From c2b44217dd4bd78fd5168d810ac2d76e4f4349d2 Mon Sep 17 00:00:00 2001 From: Chris Marchesi Date: Sat, 10 Sep 2016 20:46:34 -0700 Subject: [PATCH] provider/aws: Require CloudFront S3 origin origin_access_identity This fixes an issue where an empty s3_origin_config could be supplied to aws_cloudfront_distribution, "correctly" setting an empty default value. Unfortunately the rest of the CloudFront structure helper functions are not equipped to deal with this kind of scenario, and TF produces spurious diffs upon future runs. This removes the default and makes origin_access_identity required when specifying s3_origin_config. Note that it has always been intended behaviour that if someone does not want to use an origin access identity, that s3_origin_config should not be specified at all. This behaviour still works, as should be evident by the (still) passing tests. Fixes hashicorp/terraform#7930. --- builtin/providers/aws/resource_aws_cloudfront_distribution.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/builtin/providers/aws/resource_aws_cloudfront_distribution.go b/builtin/providers/aws/resource_aws_cloudfront_distribution.go index aa46bedbb0..3ba760ece6 100644 --- a/builtin/providers/aws/resource_aws_cloudfront_distribution.go +++ b/builtin/providers/aws/resource_aws_cloudfront_distribution.go @@ -355,8 +355,7 @@ func resourceAwsCloudFrontDistribution() *schema.Resource { Schema: map[string]*schema.Schema{ "origin_access_identity": &schema.Schema{ Type: schema.TypeString, - Optional: true, - Default: "", + Required: true, }, }, },