[英]Updating aws_cloudfront_public_key encoded_key with the same value forces replacement
I am trying to create aws_cloudfront_public_key resource in terraform using below mentioned code,我正在尝试使用下面提到的代码在 terraform 中创建aws_cloudfront_public_key资源,
resource "aws_cloudfront_public_key" "key" {
name = "my-cf-pubkey"
encoded_key = file("${path.module}/abcd.pem")
}
First time if terraform apply is getting executed then its getting created successfully.如果 terraform apply 第一次被执行,那么它就成功创建了。 But all terraform apply post it trying to recreate aws_cloudfront_public_key ie its getting destroyed and recreate again even if public key is not getting changed, which is wrong behaviour.但是所有 terraform apply post it trying to recreate aws_cloudfront_public_key即它被破坏并再次重新创建,即使公钥没有被更改,这是错误的行为。
How to over come this issue?如何克服这个问题?
Plan output is:计划输出是:
# aws_cloudfront_public_key.documents-signing-key must be replaced
-/+ resource "aws_cloudfront_public_key" "documents-signing-key" {
~ caller_reference = "terraform-20221218060345896500000002" -> (known after apply)
~ encoded_key = <<-EOT # forces replacement
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
EOT
~ etag = "E1PKWHEWOCNZS4" -> (known after apply)
~ id = "K15GFD3XARNT0X" -> (known after apply)
name = "my-cf-pubkey"
+ name_prefix = (known after apply)
# (1 unchanged attribute hidden)
}
you can try using lifecycle block to prevent Terraform from attempting to recreate the resource again as shown below您可以尝试使用生命周期块来防止 Terraform 再次尝试重新创建资源,如下所示
resource "aws_cloudfront_public_key" "key" {
name = "my-cf-pubkey"
encoded_key = file("${path.module}/abcd.pem")
lifecycle {
create_before_destroy = true
}
}
Let me know if this will help you.让我知道这是否对您有帮助。
If the encoded_key attribute of your resource is not changing between Terraform runs, then you can use the ignore_changes attribute to tell Terraform to not attempt to check for changes.如果您的资源的 encoded_key 属性在 Terraform 运行之间没有变化,那么您可以使用 ignore_changes 属性告诉 Terraform 不要尝试检查更改。
For example:例如:
resource "aws_cloudfront_public_key" "key" {
name = "my-cf-pubkey"
encoded_key = file("${path.module}/abcd.pem")
ignore_changes = ["encoded_key"]
}
@JatinPanchal @JatinPanchal
Its worked after just added the new line(enter key) at the end of pem file it worked.在它工作的 pem 文件末尾添加新行(输入键)后它就工作了。
-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf
9Cnzj4p4WGeKLs1Pt8QuKUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQ==
-----END PUBLIC KEY-----
Ref: https://github.com/hashicorp/terraform-provider-aws/issues/20081参考: https ://github.com/hashicorp/terraform-provider-aws/issues/20081
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.