Menu
I have a AWS CodePipeline configured in a terraform file, like this:
resource {
name = "Cool Pipeline"
...
stage {
name = "Source"
...
action {
name = "Source"
...
configuration {
Owner = "Me"
Repo = "<git-repo-uri>"
Branch = develop
OAuthToken = "b3287d649a28374e9283c749cc283ad74"
}
}
}
lifecycle {
ignore_changes = "OAuthToken"
}
}
The reason for ignoring the token, is that the AWS API doesn't show that token to terraform, instead AWS API outputs this with aws codepipeline get-pipeline <name>:
"pipeline": {
"stages": {
"name": "Source",
"actions": {
"configuration": {
"OAuthToken": "****"
}
}
}
}
Result is, when I perform the terraform planit shows me it wants to update that token, like so:
module.modulename.aws_codepipeline.codepipeline
stage.0.action.0.configuration.%: "3" => "4"
stage.0.action.0.configuration.OAuthToken: "" => "b3287d649a28374e9283c749cc283ad74"
My question is, how can I get the ignore_changes to take effect? I've tried this without any success:
ignore_changes = ["OAuthToken"]
ignore_changes = ["oauthtoken"]
ignore_changes = ["stage.action.configuration.OAuthToken"]
All examples I've found googling just shows how to ignore on the same block level.
(The token is this text is fake.)
570
When you want Terraform to ignore changes between subsequent apply commands you can use the lifecycle ignore_changes meta-argument. The ignore_changes argument means that Terraform will set the value when the resource is first deployed and then forever ignore any changes to it.
The ignore_changes feature is intended to be used when a resource is created with references to data that may change in the future, but should not affect said resource after its creation.
You can: delete those resources from your Terraform code to stop managing them with it. delete those resources from the API ( cloud provider ) and recreate them with Terraform. Perform a terraform import of those resources and remove the terraform code that is trying to recreate them (NOT RECOMMENDED)
The provider meta-argument specifies which provider configuration to use for a resource, overriding Terraform's default behavior of selecting one based on the resource type name.
This syntax, as hinted by terraform plan output, solved the problem:
ignore_changes = [
"stage.0.action.0.configuration.OAuthToken",
"stage.0.action.0.configuration.%"
]
Another way to solve it is to add the GITHUB_TOKEN system environment variable, with the token as the value. This way you do not need the ignore_changes directive in the tf files.
100
This syntax is deprecated
ignore_changes = [
"stage.0.action.0.configuration.OAuthToken",
"stage.0.action.0.configuration.%"
]
But the new one is ignored in v1.0.0 for some reason
ignore_changes = [
stage[0].action[0].configuration.OAuthToken,
stage[0].action[0].configuration,
]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
