Elastic Beanstalk - all changes to settings are hidden


I have setup an Elastic Beanstalk Environment as documented at: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elastic_beanstalk_environment#setting

Here’s a snippet:

resource "aws_elastic_beanstalk_environment" "emitwise-server-staging" {
  description            = "The emitwise flask server - staging"
  application            = "emitwise-app"
  name                   = "emitwise-server-staging"
  cname_prefix           = "emitwise-server-staging"
  solution_stack_name    = "64bit Amazon Linux 2 v3.2.2 running Python 3.7"
  tier                   = "WebServer"
  wait_for_ready_timeout = null

  setting {
    name      = "AppSource"
    namespace = "aws:cloudformation:template:parameter"
    value     = "<value>"

  setting {
    name      = "AppSource"
    namespace = "aws:cloudformation:template:parameter"
    value     = "<value>"


I have lots of these setting's defined. Some of them are using sensitive variables. e.g:

  setting {
    name      = "CLIENT_DATA_BUCKET"
    namespace = "aws:elasticbeanstalk:application:environment"
    value     = var.CLIENT_DATA_BUCKET

with CLIENT_DATA_BUCKET being defined as:

  description = "The S3 bucket client data is uploaded too"
  type        = string
  sensitive   = true

When running a terraform plan, any changes within a setting block is being hidden. How can I view these? As currently I am deploying blindly.

george@Georges-MBP beanstalk % terraform plan -var-file=staging.tfvars            
aws_elastic_beanstalk_environment.emitwise-server-staging: Refreshing state... [id=<id>]

Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_elastic_beanstalk_environment.emitwise-server-staging will be updated in-place
  ~ resource "aws_elastic_beanstalk_environment" "emitwise-server-staging" {
      ~ description            = "The emitwise flask server - staging - test" -> "The emitwise flask server - staging"
        id                     = "<id>"
        name                   = "emitwise-server-staging"
        tags                   = {}
        # (17 unchanged attributes hidden)

      ~ setting {
          # At least one attribute in this block is (or was) sensitive,
          # so its contents will not be displayed.

Plan: 0 to add, 1 to change, 0 to destroy.

Any help would be greatly appreciated.

I’ve tried looking at the json output file produced by plan to view the differences, but it’s far too large. Ideally I would be able to see which settings have changed and how they have changed in the output from plan.



The only solution I can see to this is to not use the sensitive feature, but that can’t be right.