search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.73k stars 9.09k forks source link

[Bug]: Resource aws_s3_bucket_versioning can't be created for s3 outpost bucket #33119

Open andre1704 opened 1 year ago

andre1704 commented 1 year ago

Terraform Core Version

5.13.1

AWS Provider Version

1.5.5

Affected Resource(s)

aws_s3_bucket_versioning

Expected Behavior

For the bucket on the s3 outpost, a resource for versioning should be created and versioning would be enabled. I expect that after providing the bucket's name or access point of the s3 bucket on the outpost, this resource could be created.

Actual Behavior

When as a parameter for the resource aws_s3_bucket_versioning I set arn of the access point to the bucket I get an error: Error: expected length of the bucket to be in the range (1 - 63), got arn:aws:s3-outposts:us-west-2:xxxxxxxxxxxx:outpost/op-xxxxxxxxxxxxxxxx/bucket/test0001

Whereas when I tried to set the parameter as an arn to the bucket I got Error: expected length of bucket to be in the range (1 - 63), got arn:aws:s3-outposts:us-west-2:xxxxxxxxxxxx:outpost/op-xxxxxxxxxxxxxxxx/accesspoint/ap-test0001

When I tried just to use the bucket name I got an error:

Error: creating S3 bucket versioning for test0001: BucketRegionError: incorrect region, the bucket is not in 'us-west-2' region at endpoint '', bucket is in 'us-east-1' region

the third error I was expected because a bucket is on s3 outpost, but for the previous two the resource aws_s3_bucket_versioning should handle the situation when you use s3 outpost.

** For outpost id and account id I redacted them

Relevant Error/Panic Output Snippet

`Error: expected length of the bucket to be in the range (1 - 63), got arn:aws:s3-outposts:us-west-2:xxxxxxxxxxxx:outpost/op-xxxxxxxxxxxxxxxx/bucket/test0001`

Terraform Configuration Files

variable "vpc_id" {
  type        = string
  description = "vpc id"
}

variable "outpost_id" {
  type        = string
  description = "outpost id"
}

resource "aws_s3control_bucket" "bucket_name" {
  bucket     = "test0001"
  outpost_id = var.outpost_id

}

resource "aws_s3_access_point" "op_access_point" {
  bucket = aws_s3control_bucket.bucket_name.id
  name   = "ap-test0001"

  vpc_configuration {
    vpc_id = var.vpc_id
  }
}

resource "aws_s3_bucket_versioning" "backend_outpost_local" {
  bucket = aws_s3control_bucket.bucket_name.arn
  versioning_configuration {
    status = "Enabled"
  }

}

Steps to Reproduce

  1. Assuming you have access to s3 outpost, you should create your own vpc and subnet
  2. In s3 outpost console create s3 endpoint associated with the created vpc's subnet(for simplification security group for the s3 endpoint should be set to have open port 443 to inbound traffic on your own public address and for outbound you can set All traffic)
  3. Apply the above terraform code, vpc_id and ednpoint_id you should take from steps 1 and 2.
  4. Resource aws_s3control_bucket should be created, but during creation aws_s3_bucket_versioning, you should get an error I described.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue

justinretzolk commented 1 year ago

The AWS documentation around enabling versioning for S3 Outposts mentions using aws s3control put-bucket-versioning in order to enable versioning on Outposts buckets. It doesn't look like there's currently a resource that uses the underlying s3control.PutBucketVersioning function, so we'll need to add a new resource in order to achieve this. I'll add labels indicating as much.

krishnaduttPanchagnula commented 1 year ago

/assign