after 34s
aws_route53_record.cert_validation["two.test.dev.reservix.cloud"]: Destruction complete after 38s
aws_route53_record.cert_validation["test.dev.reservix.cloud"]: Destruction complete after 38s
aws_route53_record.cert_validation["six.test.dev.reservix.cloud"]: Destruction complete after 38s
aws_route53_record.cert_validation["fife.test.dev.reservix.cloud"]: Destruction complete after 38s
aws_route53_record.cert_validation["nine.test.dev.reservix.cloud"]: Destruction complete after 38s
aws_route53_record.cert_validation["four.test.dev.reservix.cloud"]: Destruction complete after 39s
aws_route53_record.cert_validation["eight.test.dev.reservix.cloud"]: Destruction complete after 39s
aws_route53_record.cert_validation["seven.test.dev.reservix.cloud"]: Destruction complete after 39s
aws_route53_record.cert_validation["three.test.dev.reservix.cloud"]: Destruction complete after 39s
aws_acm_certificate.cert: Destroying... [id=arn:aws:acm:eu-central-1:159388291991:certificate/1a6eb33c-003c-4373-9b44-3f6bfa6c5d9d]
aws_acm_certificate.cert: Destruction complete after 0s
Destroy complete! Resources: 12 destroyed. |
|
I am glad you were able to work around the problem using terraform 0.12. However, what you've shown is just that: a workaround. Your example is non-intuitive and violates the principle of least surprise. My translation for 0.11 is below, which I believe is consistent with what most people have submitted and demonstrates the way most would expect this to behave. And also, consider that not everyone has the luxury of migrating to 0.12, which is not backward compatible. Can you confirm the below would work with your change? provider "aws" {
max_retries = 1337
region = "eu-central-1"
profile = "devops"
}
data "aws_route53_zone" "zone" {
name = "test.dev.reservix.cloud."
private_zone = false
}
locals {
domain = "${substr(data.aws_route53_zone.zone.name, 0, length(data.aws_route53_zone.zone.name) - 1)}"
subdomains = ["one", "two", "three", "four", "fife", "six", "seven", "eight", "nine"]
subject_alternative_names = "${flatten(formatlist("%s.%s", local.subdomains, local.domain))}"
}
resource "aws_acm_certificate" "cert" {
domain_name = "${data.aws_route53_zone.zone.name}"
validation_method = "DNS"
subject_alternative_names = ["${local.subject_alternative_names}"]
}
resource "aws_route53_record" "cert_validation" {
count = "${length(local.subject_alternative_names)}"
name = "${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_name")}"
type = "${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_type")}"
records = ["${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_value")}"]
zone_id = "${data.aws_route53_zone.zone.id}"
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = ["${aws_route53_record.cert_validation.*.fqdn}"]
} |
|
For sure. With some minor changes - Here we go: provider "aws" {
max_retries = 1337
region = "eu-central-1"
profile = "devops"
}
data "aws_route53_zone" "zone" {
name = "test.dev.reservix.cloud."
private_zone = false
}
locals {
domain = "${substr(data.aws_route53_zone.zone.name, 0, length(data.aws_route53_zone.zone.name) - 1)}"
subdomains = ["one", "two", "three", "four", "fife", "six", "seven", "eight", "nine"]
subject_alternative_names = "${flatten(formatlist("%s.%s", local.subdomains, local.domain))}"
}
resource "aws_acm_certificate" "cert" {
domain_name = "${data.aws_route53_zone.zone.name}"
subject_alternative_names = "${local.subject_alternative_names}"
validation_method = "DNS"
}
resource "aws_route53_record" "cert_validation" {
count = "${length(flatten([local.subject_alternative_names, local.domain]))}"
name = "${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_name")}"
type = "${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_type")}"
records = ["${lookup(aws_acm_certificate.cert.domain_validation_options[count.index], "resource_record_value")}"]
zone_id = "${data.aws_route53_zone.zone.id}"
ttl = 60
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = "${aws_acm_certificate.cert.arn}"
validation_record_fqdns = "${aws_route53_record.cert_validation[*].fqdn}"
}$ tf apply
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
data.aws_route53_zone.zone: Refreshing state...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_acm_certificate.cert will be created
+ resource "aws_acm_certificate" "cert" {
+ arn = (known after apply)
+ domain_name = "test.dev.reservix.cloud"
+ domain_validation_options = (known after apply)
+ id = (known after apply)
+ subject_alternative_names = [
+ "eight.test.dev.reservix.cloud",
+ "fife.test.dev.reservix.cloud",
+ "four.test.dev.reservix.cloud",
+ "nine.test.dev.reservix.cloud",
+ "one.test.dev.reservix.cloud",
+ "seven.test.dev.reservix.cloud",
+ "six.test.dev.reservix.cloud",
+ "three.test.dev.reservix.cloud",
+ "two.test.dev.reservix.cloud",
]
+ validation_emails = (known after apply)
+ validation_method = "DNS"
}
# aws_acm_certificate_validation.cert will be created
+ resource "aws_acm_certificate_validation" "cert" {
+ certificate_arn = (known after apply)
+ id = (known after apply)
+ validation_record_fqdns = (known after apply)
}
# aws_route53_record.cert_validation[0] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[1] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[2] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[3] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[4] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[5] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[6] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[7] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[8] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
# aws_route53_record.cert_validation[9] will be created
+ resource "aws_route53_record" "cert_validation" {
+ allow_overwrite = (known after apply)
+ fqdn = (known after apply)
+ id = (known after apply)
+ name = (known after apply)
+ records = (known after apply)
+ ttl = 60
+ type = (known after apply)
+ zone_id = "Z28B3YX20SREXV"
}
Plan: 12 to add, 0 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_acm_certificate.cert: Creating...
aws_acm_certificate.cert: Still creating... [10s elapsed]
aws_acm_certificate.cert: Creation complete after 19s [id=arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4]
aws_route53_record.cert_validation[4]: Creating...
aws_route53_record.cert_validation[5]: Creating...
aws_route53_record.cert_validation[8]: Creating...
aws_route53_record.cert_validation[6]: Creating...
aws_route53_record.cert_validation[9]: Creating...
aws_route53_record.cert_validation[1]: Creating...
aws_route53_record.cert_validation[7]: Creating...
aws_route53_record.cert_validation[3]: Creating...
aws_route53_record.cert_validation[0]: Creating...
aws_route53_record.cert_validation[2]: Creating...
aws_route53_record.cert_validation[5]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[8]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[6]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[4]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[9]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[7]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[3]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[1]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[0]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[2]: Still creating... [10s elapsed]
aws_route53_record.cert_validation[5]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[8]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[6]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[4]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[9]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[7]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[3]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[1]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[0]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[2]: Still creating... [20s elapsed]
aws_route53_record.cert_validation[5]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[8]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[6]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[4]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[9]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[1]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[7]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[3]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[0]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[2]: Still creating... [30s elapsed]
aws_route53_record.cert_validation[0]: Creation complete after 33s [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[6]: Creation complete after 33s [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[7]: Creation complete after 33s [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[5]: Creation complete after 33s [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[3]: Creation complete after 33s [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[4]: Creation complete after 34s [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[9]: Creation complete after 34s [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[8]: Creation complete after 34s [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[1]: Creation complete after 35s [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[2]: Still creating... [40s elapsed]
aws_route53_record.cert_validation[2]: Creation complete after 41s [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Creating...
aws_acm_certificate_validation.cert: Still creating... [10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [40s elapsed]
aws_acm_certificate_validation.cert: Still creating... [50s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m0s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m30s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m40s elapsed]
aws_acm_certificate_validation.cert: Still creating... [1m50s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m0s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m10s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m20s elapsed]
aws_acm_certificate_validation.cert: Still creating... [2m30s elapsed]
aws_acm_certificate_validation.cert: Creation complete after 2m33s [id=2019-12-15 20:11:57 +0000 UTC]
Apply complete! Resources: 12 added, 0 changed, 0 destroyed.
$ tf apply
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
data.aws_route53_zone.zone: Refreshing state...
aws_acm_certificate.cert: Refreshing state... [id=arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4]
aws_route53_record.cert_validation[8]: Refreshing state... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[4]: Refreshing state... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[2]: Refreshing state... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[3]: Refreshing state... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[1]: Refreshing state... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[5]: Refreshing state... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[6]: Refreshing state... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[0]: Refreshing state... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[7]: Refreshing state... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[9]: Refreshing state... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Refreshing state... [id=2019-12-15 20:11:57 +0000 UTC]
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
$ tf destroy
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
data.aws_route53_zone.zone: Refreshing state...
aws_acm_certificate.cert: Refreshing state... [id=arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4]
aws_route53_record.cert_validation[2]: Refreshing state... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[5]: Refreshing state... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[1]: Refreshing state... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[4]: Refreshing state... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[0]: Refreshing state... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[7]: Refreshing state... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[8]: Refreshing state... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[9]: Refreshing state... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[3]: Refreshing state... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[6]: Refreshing state... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_acm_certificate_validation.cert: Refreshing state... [id=2019-12-15 20:11:57 +0000 UTC]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_acm_certificate.cert will be destroyed
- resource "aws_acm_certificate" "cert" {
- arn = "arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4" -> null
- domain_name = "test.dev.reservix.cloud" -> null
- domain_validation_options = [
- {
- domain_name = "test.dev.reservix.cloud"
- resource_record_name = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_eeccaa8d5151bfd6357930ad538b0b28.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "four.test.dev.reservix.cloud"
- resource_record_name = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_c73a6232e9d56e0ab5df70eb480fbf12.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "six.test.dev.reservix.cloud"
- resource_record_name = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_f1ad70f2f2d5723b89e3ef8c853a7ba4.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "eight.test.dev.reservix.cloud"
- resource_record_name = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_abbd0d5a6d7e4279c69401c09b65b50e.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "nine.test.dev.reservix.cloud"
- resource_record_name = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_29f21634897e69eb0d5fdcf8270f6a0c.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "seven.test.dev.reservix.cloud"
- resource_record_name = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_fdd1bb8eac7cca3db127c4ba313418df.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "one.test.dev.reservix.cloud"
- resource_record_name = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_6cdfde15f0ed0a234cb4f5691ce1d5a8.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "two.test.dev.reservix.cloud"
- resource_record_name = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_95e3ff8ba342f8d95916c0fbf5a7f426.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "three.test.dev.reservix.cloud"
- resource_record_name = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_9e05a42d23907dd06acfc39c33474579.mzlfeqexyx.acm-validations.aws."
},
- {
- domain_name = "fife.test.dev.reservix.cloud"
- resource_record_name = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud."
- resource_record_type = "CNAME"
- resource_record_value = "_482d1920318797f2c3e4b7c5dd929198.mzlfeqexyx.acm-validations.aws."
},
] -> null
- id = "arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4" -> null
- subject_alternative_names = [
- "eight.test.dev.reservix.cloud",
- "fife.test.dev.reservix.cloud",
- "four.test.dev.reservix.cloud",
- "nine.test.dev.reservix.cloud",
- "one.test.dev.reservix.cloud",
- "seven.test.dev.reservix.cloud",
- "six.test.dev.reservix.cloud",
- "three.test.dev.reservix.cloud",
- "two.test.dev.reservix.cloud",
] -> null
- tags = {} -> null
- validation_emails = [] -> null
- validation_method = "DNS" -> null
- options {
- certificate_transparency_logging_preference = "ENABLED" -> null
}
}
# aws_acm_certificate_validation.cert will be destroyed
- resource "aws_acm_certificate_validation" "cert" {
- certificate_arn = "arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4" -> null
- id = "2019-12-15 20:11:57 +0000 UTC" -> null
- validation_record_fqdns = [
- "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud",
- "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud",
- "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud",
- "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud",
- "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud",
- "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud",
- "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud",
- "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud",
- "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud",
- "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud",
] -> null
}
# aws_route53_record.cert_validation[0] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME" -> null
- name = "_5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud" -> null
- records = [
- "_eeccaa8d5151bfd6357930ad538b0b28.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[1] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME" -> null
- name = "_5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud" -> null
- records = [
- "_c73a6232e9d56e0ab5df70eb480fbf12.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[2] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME" -> null
- name = "_189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud" -> null
- records = [
- "_f1ad70f2f2d5723b89e3ef8c853a7ba4.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[3] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME" -> null
- name = "_38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud" -> null
- records = [
- "_abbd0d5a6d7e4279c69401c09b65b50e.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[4] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME" -> null
- name = "_d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud" -> null
- records = [
- "_29f21634897e69eb0d5fdcf8270f6a0c.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[5] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME" -> null
- name = "_a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud" -> null
- records = [
- "_fdd1bb8eac7cca3db127c4ba313418df.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[6] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME" -> null
- name = "_ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud" -> null
- records = [
- "_6cdfde15f0ed0a234cb4f5691ce1d5a8.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[7] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME" -> null
- name = "_bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud" -> null
- records = [
- "_95e3ff8ba342f8d95916c0fbf5a7f426.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[8] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME" -> null
- name = "_3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud" -> null
- records = [
- "_9e05a42d23907dd06acfc39c33474579.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
# aws_route53_record.cert_validation[9] will be destroyed
- resource "aws_route53_record" "cert_validation" {
- fqdn = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud" -> null
- id = "Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME" -> null
- name = "_95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud" -> null
- records = [
- "_482d1920318797f2c3e4b7c5dd929198.mzlfeqexyx.acm-validations.aws.",
] -> null
- ttl = 60 -> null
- type = "CNAME" -> null
- zone_id = "Z28B3YX20SREXV" -> null
}
Plan: 0 to add, 0 to change, 12 to destroy.
Warning: Interpolation-only expressions are deprecated
on test.tf line 19, in resource "aws_acm_certificate" "cert":
19: domain_name = "${data.aws_route53_zone.zone.name}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Warning: Interpolation-only expressions are deprecated
on test.tf line 20, in resource "aws_acm_certificate" "cert":
20: subject_alternative_names = "${local.subject_alternative_names}"
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
(and 6 more similar warnings elsewhere)
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_acm_certificate_validation.cert: Destroying... [id=2019-12-15 20:11:57 +0000 UTC]
aws_acm_certificate_validation.cert: Destruction complete after 0s
aws_route53_record.cert_validation[3]: Destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b96323571cf65.eight.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[4]: Destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df1e1087314.nine.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[8]: Destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcfd312025ff.three.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[6]: Destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f896892a42.one.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[0]: Destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[9]: Destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e04e7fb092.fife.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[1]: Destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c49005725446e3000e9b.four.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[7]: Destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e3861d880b246.two.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[2]: Destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc70a00929b7.six.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[5]: Destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59bbfcb9331.seven.test.dev.reservix.cloud._CNAME]
aws_route53_record.cert_validation[3]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[4]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[6]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[8]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[0]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[9]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[1]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[7]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[5]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[2]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 10s elapsed]
aws_route53_record.cert_validation[3]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[4]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[6]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[8]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[0]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[9]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[1]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[7]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[5]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[2]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 20s elapsed]
aws_route53_record.cert_validation[4]: Still destroying... [id=Z28B3YX20SREXV__d0b6b365ab587df1952c2df...14.nine.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[3]: Still destroying... [id=Z28B3YX20SREXV__38cf8495690716eece0b963...5.eight.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[6]: Still destroying... [id=Z28B3YX20SREXV__ecb6ce42d1ef425e027d56f...a42.one.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[8]: Still destroying... [id=Z28B3YX20SREXV__3f1ed51a71c6868705bbfcf...f.three.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[0]: Still destroying... [id=Z28B3YX20SREXV__5f73fbc90b619a65895a4dffbacddfd7.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[9]: Still destroying... [id=Z28B3YX20SREXV__95d3634f83e0657d8a6468e...92.fife.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[1]: Still destroying... [id=Z28B3YX20SREXV__5c90a857aeb3c4900572544...9b.four.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[7]: Still destroying... [id=Z28B3YX20SREXV__bcb7a37d8016410f717e386...246.two.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[5]: Still destroying... [id=Z28B3YX20SREXV__a99a6433d8441811df0cf59...1.seven.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[2]: Still destroying... [id=Z28B3YX20SREXV__189e80929f9fb54bb310bc7...9b7.six.test.dev.reservix.cloud._CNAME, 30s elapsed]
aws_route53_record.cert_validation[2]: Destruction complete after 34s
aws_route53_record.cert_validation[0]: Destruction complete after 37s
aws_route53_record.cert_validation[9]: Destruction complete after 38s
aws_route53_record.cert_validation[1]: Destruction complete after 38s
aws_route53_record.cert_validation[7]: Destruction complete after 38s
aws_route53_record.cert_validation[8]: Destruction complete after 38s
aws_route53_record.cert_validation[4]: Destruction complete after 38s
aws_route53_record.cert_validation[5]: Destruction complete after 38s
aws_route53_record.cert_validation[6]: Destruction complete after 38s
aws_route53_record.cert_validation[3]: Destruction complete after 39s
aws_acm_certificate.cert: Destroying... [id=arn:aws:acm:eu-central-1:159388291991:certificate/df21c899-13b4-42d0-9dce-58815d472ee4]
aws_acm_certificate.cert: Destruction complete after 0s
Destroy complete! Resources: 12 destroyed. |
|
The point you are probably missing here is, no matter in which order |
|
Are you testing what comes after you've applied this once? That is where things start to go wrong. A subsequent plan can show that the resources need to be re-created. Maybe not the next time. Could be the 100th time. We know that the first apply does not report any problems. It is the subsequent plans that demonstrate the problem -- the plan will falsely report changes when in fact nothing has changed. Try looping the plan 100 or so times after the first apply. Without the fix, it randomly (or consistently) does the wrong thing. Also, I believe there is a need to test in different regions -- I believe AWS has addressed some of the community concerns regarding the results of describe certificate in some regions. |
Yes I did - As you can see: once (before running |
|
But what you said makes no sense to me, as |
|
Apply once, then repeat a "plan" over and over. I agree that it makes no sense that anything would change, when nothing had changed -- it is due to the return order varying from the describe certificate API -- since the order is different, it detects a change when comparing to what is stored in the state. That is the problem. You cannot predict when that order will change. And, even if it works for you 100% of your attempts, that doesn't mean it will work for everyone else. I'd be happy to test your change on Monday to see if it resolves the problems we saw. |
|
So far: $ for i in $(seq 10); do echo -n "Run $i"; time $(tf apply 2>&1 > /dev/null); echo; done
Run 1
real 0m15.389s
user 0m3.957s
sys 0m0.341s
Run 2
real 0m14.480s
user 0m4.006s
sys 0m0.295s
Run 3
real 0m14.668s
user 0m4.092s
sys 0m0.349s
Run 4
real 0m14.529s
user 0m3.734s
sys 0m0.271s
Run 5
real 0m14.705s
user 0m3.811s
sys 0m0.358s
Run 6
real 0m16.646s
user 0m3.791s
sys 0m0.364s
Run 7
real 0m14.706s
user 0m4.115s
sys 0m0.349s
Run 8
real 0m14.920s
user 0m4.303s
sys 0m0.269s
Run 9
real 0m14.914s
user 0m4.513s
sys 0m0.340s
Run 10
real 0m14.766s
user 0m3.961s
sys 0m0.267s |
|
Maybe AWS fixed that one on their side already? |
|
is this been released already? I am facing this issue ..i.e. if i add additional SAN names it is trying to recreate ACM validation again and tried to delete the old ACM one which has been already used in ALB https listener? |
|
I have observed that sometimes when AWS ACM is automatically renewing a certificate, the subjectAlternateNames on the renewed certificate do not appear in the same order as they did prior to automated renewal. This requires me to update my code in Terraform every few months to match the new ordering as shown in ACM. This seems to indicate that AWS treats subjectAlternateNames as a set, and does not guarantee the ordering will be consistent. |
|
I see this still has not been decided upon. Just reviewing the output of the proposed solution again....if you look at the "Example Code" output above, you can see three different orders: Terrform file: subject_alternative_names = [
"one.test.dev.reservix.cloud",
"two.test.dev.reservix.cloud",
"three.test.dev.reservix.cloud",
"four.test.dev.reservix.cloud",
"five.test.dev.reservix.cloud",
"six.test.dev.reservix.cloud",
"seven.test.dev.reservix.cloud",
"eight.test.dev.reservix.cloud",
"nine.test.dev.reservix.cloud",
]
The plan: + subject_alternative_names = [
+ "eight.test.dev.reservix.cloud",
+ "five.test.dev.reservix.cloud",
+ "four.test.dev.reservix.cloud",
+ "nine.test.dev.reservix.cloud",
+ "one.test.dev.reservix.cloud",
+ "seven.test.dev.reservix.cloud",
+ "six.test.dev.reservix.cloud",
+ "three.test.dev.reservix.cloud",
+ "two.test.dev.reservix.cloud",
]
And then during the destroy, you can see the Domain Validation Options in the state have yet a third order: - domain_validation_options = [
- domain_name = "test.dev.reservix.cloud"
- domain_name = "nine.test.dev.reservix.cloud"
- domain_name = "three.test.dev.reservix.cloud"
- domain_name = "two.test.dev.reservix.cloud"
- domain_name = "one.test.dev.reservix.cloud"
- domain_name = "eight.test.dev.reservix.cloud"
- domain_name = "seven.test.dev.reservix.cloud"
- domain_name = "six.test.dev.reservix.cloud"
- domain_name = "five.test.dev.reservix.cloud"
- domain_name = "four.test.dev.reservix.cloud"
]
As I've said before, order is relevant, so, a set is not a good solution for either the dvos or the sans. The order is relevant, because: 1) dvos are referenced outside of the resource, used to construct route53 records based on the order of the dvos, and 2) sans is the only input value that could convey the order the terraform author intended/expected the dvos to be returned in, so it also must be maintained, ordered. Which all leads to my fix #10791, which maintains consistent ordering for both domain validation options and subject alternatives throughout this process. And, as stated before, and in my experience, the fact that the subject_alternate_names was in the correct order during the "Example Code" destroy plan, was just luck (unless AWS really fixed this). There's no assurance that the order would be the same as any prior plan, which is what causes the certificate to want to be recreated. The domain validation order being inconsistent is what causes your route53_records to need to be recreated, when in fact they haven't changed. In the months since I pushed #10791, we have not had a single issue with regard to any acm related resources wanting to be recreated. |
bflad
added
bug
bflad
suggested changes
May 27, 2020
There was a problem hiding this comment.
Hi @n3ph 👋 Thank you for submitting this. Please see the note below about keeping Computed: true on the subject_alternative_names attribute, then we can double check this against the existing acceptance testing.
For those following and concerned about this change, this will likely land in conjunction with changes to domain_validation_options in version 3.0.0 of the Terraform AWS Provider which will only support Terraform 0.12 and later. In this case, since the API does not guarantee ordering, neither should the Terraform resource, which is what using TypeSet across both these attributes (eventually) signifies. The expectation is that configurations will require adjustments in preference of using for_each instead of count in the next major version (unless operators want to introduce their own backwards compatibility workarounds with the tolist() and sort() functions for attribute references). For more information about the holistic efforts being made with the aws_acm_certificate resource, please see #13053.
n3ph
changed the title
bflad
approved these changes
Jul 15, 2020
There was a problem hiding this comment.
Pulling this in as part of our version 3.0.0 release work, thanks so much @n3ph 🚀
Output from acceptance testing:
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.98s)
--- PASS: TestAccAWSAcmCertificate_wildcard (14.66s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (14.79s)
--- PASS: TestAccAWSAcmCertificate_root (15.12s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (15.15s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (15.80s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (16.01s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (16.44s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (18.30s)
--- PASS: TestAccAWSAcmCertificate_san_single (18.38s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (18.62s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (19.06s)
--- PASS: TestAccAWSAcmCertificate_privateCert (22.34s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (26.46s)
--- PASS: TestAccAWSAcmCertificate_tags (37.20s)
bflad
added a commit
that referenced
this pull request
Jul 15, 2020
…ge from TypeList to TypeSet Reference: #11300 Output from acceptance testing: ``` --- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.98s) --- PASS: TestAccAWSAcmCertificate_wildcard (14.66s) --- PASS: TestAccAWSAcmCertificate_emailValidation (14.79s) --- PASS: TestAccAWSAcmCertificate_root (15.12s) --- PASS: TestAccAWSAcmCertificate_disableCTLogging (15.15s) --- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (15.80s) --- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (16.01s) --- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (16.44s) --- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (18.30s) --- PASS: TestAccAWSAcmCertificate_san_single (18.38s) --- PASS: TestAccAWSAcmCertificate_dnsValidation (18.62s) --- PASS: TestAccAWSAcmCertificate_san_multiple (19.06s) --- PASS: TestAccAWSAcmCertificate_privateCert (22.34s) --- PASS: TestAccAWSAcmCertificate_imported_DomainName (26.46s) --- PASS: TestAccAWSAcmCertificate_tags (37.20s) ```
anGie44
pushed a commit
that referenced
this pull request
Jul 27, 2020
author Brian Flad <bflad417@gmail.com> 1594769808 -0400
committer Angie Pinilla <angelinepinilla@gmail.com> 1595878294 -0400
parent b69af0579e0415631faa9b77559a55a5f6e7c208
author Brian Flad <bflad417@gmail.com> 1594769808 -0400
committer Angie Pinilla <angelinepinilla@gmail.com> 1595878093 -0400
tests/provider: Update testacc target to error when provided example test pattern (#14091)
* tests/provider: Update testacc target to error when provided example test pattern
Reference: https://github.com/terraform-providers/terraform-provider-aws/blob/master/.github/PULL_REQUEST_TEMPLATE.md
The pull request template suggests an example of how to run acceptance testing, but uses a placeholder example since its not feasible to reliably determine this automatically via git, etc. Also given that we have begun adding many more Go packages beyond just the top level provider one, the output can look potentially valid when it really is not meaningful:
```console
$ $ make testacc TESTARGS='-run=TestAccXXX'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./... -v -count 1 -parallel 20 -run=TestAccXXX -timeout 120m
? github.com/terraform-providers/terraform-provider-aws [no test files]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws 2.594s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/flatmap 0.409s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags 0.792s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/naming 1.619s [no tests to run]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/apigatewayv2/waiter [no test files]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/service/batch/equivalency 0.373s [no tests to run]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ec2/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/ecs/waiter [no test files]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/service/eks/token 0.343s [no tests to run]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/guardduty/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/iam/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/kinesisanalytics/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/kms/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/neptune/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/rds/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/secretsmanager/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/servicediscovery/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/sfn/waiter [no test files]
? github.com/terraform-providers/terraform-provider-aws/aws/internal/service/workspaces/waiter [no test files]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/aws/internal/tfawsresource 1.022s [no tests to run]
? github.com/terraform-providers/terraform-provider-aws/awsproviderlint [no test files]
? github.com/terraform-providers/terraform-provider-aws/awsproviderlint/helper/awsprovidertype/keyvaluetags [no test files]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes 2.115s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes/AWSAT001 2.212s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes/AWSAT002 0.326s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes/AWSR001 0.412s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes/AWSR002 2.086s [no tests to run]
testing: warning: no tests to run
PASS
ok github.com/terraform-providers/terraform-provider-aws/awsproviderlint/passes/fmtsprintfcallexpr 0.248s [no tests to run]
```
This now focuses the acceptance testing on the top level package to remove the extraneous package output and returns an error when attempting to use the example verbatim:
```console
$ make testacc TESTARGS='-run=TestAccXXX'
==> Checking that code complies with gofmt requirements...
Error: Skipping example acceptance testing pattern. Update TESTARGS to match the test naming in the relevant *_test.go file.
For example if updating aws/resource_aws_acm_certificate.go, use the test names in aws/resource_aws_acm_certificate_test.go starting with TestAcc and up to the underscore:
make testacc TESTARGS='-run=TestAccAWSAcmCertificate_'
See the contributing guide for more information: https://github.com/terraform-providers/terraform-provider-aws/blob/master/docs/contributing/running-and-writing-acceptance-tests.md
make: *** [testacc] Error 1
$ make testacc TESTARGS='-run=TestAccAWSAvailabilityZones_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -count 1 -parallel 20 -run=TestAccAWSAvailabilityZones_ -timeout 120m
=== RUN TestAccAWSAvailabilityZones_basic
...
```
* docs/provider: Remove TEST=./aws usage in running acceptance testing section
resource/aws_s3_bucket: Convert region to read-only attribute (#14127)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/592
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/1656
Output from acceptance testing (NOTE: CUR data source and resource need to be tested in standalone account due to Organization permissions and appear to be failing due to new validation in the API that's not handled in the resource yet):
```
--- PASS: TestAccAWSS3Bucket_acceleration (65.86s)
--- PASS: TestAccAWSS3Bucket_AclToGrant (67.94s)
--- PASS: TestAccAWSS3Bucket_basic (37.25s)
--- PASS: TestAccAWSS3Bucket_Bucket_EmptyString (35.95s)
--- PASS: TestAccAWSS3Bucket_Cors_Delete (31.78s)
--- PASS: TestAccAWSS3Bucket_Cors_EmptyOrigin (37.29s)
--- PASS: TestAccAWSS3Bucket_Cors_Update (65.22s)
--- PASS: TestAccAWSS3Bucket_disableDefaultEncryption_whenDefaultEncryptionIsEnabled (62.31s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenAES256IsUsed (37.28s)
--- PASS: TestAccAWSS3Bucket_enableDefaultEncryption_whenTypical (43.14s)
--- PASS: TestAccAWSS3Bucket_forceDestroy (31.61s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithEmptyPrefixes (31.54s)
--- PASS: TestAccAWSS3Bucket_forceDestroyWithObjectLockEnabled (37.95s)
--- PASS: TestAccAWSS3Bucket_generatedName (35.53s)
--- PASS: TestAccAWSS3Bucket_GrantToAcl (57.50s)
--- PASS: TestAccAWSS3Bucket_LifecycleBasic (86.93s)
--- PASS: TestAccAWSS3Bucket_LifecycleExpireMarkerOnly (62.03s)
--- PASS: TestAccAWSS3Bucket_LifecycleRule_Expiration_EmptyConfigurationBlock (31.01s)
--- PASS: TestAccAWSS3Bucket_Logging (55.35s)
--- PASS: TestAccAWSS3Bucket_namePrefix (35.81s)
--- PASS: TestAccAWSS3Bucket_objectLock (60.93s)
--- PASS: TestAccAWSS3Bucket_Policy (88.67s)
--- PASS: TestAccAWSS3Bucket_Replication (147.39s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AccessControlTranslation (86.62s)
--- PASS: TestAccAWSS3Bucket_ReplicationConfiguration_Rule_Destination_AddAccessControlTranslation (84.62s)
--- PASS: TestAccAWSS3Bucket_ReplicationExpectVersioningValidationError (28.14s)
--- PASS: TestAccAWSS3Bucket_ReplicationSchemaV2 (152.22s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutPrefix (52.74s)
--- PASS: TestAccAWSS3Bucket_ReplicationWithoutStorageClass (51.40s)
--- PASS: TestAccAWSS3Bucket_RequestPayer (63.26s)
--- PASS: TestAccAWSS3Bucket_shouldFailNotFound (15.41s)
--- PASS: TestAccAWSS3Bucket_tagsWithNoSystemTags (118.49s)
--- PASS: TestAccAWSS3Bucket_tagsWithSystemTags (163.94s)
--- PASS: TestAccAWSS3Bucket_UpdateAcl (58.70s)
--- PASS: TestAccAWSS3Bucket_UpdateGrant (91.75s)
--- PASS: TestAccAWSS3Bucket_Versioning (90.14s)
--- PASS: TestAccAWSS3Bucket_Website_Simple (89.22s)
--- PASS: TestAccAWSS3Bucket_WebsiteRedirect (86.48s)
--- PASS: TestAccAWSS3Bucket_WebsiteRoutingRules (63.97s)
--- PASS: TestAccAWSSsmResourceDataSync_basic (15.77s)
--- PASS: TestAccAWSSsmResourceDataSync_update (28.49s)
TestAccAwsCurReportDefinition_basic: testing.go:684: Step 0 error: errors during apply:
Error: Error creating AWS Cost And Usage Report Definition: ValidationException: Failed to verify customer bucket permission. accountId= --OMITTED--, bucket name: tf-test-bucket-3532084976228094739, bucket region: us-east-1
TestAccDataSourceAwsCurReportDefinition_basic: testing.go:684: Step 0 error: errors during apply:
Error: Error creating AWS Cost And Usage Report Definition: ValidationException: Failed to verify customer bucket permission. accountId= --OMITTED--, bucket name: tf-test-bucket-9147728765044904331, bucket region: us-east-1
```
Update CHANGELOG for #14127
Corrects name of Workspaces Workspace sweeper
let subject_alternative_names be a set
re-add computed: true to subject_alternative_names attribute
resource/aws_acm_certificate: Finalize subject_alternative_names change from TypeList to TypeSet
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/11300
Output from acceptance testing:
```
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.98s)
--- PASS: TestAccAWSAcmCertificate_wildcard (14.66s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (14.79s)
--- PASS: TestAccAWSAcmCertificate_root (15.12s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (15.15s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (15.80s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (16.01s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (16.44s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (18.30s)
--- PASS: TestAccAWSAcmCertificate_san_single (18.38s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (18.62s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (19.06s)
--- PASS: TestAccAWSAcmCertificate_privateCert (22.34s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (26.46s)
--- PASS: TestAccAWSAcmCertificate_tags (37.20s)
```
Remove hardcoded AMI IDs from launch_config data source
Removing import of aws_security_group_rule for rules associated with aws_security_group implicitly during its import. Acceptance tests updated to account for removed rules in import state check.
rebased and addressed review feedback
Update CHANGELOG for #12616
update documentation attributes
add missing validation value for comparison_operator argument
delete_on_termination on ENI has to be optional
like the EBS delete_on_termination this can be optional and cannot
be treated like a real bool but has to be treated as a string which
can be empty or a bool representation
testing all possible inputs
now testing as well `delete_on_termination = ""` and
`delete_on_termination = null` which both should not set the value to
anything.
adding upgrade instructions
version 3 upgrade details
Update CHANGELOG for #8612
add private_ips field
change private_ips to secondary_private_ips and enable update
update to using expandstringset method
Update CHANGELOG for #14079
Removed hardcoded AMI IDs from AutoscalingAttachment
docs/resource/aws_codebuild_webhook: Add COMMIT_MESSAGE to acceptable codebuild filter types (#14207)
Co-authored-by: mikiya771 <norep>
Fixes aws_lambda_alias import to set function_name attribute correctly instead of function's ARN
resource/aws_lambda_alias: Finalize resource import adjustments
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/12876
Output from acceptance testing:
```
--- PASS: TestAccAWSLambdaAlias_FunctionName_Name (35.53s)
--- PASS: TestAccAWSLambdaAlias_basic (53.18s)
--- PASS: TestAccAWSLambdaAlias_nameupdate (62.70s)
--- PASS: TestAccAWSLambdaAlias_routingconfig (63.82s)
```
Update CHANGELOG for #12876
remove trailing period from domainname/name attributes
update to using TrimSuffix strings method
isolate changes to only route53_zone
return error for singular data source
Error when data.aws_ecr_repository cannot find repository
Fixes https://github.com/terraform-providers/terraform-provider-aws/issues/10071.
adjust error messaging
return error for singular data source
add angie and dirk
consolidate maintainer lists
Ignore hardcoded AMI because not actually used
Add underscore to acceptance test names, minor naming convention fixes
provider: Remove unnecessary fmt.Sprint()/fmt.Sprintf() (#14242)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/14239
Update Terraform github to v2.9.2 (#14021)
* Update Terraform github to v2.9.2
* infrastructure/repository: Use organization argument instead of owner in github provider configuration
Appears that the provider reverted the deprecation of the `organization` argument and inclusion of the new `owner` argument in 2.9.x, delaying until 3.0.0.
Previously:
```
Error: Unsupported argument
on main.tf line 14, in provider "github":
14: owner = "terraform-providers"
An argument named "owner" is not expected here.
```
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Brian Flad <bflad417@gmail.com>
add-q3-roadmap-draft
add old roadmap section
fix milestone link
remove currently in progress in case it causes confusion
r/aws_apigatewayv2_integration: suppress diff for passthrough_behavior
Update CHANGELOG for #13062
Update ROADMAP.md to fix formatting omissions
docs/provider: Setup and document release/* branch convention, link 2.x and earlier changelog entries (#14177)
* docs/provider: Setup and document release/* branch convention, link 2.x and earlier changelog entries
Reference: https://github.com/terraform-providers/terraform-provider-aws/tree/release/2.x
* tests/provider: Ensure release/* branches are ran on push via GitHub Actions
docs/provider: Document max_retries default (#14256)
adjust error formatting and handling
tests/resource/aws_s3_bucket: Add S3 Same-Region Replication acceptance test (#10170)
Output from acceptance testing in AWS Commercial:
```
--- PASS: TestAccAWSS3Bucket_SameRegionReplicationSchemaV2 (52.57s)
```
Output from acceptance testing in AWS GovCloud (US):
```
--- PASS: TestAccAWSS3Bucket_SameRegionReplicationSchemaV2 (56.62s)
```
tests/resource/aws_rds_cluster: Remove aws_s3_bucket region argument from TestAccAWSRDSCluster_s3Restore (#14272)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14127
Missed during test configuration cleanup after the referenced argument removal. Fixes the initial configuration issue, but does not fix the (still) broken test which is presumably something to do with the backup file or engine version.
Previously:
```
--- FAIL: TestAccAWSRDSCluster_s3Restore (0.99s)
testing.go:684: Step 0 error: config is invalid: "region": this field cannot be set
```
Output from acceptance testing:
```
=== CONT TestAccAWSRDSCluster_s3Restore
TestAccAWSRDSCluster_s3Restore: testing.go:684: Step 0 error: errors during apply:
Error: Error waiting for RDS Cluster state to be "available": unexpected state 'migration-failed', wanted target 'available'. last error: %!s(<nil>)
```
refactor resource import
set virtual attributes in import func
Update CHANGELOG for #10520 and #10521
update default value for min_capacity in scaling_configuration block of rds_cluster
Update CHANGELOG for #14268
keep throttling disabled by default in api gateway method settings resource
update import ID pattern
Update CHANGELOG for #14266
add plan time validation to `self_managed_active_directory.dns_ips`
add support for multi az deployment
add deployment type to test
add computed flag to deployment_type
add docs
fix docs
remove computed
fix multi az test
disappears
fix lint issue
add support for `SINGLE_AZ_2` type
Update website/docs/r/fsx_windows_file_system.html.markdown
Co-authored-by: Simon Davis <simon@breathingdust.com>
Update website/docs/r/fsx_windows_file_system.html.markdown
Co-authored-by: Simon Davis <simon@breathingdust.com>
Update website/docs/r/fsx_windows_file_system.html.markdown
Co-authored-by: Simon Davis <simon@breathingdust.com>
Update CHANGELOG.md for #12676
Fix schema set errors (#14167)
* Fix schema set errors
* Fix wrong attribute
* Fix type
* Flatten ssm parameters
* resource/elasticsearch_domain: update method to set advanced_security_options (#14198)
* set advanced security options only if enabled
* refactor and set values depending on enabled field
Co-authored-by: angie pinilla <angelinepinilla@gmail.com>
tests/provider: Enable AWSAT004 check for CI (#14216)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14097
resource/aws_launch_configuration: Remove DescribeLaunchConfigurations retries on all errors (#14260)
Reference: https://github.com/hashicorp/terraform/issues/302
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Does not seem to be occurring anymore, but could require additional load to manifest. Can re-add explicit retries as necessary.
Output from acceptance testing:
```
--- PASS: TestAccAWSLaunchConfiguration_withSpotPrice (11.31s)
--- PASS: TestAccAWSLaunchConfiguration_ebs_noDevice (13.17s)
--- PASS: TestAccAWSLaunchConfiguration_withBlockDevices (13.44s)
--- PASS: TestAccAWSLaunchConfiguration_withInstanceStoreAMI (13.67s)
--- PASS: TestAccAWSLaunchConfiguration_withEncryption (14.02s)
--- PASS: TestAccAWSLaunchConfiguration_basic (22.34s)
--- PASS: TestAccAWSLaunchConfiguration_withIAMProfile (24.19s)
--- PASS: TestAccAWSLaunchConfiguration_encryptedRootBlockDevice (25.59s)
--- PASS: TestAccAWSLaunchConfiguration_userData (28.60s)
--- PASS: TestAccAWSLaunchConfiguration_RootBlockDevice_VolumeSize (28.91s)
--- PASS: TestAccAWSLaunchConfiguration_updateEbsBlockDevices (30.96s)
--- PASS: TestAccAWSLaunchConfiguration_withVpcClassicLink (32.72s)
--- PASS: TestAccAWSLaunchConfiguration_RootBlockDevice_AmiDisappears (353.93s)
```
resource/aws_spot_fleet_request: Only retry RequestSpotFleet on IAM eventual consistency errors, use standard 2 minute timeout (#14265)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/7740
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Output from acceptance testing:
```
--- PASS: TestAccAWSSpotFleetRequest_associatePublicIpAddress (251.97s)
--- PASS: TestAccAWSSpotFleetRequest_basic (314.23s)
--- PASS: TestAccAWSSpotFleetRequest_changePriceForcesNewRequest (612.33s)
--- PASS: TestAccAWSSpotFleetRequest_disappears (261.47s)
--- PASS: TestAccAWSSpotFleetRequest_diversifiedAllocation (403.92s)
--- PASS: TestAccAWSSpotFleetRequest_fleetType (316.94s)
--- PASS: TestAccAWSSpotFleetRequest_iamInstanceProfileArn (251.69s)
--- PASS: TestAccAWSSpotFleetRequest_instanceInterruptionBehavior (253.29s)
--- PASS: TestAccAWSSpotFleetRequest_LaunchSpecification_EbsBlockDevice_KmsKeyId (112.90s)
--- PASS: TestAccAWSSpotFleetRequest_LaunchSpecification_RootBlockDevice_KmsKeyId (142.33s)
--- PASS: TestAccAWSSpotFleetRequest_launchSpecToLaunchTemplate (467.97s)
--- PASS: TestAccAWSSpotFleetRequest_launchTemplate (253.11s)
--- PASS: TestAccAWSSpotFleetRequest_launchTemplate_multiple (254.84s)
--- PASS: TestAccAWSSpotFleetRequest_launchTemplateToLaunchSpec (468.45s)
--- PASS: TestAccAWSSpotFleetRequest_launchTemplateWithOverrides (253.43s)
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzInGivenList (274.51s)
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceAzOrSubnetInRegion (314.01s)
--- PASS: TestAccAWSSpotFleetRequest_lowestPriceSubnetInGivenList (276.90s)
--- PASS: TestAccAWSSpotFleetRequest_multipleInstancePools (486.46s)
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameAz (406.36s)
--- PASS: TestAccAWSSpotFleetRequest_multipleInstanceTypesInSameSubnet (231.26s)
--- PASS: TestAccAWSSpotFleetRequest_overriddingSpotPrice (295.29s)
--- PASS: TestAccAWSSpotFleetRequest_placementTenancyAndGroup (57.48s)
--- PASS: TestAccAWSSpotFleetRequest_tags (342.55s)
--- PASS: TestAccAWSSpotFleetRequest_updateExcessCapacityTerminationPolicy (597.13s)
--- PASS: TestAccAWSSpotFleetRequest_updateTargetCapacity (753.34s)
--- PASS: TestAccAWSSpotFleetRequest_withEBSDisk (255.16s)
--- PASS: TestAccAWSSpotFleetRequest_WithELBs (277.96s)
--- PASS: TestAccAWSSpotFleetRequest_withoutSpotPrice (232.56s)
--- PASS: TestAccAWSSpotFleetRequest_withTags (282.39s)
--- PASS: TestAccAWSSpotFleetRequest_WithTargetGroups (427.61s)
--- PASS: TestAccAWSSpotFleetRequest_withWeightedCapacity (335.33s)
```
Update CHANGELOG for #14265
resource/aws_codepipeline: Only retry CreatePipeline errors for IAM eventual consistency (#14264)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Output from acceptance testing:
```
--- PASS: TestAccAWSCodePipeline_emptyStageArtifacts (33.11s)
--- PASS: TestAccAWSCodePipeline_WithNamespace (35.13s)
--- PASS: TestAccAWSCodePipeline_multiregion_basic (36.83s)
--- PASS: TestAccAWSCodePipeline_deployWithServiceRole (42.85s)
--- PASS: TestAccAWSCodePipeline_basic (57.83s)
--- PASS: TestAccAWSCodePipeline_multiregion_Update (61.32s)
--- PASS: TestAccAWSCodePipeline_tags (76.28s)
--- PASS: TestAccAWSCodePipeline_multiregion_ConvertSingleRegion (79.20s)
```
Update CHANGELOG for #14264
resource/aws_ssm_activation: Only retry CreateActivation on IAM eventual consistency error, allow retries for standard 2 minutes (#14263)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
API does not seem to validate IAM Role permissions on creation.
Output from acceptance testing:
```
--- PASS: TestAccAWSSSMActivation_expirationDate (19.17s)
--- PASS: TestAccAWSSSMActivation_disappears (25.22s)
--- PASS: TestAccAWSSSMActivation_basic (27.39s)
--- PASS: TestAccAWSSSMActivation_update (37.23s)
```
Update CHANGELOG for #14263
resource/aws_network_acl_rule: Immediately return DescribeNetworkAcls errors on creation (#14261)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Output from acceptance testing:
```
--- PASS: TestAccAWSNetworkAclRule_allProtocol (44.33s)
--- PASS: TestAccAWSNetworkAclRule_basic (32.50s)
--- PASS: TestAccAWSNetworkAclRule_disappears (32.83s)
--- PASS: TestAccAWSNetworkAclRule_disappears_NetworkAcl (27.16s)
--- PASS: TestAccAWSNetworkAclRule_ingressEgressSameNumberDisappears (30.24s)
--- PASS: TestAccAWSNetworkAclRule_ipv6 (29.23s)
--- PASS: TestAccAWSNetworkAclRule_ipv6ICMP (28.65s)
--- PASS: TestAccAWSNetworkAclRule_ipv6VpcAssignGeneratedIpv6CidrBlockUpdate (47.71s)
--- PASS: TestAccAWSNetworkAclRule_missingParam (15.14s)
--- PASS: TestAccAWSNetworkAclRule_tcpProtocol (40.32s)
```
Update CHANGELOG for #14261
Add function to check TypeSet pairs
Add unit tests for TestCheckTypeSetElemAttrPair
tests/resource/aws_rds_cluster: Fix TestAccAWSRDSCluster_EngineVersion (#14286)
isolate changes to only route53_record resource
update additional domian name example in upgrade guide
Co-authored-by: Brian Flad <bflad417@gmail.com>
update with CR comments
isolate changes to only resolver rule
isolate changes to only acm_certificate
isolate changes to only ses_domain_identity
re-add trailing period acctest
merge with parent branch and update statefuncs to use global method
update statefuncs to use global method and update tests w/trailingp period domains
r/aws_apigatewayv2_stage: Make deployment_id a computed attribute.
Update CHANGELOG.md for #13644
bump to go v1.14.5
r/aws_apigatewayv2_integration: Add 'request_parameters' attribute.
Update CHANGELOG.md for #14080
r/aws_apigatewayv2_route: Update route key.
Update CHANGELOG.md for #13833
Revert "Remove 'tls_config' attribute. It doesn't seem to do anything right now."
This reverts commit ffbce32f931a9b33adc8407a267ba176c510bd44.
r/aws_apigatewayv2_integration: Test HTTP API VPC Link integration.
r/aws_apigatewayv2_integration: Additional import test step in 'TestAccAWSAPIGatewayV2Integration_VpcLinkHttp'.
Update CHANGELOG.md
Update CHANGELOG.md for #13013
Update CHANGELOG.md
add atleastoneof property to filter attributes
Update CHANGELOG for #14230
Remove hardcoded AMI and AZ
Improve static check for hardcoded partition in ARN
resource/aws_lambda_function: Increase IAM retry timeout for create to 2 minutes (#14291)
References:
* https://github.com/terraform-providers/terraform-provider-aws/issues/14285
Increased the retry timeout for eventual consistency IAM errors during a
lambda function create from 1 minute to 2 minute.
Output from acceptance testing:
```
make testacc TEST=./aws TESTARGS='-run=TestAccAWSLambdaFunction_'
...
--- PASS: TestAccAWSLambdaFunction_basic (28.86s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java8 (34.46s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (160.32s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (208.54s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (567.54s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (596.13s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (49.02s)
--- PASS: TestAccAWSLambdaFunction_VPC (362.84s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (797.25s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (120.01s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (51.30s)
--- PASS: TestAccAWSLambdaFunction_envVariables (153.15s)
--- PASS: TestAccAWSLambdaFunction_versioned (39.16s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (61.80s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python37 (31.16s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (51.77s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_dotnetcore31 (36.20s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby27 (40.86s)
--- PASS: TestAccAWSLambdaFunction_Layers (38.54s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (51.87s)
--- PASS: TestAccAWSLambdaFunction_KmsKeyArn_NoEnvironmentVariables (36.57s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (54.03s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_ruby25 (36.53s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (13.34s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python38 (28.27s)
--- PASS: TestAccAWSLambdaFunction_tags (51.19s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_java11 (36.59s)
--- PASS: TestAccAWSLambdaFunction_updateRuntime (51.42s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (43.77s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (39.80s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (44.15s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (40.02s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python36 (32.09s)
--- PASS: TestAccAWSLambdaFunction_FileSystemConfig (721.87s)
--- PASS: TestAccAWSLambdaFunction_s3 (31.68s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_provided (36.48s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_python27 (33.63s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs10x (38.17s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_noRuntime (0.91s)
--- PASS: TestAccAWSLambdaFunction_concurrency (46.63s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (38.38s)
--- PASS: TestAccAWSLambdaFunction_disappears (36.13s)
--- PASS: TestAccAWSLambdaFunction_runtimeValidation_NodeJs12x (38.47s)
```
Update CHANGELOG for #14291
error when iops provided for unsupported type
improve upgrade docs for iops
Update CHANGELOG for #14310
Update CHANGELOG with Go versioning
Remove hardcoded AMIs and AZs
Remove hardcoded AMIs and AZs
Removed hardcoded AMIs and AZs
Remove hardcoded AMI and AZ
Remove hardcoded AMI
r/aws_apigatewayv2_stage: 'data_trace_enabled' and 'logging_level' are only valid for WebSocket APIs.
r/aws_apigatewayv2_stage: No need for diff-suppression for new resources.
r/aws_apigatewayv2_stage: Additional route_settings and default_route_settings test cases.
r/aws_apigatewayv2_stage: Add computed 'api_protocol_type' attribute.
r/aws_apigatewayv2_stage: Pass API protocol type to 'flattenApiGatewayV2RouteSettings'.
Revert "r/aws_apigatewayv2_stage: Pass API protocol type to 'flattenApiGatewayV2RouteSettings'."
This reverts commit 9337272b7842879cdbae5be19ec076bea314b20c.
Revert "r/aws_apigatewayv2_stage: Add computed 'api_protocol_type' attribute."
This reverts commit a7eb7cf9976ecabb04696dbe2f39805cc0ec1401.
Fix mess from rebase.
r/aws_apigatewayv2_stage: Change 'route_setting.logging_level' to computed to address different defaults for WebSocket vs. HTTP.
Update CHANGELOG.md for #13809
resource/aws_acm_certificate: Convert domain_validation_options to TypeSet and calculate elements during plan (#14199)
* resource/aws_acm_certificate: Convert domain_validation_options to TypeSet and calculate elements during plan
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/8531
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/10098
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/10404
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13053
Output from acceptance testing:
```
--- PASS: TestAccAWSAcmCertificate_imported_IpAddress (11.48s)
--- PASS: TestAccAWSAcmCertificate_rootAndWildcardSan (15.53s)
--- PASS: TestAccAWSAcmCertificate_root_TrailingPeriod (15.53s)
--- PASS: TestAccAWSAcmCertificate_root (15.62s)
--- PASS: TestAccAWSAcmCertificate_emailValidation (15.91s)
--- PASS: TestAccAWSAcmCertificate_san_TrailingPeriod (16.38s)
--- PASS: TestAccAWSAcmCertificate_wildcardAndRootSan (16.43s)
--- PASS: TestAccAWSAcmCertificate_san_single (16.51s)
--- PASS: TestAccAWSAcmCertificate_dnsValidation (16.85s)
--- PASS: TestAccAWSAcmCertificate_disableCTLogging (17.06s)
--- PASS: TestAccAWSAcmCertificate_wildcard (18.71s)
--- PASS: TestAccAWSAcmCertificate_san_multiple (19.49s)
--- PASS: TestAccAWSAcmCertificate_privateCert (20.85s)
--- PASS: TestAccAWSAcmCertificate_imported_DomainName (26.86s)
--- PASS: TestAccAWSAcmCertificate_tags (42.99s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsEmail (11.56s)
--- PASS: TestAccAWSAcmCertificateValidation_timeout (19.20s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdns (107.31s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsSan (110.62s)
--- PASS: TestAccAWSAcmCertificateValidation_basic (143.58s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcardAndRoot (153.05s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsRoot (212.21s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsRootAndWildcard (212.95s)
--- PASS: TestAccAWSAcmCertificateValidation_validationRecordFqdnsWildcard (247.43s)
```
Please note that this was also tested manually with a few iterations of this configuration:
```hcl
terraform {
required_providers {
aws = "2.70.0"
}
required_version = "0.12.28"
}
provider "aws" {
region = "us-east-2"
}
variable "public_root_domain" {
description = "Publicly accessible domain for ACM testing"
type = string
}
data "aws_route53_zone" "public_root_domain" {
name = var.public_root_domain
}
resource "aws_acm_certificate" "new" {
domain_name = "new.${var.public_root_domain}"
subject_alternative_names = [
"new1.${var.public_root_domain}",
"new2.${var.public_root_domain}",
"new3.${var.public_root_domain}",
]
validation_method = "DNS"
}
resource "aws_route53_record" "new" {
for_each = {
for dvo in aws_acm_certificate.new.domain_validation_options: dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.public_root_domain.zone_id
}
resource "aws_acm_certificate_validation" "new" {
certificate_arn = aws_acm_certificate.new.arn
validation_record_fqdns = [for record in aws_route53_record.new: record.fqdn]
}
resource "aws_acm_certificate" "wildcard" {
domain_name = var.public_root_domain
subject_alternative_names = ["*.${var.public_root_domain}"]
validation_method = "DNS"
}
resource "aws_route53_record" "wildcard" {
for_each = {
for dvo in aws_acm_certificate.wildcard.domain_validation_options: dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.public_root_domain.zone_id
}
resource "aws_acm_certificate_validation" "wildcard" {
certificate_arn = aws_acm_certificate.wildcard.arn
validation_record_fqdns = [for record in aws_route53_record.wildcard: record.fqdn]
}
```
* docs/service/acm: Fix terrafmt reports
Previously:
```
website/docs/r/acm_certificate.html.markdown:83
website/docs/r/acm_certificate_validation.html.markdown:25
website/docs/r/acm_certificate_validation.html.markdown:67
```
Update CHANGELOG for #14199
Implement Disappears test for API Gateway resources (#13243)
* add disappears test case for APIGW API Key
* add disappears test case for APIGW Authorizer
* add disappears test case for APIGW Base Path
* add disappears test case for APIGW Client Cert
* add disappears test case for APIGW Deployment
* add disappears test case for APIGW Doc Part
* add disappears test case for APIGW Doc Ver
* add disappears test case for APIGW Domain Name
* add disappears test case for APIGW Gateway Response
* add disappears test case for APIGW Integration Response
* add disappears test case for APIGW Integration
* add disappears test case for APIGW Method
* add disappears test case for APIGW Method Response
* add disappears test case for APIGW Method Settings
* add disappears test case for APIGW Model
* add disappears test case for APIGW Request Validator
* add disappears test case for APIGW Resource
* add disappears test case for APIGW Rest API
* add disappears test case for APIGW Stage
* add disappears test case for APIGW Usage Plan Key
* add disappears test case for APIGW Usage Plan
* add disappears test case for APIGW VPC Link
* fix
* fix lint
docs/resource/aws_codebuild_project: Add SECRETS_MANAGER to the CodeBuild environment_variable type (#14200)
Updates alexa example
Updates api-gateway-websocket-chat-app example
Updates asg example
Updates cloudhsm example
Updates cloudwatch-events kinesis and sns examples
Updates cognito-user-pool example
Updates count example
Updates dx-gateway-cross-account-vgw-association example
Updates ecs-alb example
Updates eip example
Updates eks-getting-started example
Updates elasticsearch-domain example
Updates elb example
Updates lambda example
Updates lambda-file-system example
Updates networking example
Updates rds example
Updates s3-api-gateway-integration example
Updates s3-cross-account-access
Updates sagemaker example
Updates transit-gateway-cross-account-peering-attachment example
Updates transit-gateway-cross-account-vpc-attachment example
Updates two-tier example
Updates workspaces example
Updates example action workflow to validate only with Terraform 0.12. Adds error for testing
Restore `terraform validate` output
Only check for warnings if there are no errors
Fixes bash conditional
Wraps jq result in quotes to force it into a string to avoid "unary operator expected" error
Tightens warning check
Updates warning equality
Simplify warning check since it will exit on syntax errors
Resetting warning test to debug it
Add back terraform validate -json
Adds back jq
Echoes warning count
Step-by-step
Baby steps
One step back
Again
Try anything
Drops checks for warnings
Removes error added for testing
Got it!
resource/aws_ssm_maintenance_window_task: Remove deprecated logging_info and task_parameters configuration blocks (#14311)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/7823
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSSSMMaintenanceWindowTask_emptyNotificationConfig (13.56s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationStepFunctionParameters (14.66s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_updateForcesNewResource (22.46s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_basic (22.75s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationLambdaParameters (36.30s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationAutomationParameters (36.56s)
--- PASS: TestAccAWSSSMMaintenanceWindowTask_TaskInvocationRunCommandParameters (39.53s)
```
Update CHANGELOG for #14311
resource/aws_lb_listener_rule: Remove deprecated condition configuration block field and values arguments (#14309)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/8268
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Already documented in the version 3 upgrade guide.
Output from acceptance testing:
```
--- PASS: TestAccAWSLBListenerRule_Action_Order (242.39s)
--- PASS: TestAccAWSLBListenerRule_Action_Order_Recreates (172.01s)
--- PASS: TestAccAWSLBListenerRule_BackwardsCompatibility (192.52s)
--- PASS: TestAccAWSLBListenerRule_basic (205.77s)
--- PASS: TestAccAWSLBListenerRule_changeListenerRuleArnForcesNew (234.49s)
--- PASS: TestAccAWSLBListenerRule_cognito (190.75s)
--- PASS: TestAccAWSLBListenerRule_conditionAttributesCount (10.86s)
--- PASS: TestAccAWSLBListenerRule_conditionHostHeader (227.40s)
--- PASS: TestAccAWSLBListenerRule_conditionHttpHeader (194.36s)
--- PASS: TestAccAWSLBListenerRule_conditionHttpHeader_invalid (1.43s)
--- PASS: TestAccAWSLBListenerRule_conditionHttpRequestMethod (195.55s)
--- PASS: TestAccAWSLBListenerRule_conditionMultiple (269.78s)
--- PASS: TestAccAWSLBListenerRule_conditionPathPattern (199.17s)
--- PASS: TestAccAWSLBListenerRule_conditionQueryString (195.57s)
--- PASS: TestAccAWSLBListenerRule_conditionSourceIp (186.73s)
--- PASS: TestAccAWSLBListenerRule_conditionUpdateMixed (274.24s)
--- PASS: TestAccAWSLBListenerRule_conditionUpdateMultiple (267.11s)
--- PASS: TestAccAWSLBListenerRule_fixedResponse (213.36s)
--- PASS: TestAccAWSLBListenerRule_forwardWeighted (213.62s)
--- PASS: TestAccAWSLBListenerRule_oidc (206.04s)
--- PASS: TestAccAWSLBListenerRule_priority (377.75s)
--- PASS: TestAccAWSLBListenerRule_redirect (248.43s)
--- PASS: TestAccAWSLBListenerRule_updateFixedResponse (189.01s)
--- PASS: TestAccAWSLBListenerRule_updateRulePriority (206.44s)
```
Update CHANGELOG for #14309
resource/aws_cognito_user_pool: Remove deprecated admin_create_user_config.unused_account_validity_days argument (#14294)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/10890
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSCognitoUserPool_basic (16.93s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfiguration (47.75s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationAndSoftwareTokenMfaConfiguration (50.45s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SmsConfigurationToSoftwareTokenMfaConfiguration (46.37s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfiguration (41.83s)
--- PASS: TestAccAWSCognitoUserPool_MfaConfiguration_SoftwareTokenMfaConfigurationToSmsConfiguration (35.22s)
--- PASS: TestAccAWSCognitoUserPool_SmsAuthenticationMessage (36.72s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration (45.69s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_ExternalId (43.87s)
--- PASS: TestAccAWSCognitoUserPool_SmsConfiguration_SnsCallerArn (41.27s)
--- PASS: TestAccAWSCognitoUserPool_SmsVerificationMessage (21.39s)
--- PASS: TestAccAWSCognitoUserPool_update (38.77s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfiguration (26.14s)
--- PASS: TestAccAWSCognitoUserPool_withAdminCreateUserConfigurationAndPasswordPolicy (13.70s)
--- PASS: TestAccAWSCognitoUserPool_withAdvancedSecurityMode (32.33s)
--- PASS: TestAccAWSCognitoUserPool_withAliasAttributes (23.59s)
--- PASS: TestAccAWSCognitoUserPool_withDeviceConfiguration (21.89s)
--- PASS: TestAccAWSCognitoUserPool_withEmailVerificationMessage (21.15s)
--- PASS: TestAccAWSCognitoUserPool_withLambdaConfig (46.71s)
--- PASS: TestAccAWSCognitoUserPool_withPasswordPolicy (36.75s)
--- PASS: TestAccAWSCognitoUserPool_withSchemaAttributes (22.83s)
--- PASS: TestAccAWSCognitoUserPool_withTags (33.77s)
--- PASS: TestAccAWSCognitoUserPool_withUsernameConfiguration (28.12s)
--- PASS: TestAccAWSCognitoUserPool_withVerificationMessageTemplate (21.48s)
```
Update CHANGELOG for #14294
tests/provider: Ensure awsproviderlint source is dependency and lint checked (#14131)
* tests/provider: Ensure awsproviderlint source is dependency and lint checked
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/14129
* provider: Add awsproviderlint to make fmt target
provider: Initial snapshot build workflow (#14140)
Using GitHub Actions artifacts, sets up daily snapshot builds of master and allows other snapshot builds.
resource/aws_iam_access_key: Remove deprecated ses_smtp_password attribute (#14299)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/11144
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSAccessKey_basic (5.87s)
--- PASS: TestAccAWSAccessKey_encrypted (5.97s)
--- PASS: TestAccAWSAccessKey_inactive (9.72s)
```
Update CHANGELOG for #14299
provider: Remove deprecated kinesis_analytics and r53 custom endpoint arguments (#14238)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSProvider_Region_AwsCommercial (3.64s)
--- PASS: TestAccAWSProvider_Region_AwsChina (3.64s)
--- PASS: TestAccAWSProvider_Region_AwsGovCloudUs (3.65s)
--- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_Multiple (4.00s)
--- PASS: TestAccAWSProvider_IgnoreTags_Keys_None (4.00s)
--- PASS: TestAccAWSProvider_IgnoreTags_Keys_Multiple (4.01s)
--- PASS: TestAccAWSProvider_IgnoreTags_Keys_One (4.01s)
--- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_None (4.01s)
--- PASS: TestAccAWSProvider_IgnoreTags_KeyPrefixes_One (4.02s)
--- PASS: TestAccAWSProvider_IgnoreTags_EmptyConfigurationBlock (4.01s)
--- PASS: TestAccAWSProvider_Endpoints (4.08s)
--- PASS: TestAccAWSProvider_AssumeRole_Empty (7.80s)
```
Update CHANGELOG for #14238
resource/aws_glue_job: Remove deprecated allocated_capacity argument (#14296)
Reference: https://github.com/terraform-providers/terraform-provider-aws/pull/7340
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSGlueJob_basic (14.45s)
--- PASS: TestAccAWSGlueJob_Description (21.70s)
--- PASS: TestAccAWSGlueJob_GlueVersion (21.74s)
--- PASS: TestAccAWSGlueJob_MaxRetries (21.92s)
--- PASS: TestAccAWSGlueJob_Command (21.95s)
--- PASS: TestAccAWSGlueJob_DefaultArguments (22.08s)
--- PASS: TestAccAWSGlueJob_NotificationProperty (22.10s)
--- PASS: TestAccAWSGlueJob_Timeout (22.13s)
--- PASS: TestAccAWSGlueJob_ExecutionProperty (22.43s)
--- PASS: TestAccAWSGlueJob_MaxCapacity (22.43s)
--- PASS: TestAccAWSGlueJob_SecurityConfiguration (22.48s)
--- PASS: TestAccAWSGlueJob_WorkerType (29.22s)
--- PASS: TestAccAWSGlueJob_Tags (29.29s)
--- PASS: TestAccAWSGlueJob_PythonShell (30.12s)
```
Update CHANGELOG for #14296
resource/aws_iam_instance_profile: Remove deprecated roles argument (#14303)
Reference: https://github.com/hashicorp/terraform/pull/13130
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Output from acceptance testing:
```
--- PASS: TestAccAWSIAMInstanceProfile_withoutRole (6.44s)
--- PASS: TestAccAWSIAMInstanceProfile_basic (6.92s)
--- PASS: TestAccAWSIAMInstanceProfile_namePrefix (6.94s)
--- PASS: TestAccAWSAutoScalingGroup_LaunchTemplate_IAMInstanceProfile (53.25s)
--- PASS: TestAccAWSAppautoScalingTarget_emrCluster (790.81s)
--- PASS: TestAccAWSBeanstalkEnv_tier (518.46s)
--- PASS: TestAccAWSIAMRole_testNameChange (12.80s)
--- PASS: TestAccAWSInstance_instanceProfileChange (204.32s)
--- PASS: TestAccAWSInstance_withIamInstanceProfile (115.26s)
--- PASS: TestAccAWSLaunchConfiguration_withIAMProfile (21.61s)
```
Update CHANGELOG for #14303
Remove hardcoded AMIs and AZs
resource/aws_sns_topic_subscription: Use paginated ListSubscriptionsByTopic and return immediately on errors (#14262)
* tests/resource/aws_sns_topic_subscription: Fix recurring and unrelated test configuration error
Previously:
```
--- FAIL: TestAccAWSSNSTopicSubscription_autoConfirmingSecuredEndpoint (63.28s)
testing.go:684: Step 0 error: After applying this step, the plan was not empty:
DIFF:
UPDATE: aws_api_gateway_authorizer.test
...
authorizer_result_ttl_in_seconds: "300" => "0"
```
Output from acceptance testing:
```
--- PASS: TestAccAWSSNSTopicSubscription_autoConfirmingSecuredEndpoint (91.18s)
```
* resource/aws_sns_topic_subscription: Use paginated ListSubscriptionsByTopic and return immediately on errors
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Output from acceptance testing:
```
--- PASS: TestAccAWSSNSTopicSubscription_basic (13.47s)
--- PASS: TestAccAWSSNSTopicSubscription_rawMessageDelivery (27.13s)
--- PASS: TestAccAWSSNSTopicSubscription_filterPolicy (28.12s)
--- PASS: TestAccAWSSNSTopicSubscription_deliveryPolicy (28.38s)
--- PASS: TestAccAWSSNSTopicSubscription_autoConfirmingEndpoint (48.31s)
--- PASS: TestAccAWSSNSTopicSubscription_autoConfirmingSecuredEndpoint (91.18s)
```
Update CHANGELOG for #14262
service/directconnect: vpn_gateway_id Argument Removals and Increase aws_dx_gateway_association Default Timeouts (#14144)
* resource/aws_dx_gateway_association: Increase default create/update/delete timeouts to 30 minutes
Previously, we were seeing consistent failures across many of acceptance tests:
```
TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewaySingleAccount: testing.go:684: Step 1 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-a59d30b3-e6de-435e-bb17-cd7ed23f400evgw-06bccd6488d2b8d87) to become available: timeout while waiting for state to become 'associated' (last state: 'updating', timeout: 10m0s)
TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewayCrossAccount: testing.go:684: Step 1 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-a8b1b976-c0a1-4b64-8560-9d9cc45d11a3vgw-0a2e52679acf9c250) to become available: timeout while waiting for state to become 'associated' (last state: 'updating', timeout: 10m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_basicTransitGatewaySingleAccount (989.81s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-48d0e3d3-e131-443d-9693-e64eff519baatgw-0a2a0ea77f65ed202) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_basicTransitGatewayCrossAccount (991.80s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-9f9c1ed2-97b6-41c5-8018-0724f6162b59tgw-06f7ce56df96282d7) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_basicVpnGatewaySingleAccount (1816.92s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-76c9d0f4-b0aa-4b1b-96d9-10ce8c3ca025vgw-0c47a2c63baf7d4d8) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: error waiting for Direct Connect gateway association (ga-76c9d0f4-b0aa-4b1b-96d9-10ce8c3ca025vgw-0c47a2c63baf7d4d8) to be deleted: timeout while waiting for state to become 'disassociated, deleted' (last state: 'disassociating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewaySingleAccount (1816.89s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-12a5c1e8-322e-4bc1-8a5a-f4b778a00db3vgw-09c811d121256131b) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: error waiting for Direct Connect gateway association (ga-12a5c1e8-322e-4bc1-8a5a-f4b778a00db3vgw-09c811d121256131b) to be deleted: timeout while waiting for state to become 'disassociated, deleted' (last state: 'disassociating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewayCrossAccount (1819.25s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-ccf678f2-5d51-441e-86c5-308c731f26abvgw-063e75f539bc3719c) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: error waiting for Direct Connect gateway association (ga-ccf678f2-5d51-441e-86c5-308c731f26abvgw-063e75f539bc3719c) to be deleted: timeout while waiting for state to become 'disassociated, deleted' (last state: 'disassociating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_multiVpnGatewaysSingleAccount (2487.01s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-5d93ccd0-8344-4ee6-95f8-58af27e01301vgw-054e2b0e7ecf45c8d) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
Error: error waiting for Direct Connect gateway association (ga-5d93ccd0-8344-4ee6-95f8-58af27e01301vgw-057b39dbec7338ec1) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: error waiting for Direct Connect gateway association (ga-5d93ccd0-8344-4ee6-95f8-58af27e01301vgw-057b39dbec7338ec1) to be deleted: timeout while waiting for state to become 'disassociated, deleted' (last state: 'disassociating', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_basicVpnGatewayCrossAccount (2529.42s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-ad8143a9-657e-4ed2-9ebb-a78dd2bee2c1vgw-0d552249edec48941) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
testing.go:745: Error destroying resource! WARNING: Dangling resources
may exist. The full state and error is shown below.
Error: errors during apply: Error waiting for VPN Gateway "vgw-0d552249edec48941" to detach from VPC "vpc-0cbba5ddf6a4ec7ba": timeout while waiting for state to become 'detached' (last state: 'detaching', timeout: 15m0s)
--- FAIL: TestAccAwsDxGatewayAssociation_deprecatedSingleAccount (2551.41s)
testing.go:684: Step 0 error: errors during apply:
Error: error waiting for Direct Connect gateway association (ga-c1c37095-ab8d-4dcd-9f97-b369face1ad4vgw-0576f5ab3096ace51) to become available: timeout while waiting for state to become 'associated' (last state: 'associating', timeout: 15m0s)
```
* service/directconnect: Remove vpn_gateway_id arguments
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13398
Changes:
```
* resource/aws_dx_gateway_association: Remove `vpn_gateway_id` argument
* resource/aws_dx_gateway_association_proposal: Remove `vpn_gateway_id` argument
```
Output from acceptance testing:
```
--- PASS: TestAccAwsDxGatewayAssociation_basicTransitGatewaySingleAccount (2063.56s)
--- PASS: TestAccAwsDxGatewayAssociation_basicTransitGatewayCrossAccount (2556.75s)
--- PASS: TestAccAwsDxGatewayAssociation_multiVpnGatewaysSingleAccount (2668.06s)
--- PASS: TestAccAwsDxGatewayAssociation_basicVpnGatewaySingleAccount (2674.09s)
--- PASS: TestAccAwsDxGatewayAssociation_basicVpnGatewayCrossAccount (2677.20s)
--- PASS: TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewaySingleAccount (3612.36s)
--- PASS: TestAccAwsDxGatewayAssociation_allowedPrefixesVpnGatewayCrossAccount (3856.32s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_basicVpnGateway (88.64s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_disappears (96.50s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_AllowedPrefixes (121.18s)
--- PASS: TestAccAwsDxGatewayAssociationProposal_basicTransitGateway (182.42s)
```
* tests/resource/aws_dx_gateway_association: Ensure v0 state upgrade is still covered by acceptance testing
Output from acceptance testing:
```
--- PASS: TestAccAwsDxGatewayAssociation_V0StateUpgrade (2605.48s)
```
Update CHANGELOG for #14144
docs/resource/aws_security_group: Update `cidr_blocks` value to list (#14329)
add support for zero ttl
add validation for `authorizer_uri`, `authorizer_credentials`
changes for %w
remove deprecated func
use set len func
revert validation for `authorizer_uri`
refactor tests
refactor tests
Update CHANGELOG for #12643
resource/aws_appautoscaling_target: Remove DeregisterScalableTarget retries on all errors and add disappears test (#14259)
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13409
Reference: https://github.com/terraform-providers/terraform-provider-aws/issues/13826
Output from acceptance testing:
```
--- PASS: TestAccAWSAppautoScalingTarget_multipleTargets (20.68s)
--- PASS: TestAccAWSAppautoScalingTarget_optionalRoleArn (25.17s)
--- PASS: TestAccAWSAppautoScalingTarget_basic (43.13s)
--- PASS: TestAccAWSAppautoScalingTarget_spotFleetRequest (57.42s)
--- PASS: TestAccAWSAppautoScalingTarget_disappears (71.79s)
--- PASS: TestAccAWSAppautoScalingTarget_emrCluster (840.33s)
--- PASS: TestAccAWSAppautoScalingPolicy_multiplePoliciesSameName (24.97s)
--- PASS: TestAccAWSAppautoScalingPolicy_dynamodb_table (26.58s)
--- PASS: TestAccAWSAppautoScalingPolicy_multiplePoliciesSameResource (28.13s)
--- PASS: TestAccAWSAppautoScalingPolicy_dynamodb_index (37.07s)
--- PASS: TestAccAWSAppautoScalingPolicy_spotFleetRequest (71.64s)
--- PASS: TestAccAWSAppautoScalingPolicy_disappears (75.45s)
--- PASS: TestAccAWSAppautoScalingPolicy_basic (77.30s)
--- PASS: TestAccAWSAppautoScalingPolicy_scaleOutAndIn (79.17s)
--- PASS: TestAccAWSAppautoScalingPolicy_ResourceId_ForceNew (83.72s)
```
Update CHANGELOG for #14259
update statefuncs to use global method
update statefuncs to use global method
Update provider's S3 bucket lookup to use GetBucketRegion utility (#14221)
* Update provider's S3 bucket lookup to use GetBucketRegion utility
Replaces the usage of S3's GetBucketLocation with the aws-sdk-go's
GetBucketRegion utility. This utility can discover the bucket's region
without authentication, and can be configured to be compatible with
FIPS endpoints.
Fixes https://github.com/terraform-providers/terraform-provider-aws/issues/14217
Related to https://github.com/aws/aws-sdk-go/issues/3115
* Add AWS SDK for Go s3manager dependency
Adds a dependency on the AWS SDK for Go's `s3manager`, and `s3iface`
packages. These packages make the s3manager packages's GetBucketRegion
utility available for discovering a S3 bucket's locations.
These packages are used by PR #14221.
Update CHANGELOG for #14221 and other minor formatting fixes
refactor trimTrailingPeriod method
|
This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Community Note
Reference #8531
Closes #10959
Closes #13317
Release note for CHANGELOG:
Acceptance testing:
Could someone please shed some light here? I do not see why
AWS_PROFILEis not working for acceptance tests anymore...Example Code