Open joemitchel opened 1 year ago
sandeepyadav1478
commented
1 year ago terraform { / Uncomment this block to use Terraform Cloud for this tutorial cloud { organization = "organization-name" workspaces { name = "learn-terraform-provider-versioning" } } /
required_providers { random = { source = "hashicorp/random" version = "3.1.0" }
aws = {
source = "hashicorp/aws"
version = ">= 5.16.1"
}}
required_version = "1.5.7" }
sandeepyadav1478
commented
1 year ago provider "aws" { region = "us-west-2" alias = "primary_region" }
resource "random_pet" "petname" { length = 5 separator = "-" }
resource "aws_s3_bucket" "sample_bucket_we_used_b" {
provider = aws.primary_region
bucket = random_pet.petname.id tags = { public_bucket = true } }
resource "aws_s3_bucket_ownership_controls" "sample_bucket_we_used_b" { provider = aws.primary_region bucket = aws_s3_bucket.sample_bucket_we_used_b.id rule { object_ownership = "BucketOwnerPreferred" } }
ericpardee
commented
7 months ago I was going over this tutorial with a student and the same issue.
Versions:
terraform version
Terraform v1.7.1
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.37.0
+ provider registry.terraform.io/hashicorp/random v3.1.0The docs should be updated such that the final main.tf looks like this:
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
provider "aws" {
}
resource "random_pet" "petname" {
length = 5
separator = "-"
}
resource "aws_s3_bucket" "sample" {
bucket = random_pet.petname.id
tags = {
public_bucket = true
}
}
resource "aws_s3_bucket_ownership_controls" "sample" {
bucket = aws_s3_bucket.sample.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
resource "aws_s3_bucket_public_access_block" "sample" {
bucket = aws_s3_bucket.sample.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_acl" "sample" {
bucket = aws_s3_bucket.sample.id
acl = "public-read"
depends_on = [aws_s3_bucket_ownership_controls.sample]
}
As is, the suggested changes in the docs error with:
Error: creating S3 Bucket (typically-presumably-gently-casual-fowl) ACL: operation error S3: PutBucketAcl, https response error StatusCode: 403, RequestID: K64Z91129TSPJHM9, HostID: HUAtM7VWnw/+e8clAtYKByMcOab7P+0Nvlorq9NBQ2z0JC45GGQrXUAMyTvj0Ge3zUFa5aRZLiA=, api error AccessDenied: Access Denied
https://github.com/hashicorp/learn-terraform-provider-versioning/blob/38292721561b5c9f6030a7730e7faadf3a1e873f/main.tf#L16C3-L16C25
Received the following error on the initial
Terraform Applystep instead of the deprecation warning output as referenced in the tutorial:Possibly due to changes made April 2023: ARTICLE
Was able to workaround and finish the tutorial by commenting out referenced line 16 in main.tf file and running
Terraform ApplyThe bucket is then created with defaults, and the tutorial can move forward to the ACL change section. However, the ACL manual change referenced in the article also fail on the next
Terraform Applystep presumably for the same reason as the above issue cause:resource "aws_s3_bucket_acl" "example" { bucket = aws_s3_bucket.sample.id acl = "public-read" }
The following ACL block appears to accomplish public access:
resource "aws_s3_bucket_ownership_controls" "example" { bucket = random_pet.petname.id rule { object_ownership = "BucketOwnerPreferred" } }
resource "aws_s3_bucket_public_access_block" "example" { bucket = random_pet.petname.id
block_public_acls = false block_public_policy = false ignore_public_acls = false restrict_public_buckets = false }
resource "aws_s3_bucket_acl" "example" { depends_on = [ aws_s3_bucket_ownership_controls.example, aws_s3_bucket_public_access_block.example, ]
bucket = random_pet.petname.id acl = "public-read" }