https://pulumi.com logo
Powered by
Title
f

famous-jelly-72366

04/05/2023, 8:33 AM
Anyone else using CloudFront, I keep seeing that pulumi wrongly detects changes to 
viewerCertificate.cloudfrontDefaultCertificate
always ends up having to fix manually in state with export/import, starting to get a bit annoying, wondering if there is some fix
tried updating to latest 
@pulumi/aws@^5.34.0
still seeing this
g

great-sunset-355

04/05/2023, 12:01 PM
Which properties are different in diff? I do not have this problem.
f

famous-jelly-72366

04/05/2023, 12:03 PM
I have this code: 
viewerCertificate: {
        cloudfrontDefaultCertificate: true,
        acmCertificateArn: certificate.arn,
        sslSupportMethod: "sni-only",
      },
when deploying pulumi keeps telling me there is diff on 
viewerCertificate.cloudfrontDefaultCertificate
until I manually set it to 
true
in state file using export/import
here is the diff I get: 
~ aws:cloudfront/distribution:Distribution: (update)
        [id=E25WQJM7MXXX]
        [urn=urn:pulumi:XXX]
        [provider=urn:pulumi:XXX]
      ~ viewerCertificate: {
          ~ cloudfrontDefaultCertificate: false => true
        }
g

great-sunset-355

04/05/2023, 1:22 PM
ouch, I just found out I have it disabled (by default) cuz I also set the minimum protocol version I'd recommend checking terraform issues https://github.com/hashicorp/terraform-provider-aws TF uses 
snake_case
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#viewer_certificate
f

famous-jelly-72366

04/05/2023, 1:34 PM
hmmm closest I found is this: https://github.com/hashicorp/terraform-provider-aws/issues/407 ... though there is quite a bunch: https://github.com/hashicorp/terraform-provider-aws/issues?q=is%3Aissue+cloudfront_default_certificate
g

great-sunset-355

04/06/2023, 7:05 AM
hmm, I wonder what's your usecase for default certificate, maybe it would be easier to use a wildcard ACM certificate.
2 Views
#awsJoin Slack
Powered by