I’m running terraform 1.5.5 with the hashicorp/aws 5.11.0
I have a aws_cloudformation_stack and one of the parameters is called “Password” (comes from a third party cloudformation template https://dataiku-cloudstacks.s3.amazonaws.com/templates/fleet-manager/12.1.2/fleet-manager-instance.yml)
The definition of that parameter is
Password:
Description: Fleet Manager user password
Type: String
NoEcho: true
MinLength: 1
AllowedPattern: ^[^`\\'"\$]+$
ConstraintDescription: |
Password cannot be empty and cannot contain the following characters: ` ' " \ $
Every time that I run terraform plan
it will detect changes on the Password field
Terraform will perform the following actions:
# aws_cloudformation_stack.fleetmanager will be updated in-place
~ resource "aws_cloudformation_stack" "fleetmanager" {
id = "arn:aws:cloudformation:xxxx:xxxx:stack/dataiku-fleetmanager/yyyy"
name = "dataiku-fleetmanager"
~ parameters = {
~ "Password" = "****" -> "abcdef12354"
# (9 unchanged elements hidden)
}
tags = {}
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Is there anyway to avoid this?