aws_cloudfront_distribution query_string_cache_keys reorder on every run

[davideagle]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.14

• provider.aws v2.35.0
• provider.null v2.1.2
• provider.random v2.2.1
• provider.template v2.1.2

Affected Resource(s)

• aws_cloudfront_distribution

Terraform Configuration Files

resource "aws_cloudfront_distribution" "distribution" {
  aliases = "${concat(list(var.domain), var.aliases)}"

  web_acl_id = "${var.web_acl_id}"

  default_cache_behavior {
    allowed_methods = ["HEAD", "GET"]
    cached_methods  = ["HEAD", "GET"]

    forwarded_values {
      cookies {
        forward = "none"
      }

      headers                 = ["Accept", "Accept-Charset", "Accept-Datetime", "Accept-Language", "Authorization", "Host", "Origin"]
      query_string            = true
      query_string_cache_keys = ["languageId", "locationId", "range", "beltArea", "category", "bookingId", "cardCategory", "keys", "optimizely_force_tracking", "optimizely_x"]
    }

    compress               = true
    default_ttl            = "${var.cache_default_ttl}"
    max_ttl                = "${var.cache_max_ttl}"
    min_ttl                = "${var.cache_min_ttl}"
    smooth_streaming       = true
    target_origin_id       = "${var.domain}"
    viewer_protocol_policy = "redirect-to-https"
  }
...
}

Debug Output

Panic Output

Expected Behavior

Plan should be empty

Actual Behavior

On each run terraform wants to reorder query_string_cache_keys, this is time consuming since cloudfront takes up to 15 minutes to complete propagation of this "new" config, however ordered_cache_behavior seems to be unaffected

      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.0:  "beltArea" => "languageId"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.1:  "bookingId" => "locationId"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.2:  "cardCategory" => "range"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.3:  "category" => "beltArea"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.4:  "keys" => "category"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.5:  "languageId" => "bookingId"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.6:  "locationId" => "cardCategory"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.7:  "optimizely_force_tracking" => "keys"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.8:  "optimizely_x" => "optimizely_force_tracking"
      default_cache_behavior.0.forwarded_values.0.query_string_cache_keys.9:  "range" => "optimizely_x"
      ordered_cache_behavior.10.forwarded_values.0.query_string_cache_keys.0: "languageId" => "latitude"
      ordered_cache_behavior.10.forwarded_values.0.query_string_cache_keys.1: "latitude" => "longitude"
      ordered_cache_behavior.10.forwarded_values.0.query_string_cache_keys.3: "longitude" => "languageId"
      ordered_cache_behavior.2.forwarded_values.0.query_string_cache_keys.0:  "cnt_language" => "limit"
      ordered_cache_behavior.2.forwarded_values.0.query_string_cache_keys.2:  "limit" => "cnt_language"
      ordered_cache_behavior.25.forwarded_values.0.query_string_cache_keys.0: "ice_uuid" => "redirectURL"
      ordered_cache_behavior.25.forwarded_values.0.query_string_cache_keys.1: "redirectURL" => "ice_uuid"

Steps to Reproduce

1. terraform apply

Important Factoids

References

• Related to: aws_cloudfront_distribution default_cache_behavior #5390

• #0000

[rafi-fisker]

Anyone working on a fix for this? Pretty frustrating

[chennagouda14]

A similar issue of values being re-ordered in every run has been observed for the "trusted_signers" parameter in default_cache_behavior & ordered_cache_behavior block.

If this issue is being tracked, then are there any updates for the same?

[Shocktrooper]

I just ran into this, It appears that somewhere whether its in terraform or in AWS that there is a reorder for query_string_cache_keys to make it alphabetical in its order. If you do not match this then you will get a permanent diff and terraform will try to update the resource. This list of keys should be unordered in terraform to prevent this from happening. If no fix is to be done for awhile a note should be put in the docs mentioning the need for the values to be alphabetical at least