cloudfront destroy failure

[xenoterracide]

cloudfront destroy fails, this seems to be because cloudfront needs to deactivate first, and then delete. It seems that even if it has been disabled for a while (ran apply, it disabled, and failed, ran again, it failed again?)

aws_cloudfront_distribution.Nexus: Still destroying... (ID: E1WQKB51SRD57X, 20m31s elapsed)
Error applying plan:

1 error(s) occurred:

* aws_cloudfront_distribution.Nexus (destroy): 1 error(s) occurred:

* aws_cloudfront_distribution.Nexus: PreconditionFailed: The request failed because it didn't meet the preconditions in one or more request-header fields.
	status code: 412, request id: 8c8c265d-6275-11e7-b7ad-47970b40e146

so after

aws_cloudfront_distribution.Nexus: Still destroying... (ID: E1WQKB51SRD57X, 10m0s elapsed)

I just went in an clicked delete. If more info is needed I will try to supply.

Terraform v0.9.11

[cannontrodder]

I'm also getting this in 0.10.6 and deleting manually fixed it instantly. I think I might have interrupted a previous 'apply' - self-inflicted!

[Ninir]

Hi folks,

@cannontrodder thank you for your feedback!

@xenoterracide could you also try on your side?

Thank you!

[xenoterracide]

deleting manually would cause the apply to go through, but a subsequent create/destroy was causing the problem to resurface (because of cloudfront's deactive -> delete workflow). It may work in 10, we haven't upgraded yet, I'll leave a note to update this in our upgrade ticket.

[spanktar]

Same here. 0.10.6, will try in 0.10.7 but not sure how to recreate.

Also of note, if trying to do a refresh/apply/destroy on more than just the CF resources, TF just hangs with no output. I had a hunch it was CF so I targeted them specifically and this surfaced.

[xenoterracide]

0.10.8/aws 1.2

aws_cloudfront_distribution.Nexus: Still destroying... (ID: E3LLHNS4QUMVRA, 20m50s elapsed)

Error: Error applying plan:

1 error(s) occurred:

* aws_cloudfront_distribution.Nexus (destroy): 1 error(s) occurred:

* aws_cloudfront_distribution.Nexus: PreconditionFailed: The request failed because it didn't meet the preconditions in one or more request-header fields.
	status code: 412, request id: 3caf8c9e-be78-11e7-9a92-a11565751fd7

my guess is this was caused by my creating the distribution, and then trying to destroy it almost immediately as I troubleshoot another problem

[cannontrodder]

@Ninir I got this error again, googled it and found this thread where I had already commented! So at least others who get this issue can see this thread!

Anyway, there are some issues I get from time to time with terraform which I now feel are extreme edge-cases caused by my behaviour as I develop a complex terraform stack. I'm iterating over and over -
destroying/applying and so on. I'm doing this with a frequency that I could not see being matched in normal production use.

It's no surprise to me now that the issues I see are around destroying cloudfront distributions, rds instances and other resources that typically take a while to get up and running and a while to destroy. e.g., I've had cf distributions take 40 minutes to destroy.

So, for those who follow, don't sweat this issue too much, just apply/destroy again. The only sane thing to do when an something in AWS fails to do as terraform asks is to shrug your shoulders and just say "that's the cloud for you".

[xenoterracide]

yeah, I've seen it take some 30-40 minutes on the long end, but that usually seems to happen when correcting some error or another, like if I stop a create in order to change something, but it's already started, it then takes longer to destroy it again. I think that perhaps the best strategy though, is to ensure your cloudfront resources are separate, so you don't have to destroy them when you destroy the things backing them.

[jareware]

Just ran into this as well.

Applying the same config again managed to destroy the same CF distribution that had failed (after 11 minutes), and completed successfully in the end. 👍

Terraform v0.11.7
+ provider.aws v1.18.0
+ provider.grafana v1.0.2
+ provider.influxdb v1.0.1
+ provider.null v1.0.0

[bflad]

@jareware do you happen to have the debug logs from the failed apply? Unfortunately its really hard to troubleshoot or fix this issue without knowing exactly what is causing it. Any context helps! 😄

[jareware]

Sadly I don't.

I'll try to keep this in mind for the future, though!

[arsdehnel]

I just hit this same error and I do have the debug logs. Given the fact that it's 32000 lines long and littered with possible "secret" data, how would you want to receive them?

[denniskribl]

just hit the same error when using Terratest to test my code.

my guess is this was caused by my creating the distribution, and then trying to destroy it almost immediately as I troubleshoot another problem

It seems like that's the problem. With the testing framework I am spawning a CF distribution, making some http calls until a 200 response occurs and then immediately destroy everything.

My dirty fix was to sleep for 5minutes after CF answers with a 200... 😩

[bflad]

The fix for PreconditionFailed errors on destroy should be resolved with version 2.1.0 of the Terraform AWS Provider, releasing likely middle of this week. 👍

[bflad]

This has been released in version 2.1.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!