Menu
✦ ➜ terraform --version
Terraform v0.12.28
+ provider.aws v2.60.0
+ provider.kubernetes v1.11.3
+ provider.local v1.4.0
+ provider.null v2.1.2
+ provider.random v2.2.1
+ provider.template v2.1.2
Just put 2 new files for SSL certificate
# module.ssl-certificate.aws_iam_server_certificate.cert must be replaced
+/- resource "aws_iam_server_certificate" "cert" {
~ arn = "arn:aws:iam::XXX:server-certificate/xxx-ssl-certxxx" -> (known after apply)
~ certificate_body = "721e444119806928d19ef830740057c52580ba71" -> "cd6882dff1edb0223a20fe5f1c2b4b594f07526f" # forces replacement
- certificate_chain = "7e85cb3e40dff5a9f83ff75576d71fd98fdfdd89" -> null # forces replacement
~ id = "XXX" -> (known after apply)
~ name = "XXX-ssl-cert20200716210119477600000001" -> (known after apply)
name_prefix = "XXX-ssl-cert"
path = "/"
private_key = (sensitive value)
}
And each time I run terraform apply I always asked to "replace" the certificate. Each time a new one is created.
Files (crt, key) are not changing
/main.tf
module "ssl-certificate" {
source = "./modules/certificates"
certificate = {
name = "xxx-ssl-cert"
body = file("assets/ssl/_.xxx.com/xxx.crt")
private_key = file("assets/ssl/_.xxx.com/xxx.key")
}
team = var.team
project = var.project
component = ""
environment = var.environment
tags = module.project_config.tags
}
/modules/certificates/main.tf
resource "aws_iam_server_certificate" "cert" {
name_prefix = var.certificate.name
certificate_body = var.certificate.body
private_key = var.certificate.private_key
lifecycle {
create_before_destroy = true
}
}
What is wrong? Prior to this I had self-signed cert, and never had this behavior. Added new certs - and started to get these "recreate" required plans in apply.
970
I would suggest to use lifecycle for ignore_changes.
Example: lifecycle {
ignore_changes = [certificate_body]
}
answered Sep 22 '25 00:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With