Terraform-provider-aws: ignore_changes for specific nested arguments

Created on 17 Mar 2018  ยท  6Comments  ยท  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @danhart as hashicorp/terraform#17608. It was migrated here as a result of the provider split. The original body of the issue is below._

I have a cloudfront distribution configuration like so:

resource "aws_cloudfront_distribution" "CodesTable" {
  origin {
    domain_name = "${var.builds_bucket}"
    origin_id   = "s3-builds-bucket"
    origin_path = "/ss-codes/1374"

    custom_origin_config {
      http_port = 80
      https_port = 443
      origin_ssl_protocols = ["TLSv1", "TLSv1.1", "TLSv1.2"]
      origin_protocol_policy = "http-only"
    }
  }

  enabled             = true
  is_ipv6_enabled     = true
  default_root_object = "index.html"

  default_cache_behavior {
    allowed_methods  = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
    target_origin_id = "s3-builds-bucket"
    cached_methods = ["GET", "HEAD"]

    forwarded_values {
      query_string = false

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "allow-all"
  }

  price_class = "PriceClass_100"

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  lifecycle {
    ignore_changes = ["origin.0.origin_path"]
  }
}

I'm trying to just ignore changes to the first/only origin's origin_path. However ignore_changes = ["origin.0.origin_path"] does not work, and terraform still retains control of this argument. I am successfully able to set ignore_changes = ["origin"], however this ignores the _whole_ of the origin argument and all nested arguments.

Is there a way I can just ignore specifically origin_path? I've looked at these issues:

But haven't been able to find a solution that works.

I am running terraform_0.11.3_linux_amd64.

question serviccloudfront upstream-terraform
Source
picture hashibot[bot]

All 6 comments

Hi @danhart can you try using the TypeSet hash number in your ignore_changes? In your plan it should have something like:

origin.XXXXXX.origin_path: "..." => ""
origin.YYYYYY.origin_path: "" => "/ss-codes/1374"

Maybe ignore_changes = ["origin.XXXXXX.origin_path"] and/or a configuration with "origin.YYYYYY.origin_path" will do it although I cannot remember off the top of my head if it can work like this.

bflad picture bflad on 19 Mar 2018
👍1

@bflad a combination of ignore_changes = ["origin.XXXXXX.origin_path", "origin.YYYYYY.origin_path"] does indeed work. However, this isn't really ideal. Thanks for a solution though.

danhart picture danhart on 27 Mar 2018

I am trying to ignore_change on emr_managed_master_security_group attribute of aws_emr_cluster.

resource "aws_emr_cluster" "cluster" {
  name          = "spark-${var.name}"

  ec2_attributes {
    key_name                            = "${var.key_pair}"
    subnet_id                           = "${var.subnet_ids[0]}"
    additional_master_security_groups   = "${join(",", var.security_groups)}"
    additional_slave_security_groups    = "${join(",", var.security_groups)}"
    # # https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-man-sec-groups.html
    # emr_managed_master_security_group = "${var.security_groups}"
    # emr_managed_slave_security_group  = "${var.security_groups}"
    instance_profile                    = "${var.instance_profile}"
  }

  lifecycle {
    # https://github.com/terraform-providers/terraform-provider-aws/issues/3819
    ignore_changes = ["step", "ec2_attributes.0.emr_managed_master_security_group", " ec2_attributes.0.emr_managed_slave_security_group"]
  }
}

. My plan shows following:
```
ec2_attributes.0.emr_managed_master_security_group: "sg-80b180f9" => "" (forces new resource)
ec2_attributes.0.emr_managed_slave_security_group: "sg-9db382e4" => "" (forces new resource)
ec2_attributes.0.instance_profile: "arn:aws:iam::329866267174:instance-profile/nodes.ml-
````
But this does not work .. what am I missing ?

suneeta-mall picture suneeta-mall on 24 May 2018
👍1

Thank you for using Terraform and for opening up this question, @danhart! Issues on GitHub are intended to be related to bugs or feature requests with the provider codebase.

It appears a working solution has been provided, so this issue will now be closed. If needed, please use https://discuss.hashicorp.com/c/terraform-providers for additional feedback, community discussions, and questions around Terraform.

If you believe that your issue was closed in error, please create a new issue using one of the following provided templates: bug report or feature request. Please make sure to provide us with the appropriate information so we can best determine how to assist with the given issue.

tracypholmes picture tracypholmes on 15 Jul 2019

I second @suneeta-mall - I'm seeing the same behaviour here. It actually seems like a regression...

dpnova picture dpnova on 29 Jul 2019

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 2 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  ยท  58Comments
Bwanabanana picture Bwanabanana  ยท  46Comments
jckuester picture jckuester  ยท  53Comments
takeda-joao picture takeda-joao  ยท  39Comments
hashibot picture hashibot  ยท  36Comments