Terraform-provider-aws: aws_cloudfront_distribution diff didn't match during apply

Created on 25 Apr 2018  ยท  4Comments  ยท  Source: hashicorp/terraform-provider-aws

Terraform Version

> terraform -v
Terraform v0.11.7
+ provider.archive v1.0.3
+ provider.aws v1.15.0

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_cloudfront_distribution

Terraform Configuration Files

resource "aws_cloudfront_distribution" "image-resize-server-apigateway" {

  aliases = ["${var.cloudfront_cname_alias}"]

  origin {
    domain_name = "${replace(aws_api_gateway_deployment.image-resize-api.invoke_url, "/^https://(.+)/.+$/", "$1")}"

    origin_path = "/${var.api_gateway_stage}"

    origin_id = "${var.cloudfront_origin_id}"

    custom_origin_config {
      http_port              = "80"
      https_port             = "443"
      origin_protocol_policy = "https-only"
      origin_ssl_protocols   = ["TLSv1.2"]
    }
  }

  enabled         = true
  is_ipv6_enabled = true
  comment         = "Theme Image Resize API distribution CDN"

  default_cache_behavior {
    allowed_methods  = ["GET", "HEAD", "OPTIONS"]
    cached_methods   = ["GET", "HEAD", "OPTIONS"]
    target_origin_id = "${var.cloudfront_origin_id}"

    forwarded_values {
      query_string = true

      cookies {
        forward = "none"
      }
    }

    viewer_protocol_policy = "https-only"

    min_ttl     = 0
    default_ttl = "${var.cloudfront_cache_expire}"
    max_ttl     = "${var.cloudfront_cache_expire}"
  }

  price_class = "PriceClass_200"

  tags {
    Environment = "${var.api_gateway_stage}"
  }

  restrictions {
    geo_restriction {
      restriction_type = "none"
    }
  }

  viewer_certificate {
    cloudfront_default_certificate = false
    acm_certificate_arn            = "${var.cloudfront_acm_certificate_arn}"
    ssl_support_method             = "sni-only"
    minimum_protocol_version       = "TLSv1.1_2016"
  }
}

Debug Output

https://gist.github.com/krrrr38/45ffa178700006662d6aac1d22acf256

Panic Output

Nothing

Expected Behavior

After creating aws_cloudfront_distribution, we can apply id many times.

Actual Behavior

* module.image-resize-server.aws_cloudfront_distribution.image-resize-server-apigateway: aws_cloudfront_distribution.image-resize-server-apigateway: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.

details are in debug output.

    Terraform Version: 0.11.7
    Resource ID: aws_cloudfront_distribution.image-resize-server-apigateway
    Mismatch reason: attribute mismatch: origin.408149110.custom_header.#
2018-04-25T17:23:34.435+0900 [DEBUG] plugin: plugin process exited: path=/Users/kkaizu/dev/src/gitlab.mydomain-sec.com/infra/mydomain-terraform/envs/root/apps/.terraform/plugins/darwin_amd64/terraform-provider-archive_v1.0.3_x4
2018-04-25T17:23:34.437+0900 [DEBUG] plugin: plugin process exited: path=/Users/kkaizu/dev/src/gitlab.mydomain-sec.com/infra/mydomain-terraform/envs/root/apps/.terraform/plugins/darwin_amd64/terraform-provider-aws_v1.15.0_x4
    Diff One (usually from plan): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff{"origin.408149110.origin_id":*terraform.ResourceAttrDiff{Old:"mydomain-image-resize-server-dev", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.domain_name":*terraform.ResourceAttrDiff{Old:"", New:"${replace(aws_api_gateway_deployment.image-resize-api.invoke_url, \"/^https://(.+)/.+$/\", \"$1\")}", NewComputed:true, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.origin_keepalive_timeout":*terraform.ResourceAttrDiff{Old:"5", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.https_port":*terraform.ResourceAttrDiff{Old:"443", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.http_port":*terraform.ResourceAttrDiff{Old:"", New:"80", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.s3_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.https_port":*terraform.ResourceAttrDiff{Old:"", New:"443", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.origin_read_timeout":*terraform.ResourceAttrDiff{Old:"30", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.origin_protocol_policy":*terraform.ResourceAttrDiff{Old:"", New:"https-only", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.origin_path":*terraform.ResourceAttrDiff{Old:"/dev", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_header.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.origin_keepalive_timeout":*terraform.ResourceAttrDiff{Old:"", New:"5", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.origin_protocol_policy":*terraform.ResourceAttrDiff{Old:"https-only", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.origin_ssl_protocols.0":*terraform.ResourceAttrDiff{Old:"TLSv1.2", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.origin_read_timeout":*terraform.ResourceAttrDiff{Old:"", New:"30", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.origin_id":*terraform.ResourceAttrDiff{Old:"", New:"mydomain-image-resize-server-dev", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.origin_path":*terraform.ResourceAttrDiff{Old:"", New:"/dev", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_header.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.origin_ssl_protocols.#":*terraform.ResourceAttrDiff{Old:"0", New:"1", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.s3_origin_config.#":*terraform.ResourceAttrDiff{Old:"0", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.origin_ssl_protocols.#":*terraform.ResourceAttrDiff{Old:"1", New:"0", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.~3591556650.custom_origin_config.2445681895.origin_ssl_protocols.0":*terraform.ResourceAttrDiff{Old:"", New:"TLSv1.2", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.custom_origin_config.2445681895.http_port":*terraform.ResourceAttrDiff{Old:"80", New:"0", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "origin.408149110.domain_name":*terraform.ResourceAttrDiff{Old:"hsl9zd51n6.execute-api.ap-northeast-1.amazonaws.com", New:"", NewComputed:false, NewRemoved:true, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
    Diff Two (usually from apply): *terraform.InstanceDiff{mu:sync.Mutex{state:0, sema:0x0}, Attributes:map[string]*terraform.ResourceAttrDiff(nil), Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply
  2. terraform apply // diff didn't match

Important Factoids

AWS

References

Not Found

bug serviccloudfront
Source
picture krrrr38
👍4

Most helpful comment

Hi folks ๐Ÿ‘‹ Sorry for the trouble with the aws_cloudfront_distribution resource. Since its original implementation, there were many configuration blocks that did not benefit from certain difference simplifications and arguments that were incorrectly using ordered lists instead of sets. Usually these type of implementation details surface in unexpected ways during Terraform runs as diffs didn't match during apply error in Terraform 0.11 and prior. (Aside: in Terraform 0.12 and later, these types of errors will include much better diagnostic information rather than dumping the raw differences.)

The configuration block simplifications and fixes were applied to the resource logic in version 2.0.0 of the Terraform AWS Provider, which will be releasing very shortly. Existing configurations should mostly work as they did previously, but aws_cloudfront_distribution resource updates and recreations should perform more reliably now without these errors. Since there were a large amount of varying diffs didn't match during apply reports, we are opting to close all these issues which appear to fall under this category.

We encourage everyone to file a new GitHub issue once upgraded to version 2.0.0 of the Terraform AWS Provider, should there be any further problems, so we can appropriately triage them. Thanks for your understanding and hope the upgrade is helpful. ๐Ÿ˜„

picture bflad on 27 Feb 2019
👍2

All 4 comments

Running into a similar issue when re-running terraform apply using the aws_cloudfront_distribution resource. 

aws_cloudfront_distribution.static-assets: aws_cloudfront_distribution.static-assets: diffs didn't match during apply. This is a bug with Terraform and should be reported as a GitHub Issue.

Terraform Version: 0.11.7
Resource ID: aws_cloudfront_distribution.static-assets
Mismatch reason: attribute mismatch: default_cache_behavior.2869687943.allowed_methods.#

Full diff details here:
https://gist.github.com/mikerj/6491a542781647276bdce22237ee62eb

mikerj picture mikerj on 15 May 2018

I had a similar issue, I seemed to solve it by not using the "replace" function in the domain_name parameter. I used
domain_name = "${aws_api_gateway_rest_api.name.id}.execute-api.${region}.amazonaws.com" instead and it seemed to work.

Prendy picture Prendy on 11 Jul 2018

Hi folks ๐Ÿ‘‹ Sorry for the trouble with the aws_cloudfront_distribution resource. Since its original implementation, there were many configuration blocks that did not benefit from certain difference simplifications and arguments that were incorrectly using ordered lists instead of sets. Usually these type of implementation details surface in unexpected ways during Terraform runs as diffs didn't match during apply error in Terraform 0.11 and prior. (Aside: in Terraform 0.12 and later, these types of errors will include much better diagnostic information rather than dumping the raw differences.)

The configuration block simplifications and fixes were applied to the resource logic in version 2.0.0 of the Terraform AWS Provider, which will be releasing very shortly. Existing configurations should mostly work as they did previously, but aws_cloudfront_distribution resource updates and recreations should perform more reliably now without these errors. Since there were a large amount of varying diffs didn't match during apply reports, we are opting to close all these issues which appear to fall under this category.

We encourage everyone to file a new GitHub issue once upgraded to version 2.0.0 of the Terraform AWS Provider, should there be any further problems, so we can appropriately triage them. Thanks for your understanding and hope the upgrade is helpful. ๐Ÿ˜„

bflad picture bflad on 27 Feb 2019
👍2

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 31 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jsi-p picture jsi-p  ยท  33Comments
jayanderson picture jayanderson  ยท  44Comments
obourdon picture obourdon  ยท  54Comments
oarmstrong picture oarmstrong  ยท  44Comments
tdmalone picture tdmalone  ยท  89Comments