data "aws_ram_resource_share" "example" {
name = "Transit Gateway Shared"
resource_owner = "OTHER-ACCOUNTS"
}
and the AWS resource share exists BUT the policy attached to the user used to perform the action doesn't have permission to do "ram:Get" or "ram:" the error message is
Error: retrieving resource share: empty response for: {
│ Name: "Transit Gateway Shared",
│ ResourceOwner: "OTHER-ACCOUNTS"
│ }
│
│ with data.aws_ram_resource_share.example,
│ on vpc.tf line 137, in data "aws_ram_resource_share" "example":
│ 137: data "aws_ram_resource_share" "example" {
│
Actual Behavior
The error message when the user has not allowed to get RAM resources should be more explicit, like:
Error: retrieving resource share: **not allowed** for: {
│ Name: "Transit Gateway Shared",
│ ResourceOwner: "OTHER-ACCOUNTS"
│ }
│
│ with data.aws_ram_resource_share.example,
│ on vpc.tf line 137, in data "aws_ram_resource_share" "example":
│ 137: data "aws_ram_resource_share" "example" {
│
Or the AWS API error message should propagate to the user console output.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
provider "aws" {
region = "eu-west-1"
}
data "aws_ram_resource_share" "example" {
name = "Transit Gateway Shared"
resource_owner = "OTHER-ACCOUNTS"
}
output "example_ram_resource_share_arn" {
value = data.aws_ram_resource_share.example.arn
}
Steps to Reproduce
Create an IAM user
Attach to this IAM user a policy WITHOUT "ram:*" permissions
Apply code
The error message should "Error: retrieving resource share: empty response [...]"
when there is an error in the response (err != nil) the output message is hardcoded to "retrieving resource share: empty response for: %s" and the err is not showing to user.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.3.6
AWS Provider Version
4.53.0
Affected Resource(s)
aws_ram_resource_share (data resource)
Expected Behavior
When I do
terraform apply
forand the AWS resource share exists BUT the policy attached to the user used to perform the action doesn't have permission to do "ram:Get" or "ram:" the error message is
Actual Behavior
The error message when the user has not allowed to get RAM resources should be more explicit, like:
Or the AWS API error message should propagate to the user console output.
Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
Steps to Reproduce
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
I was investigating and I think that problem is in this line https://github.com/hashicorp/terraform-provider-aws/blob/5857c145b31d41966bef256f669c12ae35cc2486/internal/service/ram/resource_share_data_source.go#L103
when there is an error in the response (err != nil) the output message is hardcoded to "retrieving resource share: empty response for: %s" and the err is not showing to user.
Would you like to implement a fix?
None