https://pulumi.com logo
Title
f

famous-jelly-72366

04/05/2023, 8:33 AM
Anyone else using CloudFront, I keep seeing that pulumi wrongly detects changes to
viewerCertificate.cloudfrontDefaultCertificate
always ends up having to fix manually in state with export/import, starting to get a bit annoying, wondering if there is some fix
tried updating to latest
@pulumi/aws@^5.34.0
still seeing this
g

great-sunset-355

04/05/2023, 12:01 PM
Which properties are different in diff? I do not have this problem.
f

famous-jelly-72366

04/05/2023, 12:03 PM
I have this code:
viewerCertificate: {
        cloudfrontDefaultCertificate: true,
        acmCertificateArn: certificate.arn,
        sslSupportMethod: "sni-only",
      },
when deploying pulumi keeps telling me there is diff on
viewerCertificate.cloudfrontDefaultCertificate
until I manually set it to
true
in state file using export/import
here is the diff I get:
~ aws:cloudfront/distribution:Distribution: (update)
        [id=E25WQJM7MXXX]
        [urn=urn:pulumi:XXX]
        [provider=urn:pulumi:XXX]
      ~ viewerCertificate: {
          ~ cloudfrontDefaultCertificate: false => true
        }
g

great-sunset-355

04/05/2023, 1:22 PM
ouch, I just found out I have it disabled (by default) cuz I also set the minimum protocol version I'd recommend checking terraform issues https://github.com/hashicorp/terraform-provider-aws TF uses
snake_case
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#viewer_certificate
g

great-sunset-355

04/06/2023, 7:05 AM
hmm, I wonder what's your usecase for default certificate, maybe it would be easier to use a wildcard ACM certificate.