Merge pull request #4698 from terraform-providers/f-aws_cloudfront_di…

…stribution-cert-retries resource/aws_cloudfront_distribution: Allow create and update retries on InvalidViewerCertificate for eventual consistency issues
hashicorp · Jun 2, 2018 · 26edc10 · 26edc10
2 parents 27306c6 + ed585a6
commit 26edc10
Showing 1 changed file with 32 additions and 4 deletions.
diff --git a/aws/resource_aws_cloudfront_distribution.go b/aws/resource_aws_cloudfront_distribution.go
@@ -702,10 +702,25 @@ func resourceAwsCloudFrontDistributionCreate(d *schema.ResourceData, meta interf
 		},
 	}
 
-	resp, err := conn.CreateDistributionWithTags(params)
+	var resp *cloudfront.CreateDistributionWithTagsOutput
+	// Handle eventual consistency issues
+	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
+		var err error
+		resp, err = conn.CreateDistributionWithTags(params)
+		if err != nil {
+			// ACM and IAM certificate eventual consistency
+			// InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
+			if isAWSErr(err, cloudfront.ErrCodeInvalidViewerCertificate, "") {
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
 	if err != nil {
-		return err
+		return fmt.Errorf("error creating CloudFront Distribution: %s", err)
 	}
+
 	d.SetId(*resp.Distribution.Id)
 	return resourceAwsCloudFrontDistributionRead(d, meta)
 }
@@ -768,9 +783,22 @@ func resourceAwsCloudFrontDistributionUpdate(d *schema.ResourceData, meta interf
 		DistributionConfig: expandDistributionConfig(d),
 		IfMatch:            aws.String(d.Get("etag").(string)),
 	}
-	_, err := conn.UpdateDistribution(params)
+
+	// Handle eventual consistency issues
+	err := resource.Retry(1*time.Minute, func() *resource.RetryError {
+		_, err := conn.UpdateDistribution(params)
+		if err != nil {
+			// ACM and IAM certificate eventual consistency
+			// InvalidViewerCertificate: The specified SSL certificate doesn't exist, isn't in us-east-1 region, isn't valid, or doesn't include a valid certificate chain.
+			if isAWSErr(err, cloudfront.ErrCodeInvalidViewerCertificate, "") {
+				return resource.RetryableError(err)
+			}
+			return resource.NonRetryableError(err)
+		}
+		return nil
+	})
 	if err != nil {
-		return err
+		return fmt.Errorf("error updating CloudFront Distribution (%s): %s", d.Id(), err)
 	}
 
 	if err := setTagsCloudFront(conn, d, d.Get("arn").(string)); err != nil {