Ignore certain values when detecting a changed backend #22192
Comments
|
I would argue that "ignore_changes, but for backends" is such a fundamentally different concept that calling it |
|
Yes, I'm referring to a different part of Terraform: https://www.terraform.io/docs/configuration/resources.html#ignore_changes, I was asking if this was similar functionality to what you're describing.
It sounds like what you're asking is for a means to say "ignore this part of the configuration." Is that incorrect? |
|
Apologies for the late reaction. Yes, one of the options is technically similar behavior to the |
Current Terraform Version
Terraform 0.12.3
Use-cases
We have a terraform S3 backend which requires assuming a specific role to access the bucket. This role requires an MFA token to access. Since Terraform doesn't support MFA (as far as I know) we have a small script that generates the backend configuration (and provider configuration as well), specifically by asking for an mfa value and assuming the role using the
sts:AssumeRoleAPI call and getting the temporary access key, secret and token.Unfortunately, every time you run this script the backend configuration is considered changed and
terraform initwants to "migrate" using the old (expired) credentials to the new ones which obviously fails. Technically there is nothing to migrate, it's just that we have new credentials to access the same AWS account.Attempted Solutions
What we currently do is just delete the .terraform directory prior to running
terraform initbut this isn't very efficient.Proposal
It would be nice if we could either declare certain variables in the backend config as "don't try to migrate backend if these change" or add a command line option to terraform to not try to migrate when running
terraform init.The text was updated successfully, but these errors were encountered: