Troubleshooting

Common Issues

Terraform State Locked

cd iac/aws
terraform force-unlock <LOCK_ID>
# Or use the script
./scripts/setup_classroom.sh --name my-class --cloud aws --force-unlock

Lambda Packaging Fails

# Install missing dependencies
pip3 install virtualenv
./scripts/package_lambda.sh --cloud aws

AWS Credentials Not Found

aws configure
# Or use environment variables
export AWS_ACCESS_KEY_ID="your_key"
export AWS_SECRET_ACCESS_KEY="your_secret"

Backend Already Exists

The script handles existing backends gracefully
Use --destroy to clean up if needed

Deployment Issues

Resources Already Exist

If Terraform tries to create resources that already exist:

Check if resources are in Terraform state:
```
cd iac/aws
terraform state list
```
If resources exist in AWS but not in state:
- This shouldn't happen with clean deployments
- Use --destroy then redeploy for a fresh start
If resources exist in state but Terraform wants to recreate:
- Run terraform refresh to sync state
- Then terraform plan to see what Terraform wants to do

Deployment Fails Midway

If deployment fails:

Check the error message - It usually tells you what went wrong
Check Terraform state:
```
cd iac/aws
terraform state list
```
Retry the deployment - Terraform is idempotent and will continue where it left off
If stuck, use Clean Slate - Destroy and recreate

Frontend Not Updating

If frontend changes aren't showing:

Rebuild and redeploy frontend:

./scripts/build_frontend.sh --environment dev --region eu-west-3

Clear CloudFront cache (if using custom domain):
- Go to AWS Console → CloudFront
- Select your distribution
- Click "Invalidations" → "Create invalidation"
- Enter /* and create

CloudFront Issues

Certificate Validation Fails

Verify DNS records are correctly added in GoDaddy
Check for typos in the CNAME record values
Wait longer (DNS can take up to 48 hours, but usually 5-10 minutes)
Verify the certificate status in AWS Console (ACM in us-east-1)

CloudFront Distribution Not Created

Verify wait_for_certificate_validation = true in main.tf
Check that certificate status is ISSUED (not PENDING_VALIDATION)
Run terraform plan to see what Terraform wants to create
Check for errors in terraform apply output

DNS Not Resolving

Verify CNAME records are added correctly in GoDaddy
Check DNS propagation: dig ec2-management.testingfantasy.com
Wait longer for DNS propagation (can take up to 48 hours)
Verify CloudFront distribution is Deployed (not In Progress)

403 AccessDeniedException from CloudFront

This is usually a CloudFront configuration issue
Verify the origin (Lambda Function URL) is correct
Check CloudFront logs in CloudWatch
Verify the Lambda function URL is publicly accessible

CNAMEAlreadyExists Error

This happens when:

An old CloudFront distribution was deleted, but its CNAME record still exists in GoDaddy
Another CloudFront distribution already uses the same domain

Solution:

Remove the old CNAME record from GoDaddy
Set wait_for_certificate_validation = false temporarily
Run terraform apply to create the new distribution
Add the new CNAME record pointing to the new CloudFront domain

Debug Mode

Enable verbose Terraform output:

export TF_LOG=DEBUG
./scripts/setup_classroom.sh --name debug-class --cloud aws

Common Issues​

Terraform State Locked​

Lambda Packaging Fails​

AWS Credentials Not Found​

Backend Already Exists​

Deployment Issues​

Resources Already Exist​

Deployment Fails Midway​

Frontend Not Updating​

CloudFront Issues​

Certificate Validation Fails​

CloudFront Distribution Not Created​

DNS Not Resolving​

403 AccessDeniedException from CloudFront​

CNAMEAlreadyExists Error​

Debug Mode​