Open joemitchel opened 1 year ago
terraform { / Uncomment this block to use Terraform Cloud for this tutorial cloud { organization = "organization-name" workspaces { name = "learn-terraform-provider-versioning" } } /
required_providers { random = { source = "hashicorp/random" version = "3.1.0" }
aws = {
source = "hashicorp/aws"
version = ">= 5.16.1"
}
}
required_version = "1.5.7" }
provider "aws" { region = "us-west-2" alias = "primary_region" }
resource "random_pet" "petname" { length = 5 separator = "-" }
resource "aws_s3_bucket" "sample_bucket_we_used_b" {
provider = aws.primary_region
bucket = random_pet.petname.id tags = { public_bucket = true } }
resource "aws_s3_bucket_ownership_controls" "sample_bucket_we_used_b" { provider = aws.primary_region bucket = aws_s3_bucket.sample_bucket_we_used_b.id rule { object_ownership = "BucketOwnerPreferred" } }
I was going over this tutorial with a student and the same issue.
Versions:
terraform version
Terraform v1.7.1
on darwin_arm64
+ provider registry.terraform.io/hashicorp/aws v5.37.0
+ provider registry.terraform.io/hashicorp/random v3.1.0
The docs should be updated such that the final main.tf
looks like this:
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
provider "aws" {
}
resource "random_pet" "petname" {
length = 5
separator = "-"
}
resource "aws_s3_bucket" "sample" {
bucket = random_pet.petname.id
tags = {
public_bucket = true
}
}
resource "aws_s3_bucket_ownership_controls" "sample" {
bucket = aws_s3_bucket.sample.id
rule {
object_ownership = "BucketOwnerPreferred"
}
}
resource "aws_s3_bucket_public_access_block" "sample" {
bucket = aws_s3_bucket.sample.id
block_public_acls = false
block_public_policy = false
ignore_public_acls = false
restrict_public_buckets = false
}
resource "aws_s3_bucket_acl" "sample" {
bucket = aws_s3_bucket.sample.id
acl = "public-read"
depends_on = [aws_s3_bucket_ownership_controls.sample]
}
As is, the suggested changes in the docs error with:
Error: creating S3 Bucket (typically-presumably-gently-casual-fowl) ACL: operation error S3: PutBucketAcl, https response error StatusCode: 403, RequestID: K64Z91129TSPJHM9, HostID: HUAtM7VWnw/+e8clAtYKByMcOab7P+0Nvlorq9NBQ2z0JC45GGQrXUAMyTvj0Ge3zUFa5aRZLiA=, api error AccessDenied: Access Denied
https://github.com/hashicorp/learn-terraform-provider-versioning/blob/38292721561b5c9f6030a7730e7faadf3a1e873f/main.tf#L16C3-L16C25
Received the following error on the initial
Terraform Apply
step instead of the deprecation warning output as referenced in the tutorial:Possibly due to changes made April 2023: ARTICLE
Was able to workaround and finish the tutorial by commenting out referenced line 16 in main.tf file and running
Terraform Apply
The bucket is then created with defaults, and the tutorial can move forward to the ACL change section. However, the ACL manual change referenced in the article also fail on the next
Terraform Apply
step presumably for the same reason as the above issue cause:resource "aws_s3_bucket_acl" "example" { bucket = aws_s3_bucket.sample.id acl = "public-read" }
The following ACL block appears to accomplish public access:
resource "aws_s3_bucket_ownership_controls" "example" { bucket = random_pet.petname.id rule { object_ownership = "BucketOwnerPreferred" } }
resource "aws_s3_bucket_public_access_block" "example" { bucket = random_pet.petname.id
block_public_acls = false block_public_policy = false ignore_public_acls = false restrict_public_buckets = false }
resource "aws_s3_bucket_acl" "example" { depends_on = [ aws_s3_bucket_ownership_controls.example, aws_s3_bucket_public_access_block.example, ]
bucket = random_pet.petname.id acl = "public-read" }