aws_cloudformation_stack should use 'Original' template instead of 'Processed' to detect change

[yesteph]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.3

• provider.archive v1.1.0
• provider.aws v1.50.0
• provider.local v1.1.0
• provider.template v1.0.0

Affected Resource(s)

• aws_cloudformation_stack

Terraform Configuration Files

provider "aws" {
  region  = "eu-west-1"
  profile = "maas-dev"
}

resource "aws_cloudformation_stack" "lambda" {

  name = "this-is-a-bug"

  template_body = <<FILE
{
  "AWSTemplateFormatVersion": "2010-09-09",
  "Transform": "AWS::Serverless-2016-10-31",
  "Description": "maas-result-reactor. Templates des lambdas, bases et interactions du reacteur de resultats",
  "Resources": {
    "UselessSQS": {
      "Type": "AWS::SQS::Queue"
    }
  }
}
FILE

  capabilities = ["CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"]
}

We create a aws_cloudformation_stack with a template body specifying some ServerlessApplicationModel SAM resources.
This template contains a "Transform": "AWS::Serverless-2016-10-31" directive.

After stack creation, we have two templates in the AWS CloudFormation Console : the Original and the Processed.
Among differences, the processed has not anymore the Transform": "AWS::Serverless-2016-10-31" directive.

Expected Behavior

After a terraform apply, we expect no change if we run it again.

Actual Behavior

At the second terraform apply run, aws_cloudformation_stack is planned for change because template_body is considered as changes also, even if the template file has not changed.

Steps to Reproduce

1. terraform apply => the stack is created
2. terraform apply => the stack is changed but I should not

Important Factoids

I looked at the AWS CloudFormation SDK and it is mentionned the "CloudFormation.GetTemplate" AWS API supports the TemplateStage parameter to indicate the 'Original' or 'Processed' one.
When activating DEBUG logs in Terraform I see the 'Processed' (without Transform": "AWS::Serverless-2016-10-31").

I suggest to change resource_aws_cloudformation_stack.go line 295 to add TemplateStage: 'Original" in
cloudformation.GetTemplateInput.

[bflad]

The fix for this has been merged and will release with version 2.44.0 of the Terraform AWS Provider, early next year. Thanks to @hanazuki for the implementation. 👍

[ghost]

This has been released in version 2.44.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!