This article explores a challenge encountered when setting up a continuous deployment workflow for AWS CloudFront using Terraform. We’ll delve into the issue, the limitations of Terraform’s current implementation, and a workaround solution for achieving continuous deployment with Terraform.
The Issue: Conflicting Resource Creation
AWS CloudFront recently introduced a “continuous deployment” feature. This allows testing configuration changes on a staging instance before rolling them out to the primary distribution. While Terraform supports managing both CloudFront distributions and the new continuous deployment policy, there’s currently a limitation.
The Terraform provider (version 5.42.0 as of this writing) doesn’t allow creating a primary CloudFront distribution with a pre-defined continuous deployment policy. This leads to an error message stating “InvalidArgument: Continuous deployment policy is not supported during distribution creation.”
The Workaround: Sequential Deployment with Conditional Logic
To overcome this limitation, we can leverage Terraform’s conditional logic capabilities. Here’s the solution:
- Define a Boolean Variable: Introduce a variable named is_set_continuous_deployment. This will act as a flag to determine if the continuous deployment policy should be linked to the primary distribution.
- Conditional Assignment in Primary Distribution: Within the aws_cloudfront_distribution resource for the primary distribution, conditionally set the continuous_deployment_policy_id attribute. Use a ternary operator to assign the ID of the aws_cloudfront_continuous_deployment_policy resource (created earlier) only if is_set_continuous_deployment is set to true. Otherwise, leave it empty.
continuous_deployment_policy_id = var. is_set_continuous_deployment ?
aws_cloudfront_continuous_deployment_policy.this.id : ""
- Sequential Terraform Runs: This solution requires two separate Terraform runs. First Run (is_set_continuous_deployment=false): In the initial run, set is_set_continuous_deployment to false. This will create both the primary and staging CloudFront distributions without attempting to link the policy to the primary one. Second Run (is_set_continuous_deployment=true): After the first run successfully creates both distributions, execute Terraform again with is_set_continuous_deployment set to true. This will link the pre-existing continuous deployment policy to the primary distribution.
Conclusion
While Terraform doesn’t yet natively support creating a primary CloudFront distribution with a pre-defined continuous deployment policy, this workaround offers a solution for achieving continuous deployment functionality. This approach leverages conditional logic and sequential Terraform runs to configure the desired setup.
Note: This solution is specific to Terraform version 5.42.0. Future updates might address this limitation, so staying updated on Terraform releases is recommended.
Top comments (0)