Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_cloudfront_distribution - "OriginReadTimeout is required for updates." #13627

Closed
gaelreyrol opened this issue Apr 13, 2017 · 13 comments
Closed

aws_cloudfront_distribution - "OriginReadTimeout is required for updates." #13627

gaelreyrol opened this issue Apr 13, 2017 · 13 comments
Labels
bug provider/aws

Comments

@gaelreyrol
Copy link

Hello,

Terraform Version

v0.9.3

Affected Resource(s)

  • aws_cloudfront_distribution

Terraform Configuration Files

resource "aws_cloudfront_distribution" "cdn" {
  origin {
    domain_name = "${aws_s3_bucket.cdn.website_endpoint}"
    origin_id   = "origin-cdn.${var.domain}"

    custom_origin_config {
      origin_protocol_policy = "http-only"
      http_port              = "80"
      https_port             = "443"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }

  enabled         = true

  aliases = ["cdn.${var.domain}"]

  price_class = "PriceClass_100"

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD"]
    cached_methods   = ["GET", "HEAD"]
    target_origin_id = "origin-cdn.${var.domain}"

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "redirect-to-https"
    min_ttl                = 0
    default_ttl            = 300
    max_ttl                = 1200
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = true
  }
}

Then add IPv6 support is_ipv6_enabled = true :

resource "aws_cloudfront_distribution" "cdn" {
  origin {
    domain_name = "${aws_s3_bucket.cdn.website_endpoint}"
    origin_id   = "origin-cdn.${var.domain}"

    custom_origin_config {
      origin_protocol_policy = "http-only"
      http_port              = "80"
      https_port             = "443"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }

  enabled         = true
  is_ipv6_enabled = true
  ...
}

Debug Output

Panic Output

Expected Behavior

What should have happened?

Resource aws_cloudfront_distribution.cdn should be updated with IPv6 support added.

Actual Behavior

What actually happened?

aws_cloudfront_distribution.cdn: Modifying... (ID:*******)
  is_ipv6_enabled: "false" => "true"
Error applying plan:

1 error(s) occurred:

* aws_cloudfront_distribution.cdn: 1 error(s) occurred:

* aws_cloudfront_distribution.cdn: IllegalUpdate: OriginReadTimeout is required for updates.
	status code: 400, request id: 871de922-2056-11e7-96a5-095694b3fd5b

Steps to Reproduce

  1. terraform apply to apply the resource aws_cloudfront_distribution.cdn
  2. Update tf file with is_ipv6_enabled
  3. Get error when ``terraform apply```
  4. Taint the ressource terraform taint aws_cloudfront_distribution.cdn
  5. terraform apply

Thanks :)
@gaelreyrol
Copy link
Author

gaelreyrol commented Apr 13, 2017
edited
Loading

According to the aws golang documentation, the struct CustomOriginConfig do not need OriginReadTimeout. But it seems it's wrong now due to the error.

CustomOriginConfig: &cloudfront.CustomOriginConfig{
  HTTPPort:               aws.Int64(1),                       // Required
  HTTPSPort:              aws.Int64(1),                       // Required
  OriginProtocolPolicy:   aws.String("OriginProtocolPolicy"), // Required
  OriginKeepaliveTimeout: aws.Int64(1),
  OriginReadTimeout:      aws.Int64(1),
  OriginSslProtocols: &cloudfront.OriginSslProtocols{
    Items: []*string{ // Required
      aws.String("SslProtocol"), // Required
      // More values...
      },
    Quantity: aws.Int64(1), // Required
  },
},

Full example here

Here the function that manage the CustomOriginConfig struct in the provider implementation.

Hope it will help !

@stack72
Copy link
Contributor

stack72 commented Apr 13, 2017

Hi @zevran

This is currently working in a PR! I hope to get this merged soon

Paul

@ChrisArmstrongUK
Copy link

ChrisArmstrongUK commented Apr 18, 2017
edited
Loading

Link to pull request: #13367

@pmacdougall
Copy link

Is there any work around for this until the PR is merged and released?

@kitsunde
Copy link
Contributor

@pmacdougall What I had to do was to apply the change manually and in some cases modify the .tf until terraform plan thinks the state matches.

Alternatively do the manual change and use ignore_changes https://www.terraform.io/docs/configuration/resources.html#ignore_changes until it's fixed so it doesn't trigger an update.

@pmacdougall
Copy link

Thanks @kitsunde . TIL: ignore_changes

@shorn
Copy link

shorn commented Apr 23, 2017

@stack72
This also seems to be the case when adding cache behaviors. I added the origin manually in console and added "origin" to ignore_changes. Then tried to add a cache behaviour as below same kind of error.
Ended up using same workaround, add the behaviour in the console, then add "cache_behavior" to the ignore_changes list.

  cache_behavior {
    allowed_methods  = ["GET", "HEAD", "POST", "OPTIONS"]
    cached_methods = []

    compress = true
    min_ttl = 0
    default_ttl = 0
    max_ttl = 0

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    path_pattern = "/Prod"
    smooth_streaming = false
    target_origin_id = "XXX"

    viewer_protocol_policy = "https-only"

  }

@frohoff
Copy link

frohoff commented Apr 26, 2017

It's worth noting that this also prevents destroying a distribution because terraform (correctly) disables it before deleting it and fails to complete the update.

@ChrisArmstrongUK
Copy link

Looks like #13367 has been merged and will be released with v0.9.5

@stack72
Copy link
Contributor

stack72 commented Apr 26, 2017

Closed via #13367

Sorry for the time it too to fix this up

@stack72 stack72 closed this as completed Apr 26, 2017
@gnarea
Copy link

gnarea commented Apr 26, 2017 via email

@dan-turner
Copy link

what's the ETA for 0.9.5?

@shawnsi shawnsi mentioned this issue May 8, 2017
Closed
bookshelfdave pushed a commit to mozmeao/infra that referenced this issue Jun 13, 2017
use s3 website bucket name so index documents work in subdirs
ac202f0 
The custom_origin_config is required because terraform will
insist that the bucket name is incorrect as it doesn't follow
the irlpodcast.s3.amazonaws.com format.

requires terraform 0.9.8

see also:
hashicorp/terraform#10572
hashicorp/terraform#13627
@bookshelfdave bookshelfdave mentioned this issue Jun 13, 2017
Merged
@ghost
Copy link

ghost commented Apr 13, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 13, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@frohoff @kitsunde @shorn @stack72 @gnarea @gaelreyrol @dan-turner @pmacdougall @ChrisArmstrongUK