Open
Description
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Core Version
1.8.2
AWS Provider Version
5.54.1
Affected Resource(s)
aws_cloudfront_distribution
Expected Behavior
Displaying a diff of changed origins
Unchanged behaviors should not be shown as removed/added.
Actual Behavior
The displayed diff shows all origins as removed and added.
It if really difficult to analyse the differences.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
New cloudfront distribution resource
resource "aws_cloudfront_distribution" "test_cdn" {
enabled = true
is_ipv6_enabled = true
comment = "Testing CDN"
price_class = "PriceClass_All"
origin {
domain_name = "perdu.com"
origin_id = "proxy"
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1"]
}
}
default_cache_behavior {
target_origin_id = var.origin_id
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
compress = true
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/content/immutable/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = var.origin_id
forwarded_values {
query_string = false
headers = ["Origin"]
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "redirect-to-https"
}
viewer_certificate {
acm_certificate_arn = var.ssl_certificate_arn
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}Modified cloudfront distribution resource
resource "aws_cloudfront_distribution" "test_cdn" {
enabled = true
is_ipv6_enabled = true
comment = "Testing CDN"
price_class = "PriceClass_All"
origin {
domain_name = "perdu.com"
origin_id = "perdu"
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1"]
}
}
origin {
domain_name = "perdu.com"
origin_id = "perdu2"
custom_origin_config {
http_port = "80"
https_port = "443"
origin_protocol_policy = "http-only"
origin_ssl_protocols = ["TLSv1"]
}
}
default_cache_behavior {
target_origin_id = "perdu"
viewer_protocol_policy = "redirect-to-https"
allowed_methods = ["DELETE", "GET", "HEAD", "OPTIONS", "PATCH", "POST", "PUT"]
cached_methods = ["GET", "HEAD"]
compress = true
forwarded_values {
query_string = false
cookies {
forward = "none"
}
}
}
ordered_cache_behavior {
path_pattern = "/content/immutable/*"
allowed_methods = ["GET", "HEAD", "OPTIONS"]
cached_methods = ["GET", "HEAD", "OPTIONS"]
target_origin_id = "perdu"
forwarded_values {
query_string = false
headers = ["Origin"]
cookies {
forward = "none"
}
}
min_ttl = 0
default_ttl = 86400
max_ttl = 31536000
compress = true
viewer_protocol_policy = "redirect-to-https"
}
viewer_certificate {
acm_certificate_arn = var.ssl_certificate_arn
minimum_protocol_version = "TLSv1.1_2016"
ssl_support_method = "sni-only"
}Steps to Reproduce
- Create a aws_cloudfront_distribution from the new cloudfront distribution resource mentionned above.
- Run apply
- Replace the aws_cloudfront_distribution by the modified cloudfront distribution resource mentionned above.
- Run apply
Debug Output
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_cloudfront_distribution.test_cdn will be updated in-place
~ resource "aws_cloudfront_distribution" "test_cdn" {
~ comment = "Testing CDN" -> "Cedric G. Testing CDN"
id = "E2YUD3GHLBCN1V"
~ price_class = "PriceClass_All" -> "PriceClass_100"
tags = {}
# (21 unchanged attributes hidden)
- origin {
- connection_attempts = 3 -> null
- connection_timeout = 10 -> null
- domain_name = "perdu.com" -> null
- origin_id = "perdu" -> null
# (2 unchanged attributes hidden)
- custom_origin_config {
- http_port = 80 -> null
- https_port = 443 -> null
- origin_keepalive_timeout = 5 -> null
- origin_protocol_policy = "http-only" -> null
- origin_read_timeout = 30 -> null
- origin_ssl_protocols = [
- "TLSv1",
] -> null
}
}
+ origin {
+ connection_attempts = 3
+ connection_timeout = 10
+ domain_name = "perdu.com"
+ origin_id = "perdu2"
# (2 unchanged attributes hidden)
+ custom_origin_config {
+ http_port = 80
+ https_port = 443
+ origin_keepalive_timeout = 5
+ origin_protocol_policy = "http-only"
+ origin_read_timeout = 30
+ origin_ssl_protocols = [
+ "TLSv1",
]
}
}
+ origin {
+ connection_attempts = 3
+ connection_timeout = 10
+ domain_name = "perdu.com"
+ origin_id = "perdu"
# (1 unchanged attribute hidden)
+ custom_origin_config {
+ http_port = 80
+ https_port = 443
+ origin_keepalive_timeout = 5
+ origin_protocol_policy = "http-only"
+ origin_read_timeout = 30
+ origin_ssl_protocols = [
+ "TLSv1",
]
}
}
# (4 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Panic Output
N/A
Important Factoids
N/A
References
No response
Would you like to implement a fix?
None