Question 19401 in Amazon Web Sevices Question posted in
The official Amazon Web Services documentation can be found here.

Updating aws_cloudfront_public_key encoded_key with the same value forces replacement

I am trying to create aws_cloudfront_public_key resource in terraform using below mentioned code,

resource "aws_cloudfront_public_key" "key" {
  name        = "my-cf-pubkey"
  encoded_key = file("${path.module}/abcd.pem")
}

First time if terraform apply is getting executed then its getting created successfully. But all terraform apply post it trying to recreate aws_cloudfront_public_key i.e. its getting destroyed and recreate again even if public key is not getting changed, which is wrong behaviour.

How to over come this issue ?

Plan output is :

  # aws_cloudfront_public_key.documents-signing-key must be replaced
-/+ resource "aws_cloudfront_public_key" "documents-signing-key" {
      ~ caller_reference = "terraform-20221218060345896500000002" -> (known after apply)
      ~ encoded_key      = <<-EOT # forces replacement
            -----BEGIN PUBLIC KEY-----
            -----END PUBLIC KEY-----
        EOT
      ~ etag             = "E1PKWHEWOCNZS4" -> (known after apply)
      ~ id               = "K15GFD3XARNT0X" -> (known after apply)
        name             = "my-cf-pubkey"
      + name_prefix      = (known after apply)
        # (1 unchanged attribute hidden)
    }
Tags:

3

Answers


  1. Chosen as BEST ANSWER
    0

    Its worked after just added the new line(enter key) at the end of pem file it worked.

    -----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf
9Cnzj4p4WGeKLs1Pt8QuKUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQ==
-----END PUBLIC KEY-----

    Ref : https://github.com/hashicorp/terraform-provider-aws/issues/20081


  2. 0

    you can try using lifecycle block to prevent Terraform from attempting to recreate the resource again as shown below

    resource "aws_cloudfront_public_key" "key" {
  name        = "my-cf-pubkey"
  encoded_key = file("${path.module}/abcd.pem")
  
  lifecycle {
    create_before_destroy = true
  }
}

    Let me know if this will help you.

    Login or Signup to reply.
  3. 0

    If the encoded_key attribute of your resource is not changing between Terraform runs, then you can use the ignore_changes attribute to tell Terraform to not attempt to check for changes.

    For example:

    resource "aws_cloudfront_public_key" "key" {
  name        = "my-cf-pubkey"
  encoded_key = file("${path.module}/abcd.pem")
  ignore_changes = ["encoded_key"]
}

    @JatinPanchal

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search