[Bug]: aws_cloudformation_stack always wants to change templates which (i) do not have a trailing newline and (ii) are greater than 16KB

[alexwlchan]

Terraform Core Version

v1.3.8

AWS Provider Version

v4.54.0

Affected Resource(s)

• aws_cloudformation_stack

Expected Behavior

If you create an aws_cloudformation_stack resource with a template_body that doesn't change between runs, terraform plan will report "no changes required".

Actual Behavior

If your template_body parameter:

1. Doesn't have a trailing newline
2. Is greater than 16,384 bytes in size

then Terraform will want to update your CloudFormation stack in-place, whether or not you've changed anything.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

This contains a reproduction test case: terraform-cf-repro.zip

This is the Terraform configuration file:

provider "aws" {
  region = "eu-west-1"
}

resource "aws_cloudformation_stack" "hello_bucket_16383_no_newline" {
  name          = "hello-bucket-16383-no-newline"
  template_body = file("${path.module}/hello_bucket.16383-no-newline.yml")
}

resource "aws_cloudformation_stack" "hello_bucket_16383_newline" {
  name          = "hello-bucket-16383-newline"
  template_body = file("${path.module}/hello_bucket.16383-newline.yml")
}

resource "aws_cloudformation_stack" "hello_bucket_16384_no_newline" {
  name          = "hello-bucket-16384-no-newline"
  template_body = file("${path.module}/hello_bucket.16384-no-newline.yml")
}

resource "aws_cloudformation_stack" "hello_bucket_16384_newline" {
  name          = "hello-bucket-16384-newline"
  template_body = file("${path.module}/hello_bucket.16384-newline.yml")
}

resource "aws_cloudformation_stack" "hello_bucket_16385_no_newline" {
  name          = "hello-bucket-16385-no-newline"
  template_body = file("${path.module}/hello_bucket.16385-no-newline.yml")
}

resource "aws_cloudformation_stack" "hello_bucket_16385_newline" {
  name          = "hello-bucket-16385-newline"
  template_body = file("${path.module}/hello_bucket.16385-newline.yml")
}

These refer to six different CloudFormation YAML files, also included. Each file is the Hello Bucket example from the AWS CloudFormation documentation, followed by a comment to pad the files to the correct length. For ease of debugging, the comment is just the file's name repeated over and over (e.g. 16383-newline 16383-newline 16383-newline).

The files are named with:

• their length in bytes
• whether they end in a trailing newline (-newline) or not (-no-newline)

Steps to Reproduce

With the configuration above, run:

$ terraform init
$ terraform apply -auto-approve
$ terraform plan

Observe that the terraform plan output wants to make changes to the aws_cloudformation_stack.hello_bucket_16385_no_newline resource, and that resource only.

Debug Output

I've uploaded debug logs for both the apply and plan commands here: https://gist.github.com/alexwlchan/dc359ac14d277dddbffa3f63bb6e5ff8

Panic Output

No response

Important Factoids

No response

References

I don't know if it's the same root cause, but there have been other issues with aws_cloudformation_stack indefinitely applying changes, e.g. #55

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[alexwlchan]

Note: a pretty easy workaround exists (add the newline), but it was pretty non-obvious to me (and I’m sure others) that this lack of newline was behind the constant re-plans.

[abhihashi]

@alexwlchan where's the new line to be added. I've pretty standard aws_cloudformation_stack resource definition that results in plan changes for every apply.

[alexwlchan]

@abhihashi:

where's the new line to be added

Right at the very end of the CloudFormation definition, if I recall correctly!