Terraform-provider-aws: aws_cloudfront_distribution - "Only one viewer certificate change may be in progress at a time"
_This issue was originally opened by @ozbillwang as hashicorp/terraform#13495. It was migrated here as part of the provider split. The original body of the issue is below._
Hi there,
Terraform Version
v0.9.1
Affected Resource(s)
- aws_cloudfront_distribution
Terraform Configuration Files
Apply below resource first, it is successful.
resource "aws_cloudfront_distribution" "cdn" {
....
viewer_certificate {
cloudfront_default_certificate = true
}
Then update to use Custom SSL Certificate (example.com)
data "aws_iam_server_certificate" "domain" {
name = "example.com_wildcard"
latest = true
}
resource "aws_cloudfront_distribution" "cdn" {
....
viewer_certificate {
iam_certificate_id = "${aws_iam_server_certificate.domain.id}"
minimum_protocol_version = "TLSv1"
ssl_support_method = "sni-only"
}
}
Debug Output
Panic Output
Expected Behavior
What should have happened?
Resource aws_cloudfront_distribution.cdn should be updated with new custom SSL certificate.
Actual Behavior
Error applying plan:
1 error(s) occurred:
* module.web.aws_cloudfront_distribution.cdn: 1 error(s) occurred:
* aws_cloudfront_distribution.cdn: IllegalUpdate: Only one viewer certificate change may be in progress at a time.
status code: 400, request id: 1ba221a9-1dac-11e7-bd65-89380dff957f
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
terraform applyto apply the resourceaws_cloudfront_distribution.cdn- update tf file with custom ssl certificate in part of
viewer_certificate - get error when
terraform apply - manually delete the resource
aws_cloudfront_distribution.cdn - successfully run
terraform apply
Important Factoids
References
Confirmed I provided certificate id, not arn in tf configuraiton.
hashibot
All 3 comments
I have run into this issue as well during a certificate change. The referenced Cloudfront_Distribution object has status "InProgress", and during this period modifications are not allowed. Waiting 15-20 minutes and re-running terraform apply results in success.
EugeneKay
on 22 Feb 2018
Hi folks 👋 In version 2.1.0 of the Terraform AWS Provider, the aws_cloudfront_distribution resource will now wait for changes to be fully deployed on creation and update, so this error should effectively not occur unless the process is manually cancelled. The new version with this change should release middle of this week. 👍
If you have any lingering issues with this or anything related on the newer version, please open a new GitHub issue for further triage. Thanks!
bflad
on 4 Mar 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 31 Mar 2020
Related issues
hashibot
·
3Comments
ghost
·
3Comments
carmas
·
3Comments
hashibot
·
3Comments
hazmeister
·
3Comments
Most helpful comment
I have run into this issue as well during a certificate change. The referenced Cloudfront_Distribution object has status "InProgress", and during this period modifications are not allowed. Waiting 15-20 minutes and re-running
terraform applyresults in success.