Empty ssl_support_method when using cloudfront default certificate (#46)

The current implementation always uses "sni-only" as `ssl_support_method` in `viewer_certificate` configuration. According to Terraform documentation [0] this option is required only when using `acm_certificate_arn` or `iam_certificate_id`. In our experience this leads to a situation where Terraform tries to set `ssl_support_method` to "sni-only" at each run spending several time trying to do it (~10 minutes) without effectively setting anything (it doesn't fail though). With this commit we check the value of `acm_certificate_arn` and set the proper `ssl_support_method` only if such value is defined. [0] https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#ssl_support_method Co-authored-by: Andriy Knysh <[email protected]>
cloudposse · Jan 15, 2020 · e132823 · e132823
1 parent b7221b0
commit e132823
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/main.tf b/main.tf
@@ -189,7 +189,7 @@ resource "aws_cloudfront_distribution" "default" {
 
   viewer_certificate {
     acm_certificate_arn            = var.acm_certificate_arn
-    ssl_support_method             = "sni-only"
+    ssl_support_method             = var.acm_certificate_arn == "" ? "" : "sni-only"
     minimum_protocol_version       = var.minimum_protocol_version
     cloudfront_default_certificate = var.acm_certificate_arn == "" ? true : false
   }