S3Backend is not working with dynamic bucket name

[a0s]

Community Note

I am trying to migrate local state to s3 that is in aws account with role assuming access.

new S3Backend(this, <S3BackendProps>{
      bucket: s3backend.s3bucket.id,
      key: `terraform/${id}.tfstate`,
      roleArn: config.roleArn,
      region: config.region,
      sessionName: "terraform-session"
    })

After cdktf synth it leaves link in backend block in cdk.tf.json :

  "backend": {
      "s3": {
        "bucket": "${aws_s3_bucket.terraform_backend_stack_state_7AB0FE3F.id}",
        "key": "terraform/xxx.tfstate",
        "region": "eu-central-1",
        "role_arn": "arn:aws:iam::zzz:role/administrator",
        "session_name": "terraform-session"
      }
    },

Then terraform -chdir=./cdktf.out/stacks/STACK2 init -migrate-state fails with InvalidBucketName: The specified bucket is not valid

But It works ok when bucket: "is_a_static_string".

cdktf & Language Versions

    "cdktf": "0.11.2",
    "cdktf-cli": "0.11.2",

"hashicorp/aws@ ~> 4.19.0",

Debug Output

-----------------------------------------------------
2022-06-29T16:25:21.405+0200 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>InvalidBucketName</Code><Message>The specified bucket is not valid.</Message><BucketName>${aws_s3_bucket.terraform_backend_stack_state_7AB0FE3F.id}</BucketName><RequestId>HYH455VSWVPFT95G</RequestId><HostId>gw9Z/TU79ryUWdUPHGhHvYFZWYnmHQQJCtijvd9bxrh24NTCuIznijt0af3QQVf5qJRKlJTSH5Q=</HostId></Error>
2022-06-29T16:25:21.405+0200 [DEBUG] [aws-sdk-go] DEBUG: Validate Response s3/GetObject failed, attempt 0/5, error InvalidBucketName: The specified bucket is not valid.
        status code: 400, request id: HYH455VSWVPFT95G, host id: gw9Z/TU79ryUWdUPHGhHvYFZWYnmHQQJCtijvd9bxrh24NTCuIznijt0af3QQVf5qJRKlJTSH5Q=

Expected Behavior

It should migrate state to s3

Actual Behavior

> cdktf synth && terraform -chdir=./cdktf.out/stacks/STACK2  init -migrate-state

Generated Terraform code for the stacks: STACK1, STACK2
Initializing modules...

Initializing the backend...
Backend configuration changed!

Terraform has detected that the configuration specified for the backend
has changed. Terraform will now check for existing state in the backends.

╷
│ Error: Error loading state:
│     InvalidBucketName: The specified bucket is not valid.
│       status code: 400, request id: PKPT1H7RYGAX5J6D, host id: U8wY/SZC3xxLaa2izCE/8StOJLZIaUkbhdy1HmYHV3hPHwN9Tva5NjAcvAOrxQY1i9QjRcY5uTs=
│ 
│ Terraform failed to load the default state from the "s3" backend.
│ State migration cannot occur unless the state can be loaded. Backend
│ modification and state migration has been aborted. The state in both the
│ source and the destination remain unmodified. Please resolve the
│ above error and try again.

Steps to Reproduce

    const s3backend = new S3BackendConstruct(this, "terraform_backend", <S3BackendConstructConfig>{
      bucketName: id,
      provider
    })

    new S3Backend(this, <S3BackendProps>{
      bucket: s3backend.s3bucket.id,
      key: `terraform/${id}.tfstate`,
      roleArn: config.roleArn,
      region: config.region,
      sessionName: "terraform-session"
    })

[DanielMSchmidt]

I looked into it: Backends can not take references (named values) in their configuration, Terraform does not support this.

[DanielMSchmidt]

Closing this as there is nothing we can do about this from the CDK side :)

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.