hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.88k stars 9.22k forks source link

aws_codepipeline resource does not support more than one ArtifactStore in a single-region CodePipeline #18113

Closed mbennettcanada closed 10 months ago

mbennettcanada commented 3 years ago

Community Note

Terraform CLI and Terraform AWS Provider Version

Terraform version: 0.14.8 Aws provider version: 3.32.0

Affected Resource(s)

aws_codepipeline

Terraform Configuration Files

resource "aws_codepipeline" "codepipeline" {
  name     = "tf-test-delete-me"
  role_arn = aws_iam_role.codepipeline_role.arn

  artifact_store {
    location = aws_s3_bucket.test1.bucket
    type     = "S3"
  }
  artifact_store {
    location = aws_s3_bucket.test2.bucket
    type     = "S3"
  }
  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "AWS"
      provider         = "CodeStarSourceConnection"
      version          = "1"
      output_artifacts = ["source_output"]

      configuration = {
        BranchName       = "production"
        FullRepositoryId = "the-pros-closet/tradeup-clients"
        ConnectionArn    = "arn:aws:codestar-connections:us-west-2:088709500334:connection/20410809-9cdc-4f63-b8fa-9eb6efc5c5fa"
      }
    }
  }

  stage {
    name = "Deploy1"

      action {
        name            = "Deploy Bucket1"
        category        = "Deploy"
        owner           = "AWS"
        provider        = "S3"
        input_artifacts = ["source_output"]
        version         = "1"

        configuration = {
          BucketName = aws_s3_bucket.test1.bucket
          Extract = "true"
        }
      }
  }
  stage {
    name = "Deploy2"

      action {
        name            = "Deploy Bucket2"
        category        = "Deploy"
        owner           = "AWS"
        provider        = "S3"
        input_artifacts = ["source_output"]
        version         = "1"

        configuration = {
          BucketName = aws_s3_bucket.test2.bucket
          Extract = "true"
        }
      }
  }

}

resource "aws_s3_bucket" "test1" {
  bucket = "test-bucket-1-909090-delete-me"
  acl    = "private"
}
resource "aws_s3_bucket" "test2" {
  bucket = "test-bucket-2-909090-delete-me"
  acl    = "private"
}

resource "aws_iam_role" "codepipeline_role" {
  name = "test-role-delete-me"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

Debug Output

https://gist.github.com/mbennettcanada/244d884fb238b994ebc0780206448997

Expected Behavior

Terraform should have created a single-region codepipeline with two artifact stores

Actual Behavior

Plan executed just fine, but the apply errored out with the message: Error: region must be set for a cross-region CodePipeline

Steps to Reproduce

  1. terraform apply

Important Factoids

All of theses resources are being created in the same region. There are no multi-region bits whatsoever. The part of the code I suspect is the issue is here: https://github.com/hashicorp/terraform-provider-aws/blob/main/aws/resource_aws_codepipeline.go#L251

It looks to me (Not proficient at go so feel free to throw down on me here) as if the config is being expanded and each artifact store region is being appended to an array of regions. Then the logic checks on the length of the array instead of how many unique regions there are in said array. @gdavison Initially added this bit and may know if there are any downstream unintended consequences to changing. I can try to hack together a pr and learn go at the same time but it isn't gonna be pretty.

christrotter commented 3 years ago

Similarly, we are building out a multi-region CodePipeline and it demands the use of an 'artifact_stores' block, which does not exist in the provider.

Error: [ERROR] Error updating CodePipeline (<name>): ValidationException: Your pipeline contains actions in more than one region. Use 'pipeline.artifactStores' instead of 'pipeline.artifactStore' to declare an artifact store, such as an artifact bucket, for each region where you have an action.

There are no region configs set aside from the action performing the ECS CodeDeploy (blue/green) in another account with a different region.

github-actions[bot] commented 11 months ago

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

github-actions[bot] commented 9 months ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.