Closed tomelliot16 closed 1 month ago
Voting for Prioritization
Volunteering to Work on This Issue
I reached out to AWS support and it might be account setup where the source account needs that region enabled. I'm going to try that and will close if that is the issue.
Hey @tomelliot16 👋 Thank you for taking the time to raise this, and for the follow up! We'll wait to hear back, but with it being a 403
error, I think you're on the right track looking more at the credentials/AWS side of things.
As a troubleshooting step, I often like to try issuing a similar command from the AWS CLI (in this case get-caller-identity
) to see if I can reproduce outside of Terraform. That may be worth testing as well.
@justinretzolk So looks like this is an issue with STS token being version 1 and not version 2 which is supported in all regions including new ones. Thanks for the quick response. If anyone hits this for new regions tell them to just enable set the sts token to version 2 within the account.
[!WARNING] This issue has been closed, meaning that any additional comments are hard for our team to see. Please assume that the maintainers will not see them.
Ongoing conversations amongst community members are welcome, however, the issue will be locked after 30 days. Moving conversations to another venue, such as the AWS Provider forum, is recommended. If you have additional concerns, please open a new issue, referencing this one where needed.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Core Version
1.9.3
AWS Provider Version
5.60.0
Affected Resource(s)
Seems like https://github.com/hashicorp/terraform-provider-aws/issues/28909 didn't fix the issue 100% unless i'm miss reading. This region has been enabled in the aws account so I don't see why this is breaking. This might also be a AWS issue with the sts regional endpoint but I was able with the same assumed role to get into the console within aws. This works with any other region.
Expected Behavior
The region is able to be accessed with terraform.
Actual Behavior
it failed with assume role error.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
Debug Output
Panic Output
No response
Important Factoids
I am using a central aws account that I mfa with. I run a command locally called assume-role
assume-role $PROFILE zsh
this puts the terraform account I'm assuming into my session environment. likeThe role I'm assuming into is an admin role so there are no limitations there.
References
No response
Would you like to implement a fix?
None