Docs show, and validation allows more than 2 members in an origin_group

[leecookson]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

v0.11.11

Affected Resource(s)

• aws_cloudfront_distribution

Terraform Configuration Files

aws_cloudfront_distribution {

...

  origin_group {
    origin_id = "Group-S3-dataCenter"

    failover_criteria {
      status_codes = [403, 404, 500, 502]
    }

    member {
      origin_id = "S3-bucket-A"
    }

    member {
      origin_id = "S3-bucket-B"
    }

    member {
      origin_id = "dataCenter"
    }
  }
...
}

origin_id values are valid and refer to origin blocks

Debug Output

(output is very short)

* aws_cloudfront_distribution.online_stg_wsj_com: 1 error(s) occurred:

* aws_cloudfront_distribution.online_stg_wsj_com: error updating CloudFront Distribution (E35WRBM213N67M): MalformedXML: 1 validation error detected: Value '[com.amazon.edge._2019_03_26.OriginGroupMember@a12d5dec, com.amazon.edge._2019_03_26.OriginGroupMember@fcaf6761, com.amazon.edge._2019_03_26.OriginGroupMember@2ffac0a0]' at 'distributionConfig.originGroups.items.2.member.members.items' failed to satisfy constraint: Member must have length less than or equal to 2
	status code: 400, request id: a7da7e24-a8b2-11e9-97ea-498b0fdee262

Expected Behavior

Terraform docs should note that there is a limit of 2 memberblocks for an orgin_group based on AWS docs + behavior.

For better error reporting, terraform itself should indicate more than 2 members in an origin_group is invalid

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/high_availability_origin_failover.html

To get started, create an origin group in which you designate a primary origin for CloudFront plus a second origin that CloudFront automatically switches to when the primary origin returns specific HTTP status code failure responses.

This feature does not support more than 2 members in the origin group.

Actual Behavior

Terraform reports an AWS error that you can only supply less than or equal than 2 members in an origin group.

Steps to Reproduce

1. terraform apply

• #0000

[nywilken]

@leecookson thanks for opening up this issue, and I'm sorry for the confusion. This is an important piece of documentation/validation to have in place so I am going to mark this issue as an enhancement request. If you are interested in opening a pull-request for this enhancement it would be a matter of adding MaxItems: 2 to the member argument and updating the resource documentation to indicate that only two members are allowed for the origin group, as documented here

Code block where change is needed https://github.com/terraform-providers/terraform-provider-aws/blob/818c39d4bc3c003ec2c5574e583b20ba3e6ff849/aws/resource_aws_cloudfront_distribution.go#L518

[ghost]

I'm going to close this issue due to inactivity (90 days without response ⏳ ). This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!