Terraform Product Version Linting

[drew-simmons]

Is there a way to better lint or validate the Terraform products before running tar -zcfv artifact.tar.gz * and uploading them to a Service Catalog version?

terraform validate returns Successful, but when going to Launch the Service Catalog Product, we get: "Package is in state FAILED, but must be in state AVAILABLE."

Is there a place to troubleshoot why Service Catalog says the package is in a failed state?

artifact.tar.gz

.
├── files
│   ├── amazon-cloudwatch-agent.json
│   ├── Dockerfile
├── main.tf
├── providers.tf
├── templates
│   └── user_data.tpl
└── variables.tf

providers.tf

provider "aws" {
}

[mackalex]

Hi Drew! Please cut a ticket to AWS Service Catalog for support on the "Package is in a state FAILED, but must be in state AVAILABLE." This can occur when the S3 bucket that you are hosting the Provisioning Artifact template in does not provide Service Catalog proper access to get the template from it.

You can follow this guide to ensure that your S3 bucket provides sufficient access to Service Catalog to pull from it: https://docs.aws.amazon.com/servicecatalog/latest/adminguide/productmgmt-cloudresource.html#productmgmt-cloudresource-troubleshooting

In terms of better linting or validation, we have been suggesting to customers to use third party validation or linting as we do not have plans to provide our own linting or validation in TRE.

[drew-simmons]

Alright, thank you @mackalex! We'll add some additional linting from third party tools during our Continuous Integration builds.

The "Package is in a state FAILED" error was due to the Service Catalog not having access to use the KMS Key the S3 object was encrypted with.

Thanks again for the help!