terraform updates aws_cloudfront_distribution every time over and over again

[vkulov]

Hi,

I have a cloudfront distribution that updates every time apply is run.

module.s3_client_data.aws_cloudfront_distribution.main: Modifying...
  viewer_certificate.1540335073.acm_certificate_arn:            "" => ""
  viewer_certificate.1540335073.cloudfront_default_certificate: "" => "true"
  viewer_certificate.1540335073.iam_certificate_id:             "" => ""
  viewer_certificate.1540335073.minimum_protocol_version:       "" => "TLSv1"
  viewer_certificate.1540335073.ssl_support_method:             "" => "sni-only"
  viewer_certificate.2654384193.acm_certificate_arn:            "" => ""
  viewer_certificate.2654384193.cloudfront_default_certificate: "true" => "false"
  viewer_certificate.2654384193.iam_certificate_id:             "" => ""
  viewer_certificate.2654384193.minimum_protocol_version:       "SSLv3" => ""
  viewer_certificate.2654384193.ssl_support_method:             "" => ""
module.s3_client_data.aws_cloudfront_distribution.main: Modifications complete

The modification completes for a few seconds so it's not a big deal still it's annoying.

Here's my terraform code:

resource "aws_cloudfront_origin_access_identity" "main" {
  comment = "Client-Data Access Identity"
}

resource "aws_cloudfront_distribution" "main" {
  origin {
    domain_name = "${var.bucket_name}.s3.amazonaws.com"
    origin_id   = "${var.bucket_name}"

    s3_origin_config {
      origin_access_identity = "${aws_cloudfront_origin_access_identity.main.cloudfront_access_identity_path}"
    }
  }

  enabled             = true

  logging_config {
    include_cookies = false
    bucket          = "${var.log_bucket}.s3.amazonaws.com"
    prefix          = "${var.log_prefix}"
  }

  aliases = "${var.aliases}"

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "${var.bucket_name}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
    min_ttl                = 0
    default_ttl            = 3600
    max_ttl                = 86400
  }

  price_class = "${var.price_class}"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  tags {
    Name        = "Client Data"
    Environment = "${var.environment}"
  }

  viewer_certificate {
    cloudfront_default_certificate = true
    ssl_support_method = "sni-only"
    minimum_protocol_version = "TLSv1"
  }
}

I'm using Terraform v0.7.13

[catsby]

It looks like we're mishandling all of the viewer_certificate block

[catsby]

Likely dupe/related to #8248

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.