Terraform: aws_cloudfront_distribution - "OriginReadTimeout is required for updates."
Hello,
Terraform Version
v0.9.3
Affected Resource(s)
- aws_cloudfront_distribution
Terraform Configuration Files
resource "aws_cloudfront_distribution" "cdn" {
origin {
domain_name = "${aws_s3_bucket.cdn.website_endpoint}"
origin_id = "origin-cdn.${var.domain}"
custom_origin_config {
origin_protocol_policy = "http-only"
http_port = "80"
https_port = "443"
origin_ssl_protocols = ["TLSv1.2"]
}
}
enabled = true
aliases = ["cdn.${var.domain}"]
price_class = "PriceClass_100"
default_cache_behavior {
allowed_methods = ["GET", "HEAD"]
cached_methods = ["GET", "HEAD"]
target_origin_id = "origin-cdn.${var.domain}"
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
viewer_protocol_policy = "redirect-to-https"
min_ttl = 0
default_ttl = 300
max_ttl = 1200
}
restrictions {
geo_restriction {
restriction_type = "none"
}
}
viewer_certificate {
cloudfront_default_certificate = true
}
}
Then add IPv6 support is_ipv6_enabled = true :
resource "aws_cloudfront_distribution" "cdn" {
origin {
domain_name = "${aws_s3_bucket.cdn.website_endpoint}"
origin_id = "origin-cdn.${var.domain}"
custom_origin_config {
origin_protocol_policy = "http-only"
http_port = "80"
https_port = "443"
origin_ssl_protocols = ["TLSv1.2"]
}
}
enabled = true
is_ipv6_enabled = true
...
}
Debug Output
Panic Output
Expected Behavior
What should have happened?
Resource aws_cloudfront_distribution.cdn should be updated with IPv6 support added.
Actual Behavior
What actually happened?
aws_cloudfront_distribution.cdn: Modifying... (ID:*******)
is_ipv6_enabled: "false" => "true"
Error applying plan:
1 error(s) occurred:
* aws_cloudfront_distribution.cdn: 1 error(s) occurred:
* aws_cloudfront_distribution.cdn: IllegalUpdate: OriginReadTimeout is required for updates.
status code: 400, request id: 871de922-2056-11e7-96a5-095694b3fd5b
Steps to Reproduce
terraform applyto apply the resource aws_cloudfront_distribution.cdn- Update tf file with is_ipv6_enabled
- Get error when ``terraform apply```
- Taint the ressource
terraform taint aws_cloudfront_distribution.cdn terraform apply
Thanks :)
gaelreyrol
All 13 comments
According to the aws golang documentation, the struct CustomOriginConfig do not need OriginReadTimeout. But it seems it's wrong now due to the error.
CustomOriginConfig: &cloudfront.CustomOriginConfig{
HTTPPort: aws.Int64(1), // Required
HTTPSPort: aws.Int64(1), // Required
OriginProtocolPolicy: aws.String("OriginProtocolPolicy"), // Required
OriginKeepaliveTimeout: aws.Int64(1),
OriginReadTimeout: aws.Int64(1),
OriginSslProtocols: &cloudfront.OriginSslProtocols{
Items: []*string{ // Required
aws.String("SslProtocol"), // Required
// More values...
},
Quantity: aws.Int64(1), // Required
},
},
Full example here
Here the function that manage the CustomOriginConfig struct in the provider implementation.
Hope it will help !
gaelreyrol
on 13 Apr 2017
Hi @Zevran
This is currently working in a PR! I hope to get this merged soon
Paul
stack72
on 13 Apr 2017
Link to pull request: https://github.com/hashicorp/terraform/pull/13367
KristophUK
on 18 Apr 2017
Is there any work around for this until the PR is merged and released?
pmacdougall
on 19 Apr 2017
@pmacdougall What I had to do was to apply the change manually and in some cases modify the .tf until terraform plan thinks the state matches.
Alternatively do the manual change and use ignore_changes https://www.terraform.io/docs/configuration/resources.html#ignore_changes until it's fixed so it doesn't trigger an update.
kitsunde
on 20 Apr 2017
Thanks @kitsunde . TIL: ignore_changes
pmacdougall
on 20 Apr 2017
@stack72
This also seems to be the case when adding cache behaviors. I added the origin manually in console and added "origin" to ignore_changes. Then tried to add a cache behaviour as below same kind of error.
Ended up using same workaround, add the behaviour in the console, then add "cache_behavior" to the ignore_changes list.
cache_behavior {
allowed_methods = ["GET", "HEAD", "POST", "OPTIONS"]
cached_methods = []
compress = true
min_ttl = 0
default_ttl = 0
max_ttl = 0
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
path_pattern = "/Prod"
smooth_streaming = false
target_origin_id = "XXX"
viewer_protocol_policy = "https-only"
}
shorn
on 23 Apr 2017
It's worth noting that this also prevents destroying a distribution because terraform (correctly) disables it before deleting it and fails to complete the update.
frohoff
on 26 Apr 2017
Looks like https://github.com/hashicorp/terraform/pull/13367 has been merged and will be released with v0.9.5
KristophUK
on 26 Apr 2017
Closed via #13367
Sorry for the time it too to fix this up
stack72
on 26 Apr 2017
No need to apologize, Paul! Thanks for the fix.
On Wed, 26 Apr 2017, 15:43 Paul Stack, notifications@github.com wrote:
Closed via #13367 https://github.com/hashicorp/terraform/pull/13367
Sorry for the time it too to fix this up
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/hashicorp/terraform/issues/13627#issuecomment-297430614,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAWkx7njcRKYew9wPcKWfpozOe20CT4Lks5rz1ffgaJpZM4M8ztu
.
gnarea
on 26 Apr 2017
what's the ETA for 0.9.5?
dan-turner
on 4 May 2017
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 13 Apr 2020
Related issues
thebenwaters
·
3Comments
shanmugakarna
·
3Comments
rjinski
·
3Comments
franklinwise
·
3Comments
sprokopiak
·
3Comments
Most helpful comment
Hi @Zevran
This is currently working in a PR! I hope to get this merged soon
Paul