[Enhancement]: Allow generating config when importing "non-existent" aws_s3_bucket_* configuration resources to avoid configuration drift

[tkovis]

Description

To my understanding, since aws_s3_bucket configuration is split into multiple different resources, there is a risk of configuration drift if each resource is not explicitly defined. Also when importing existing infrastructure, it might not be clear how it is currently configured and there is an additional risk of not importing an explicit configuration that should not drift eather.

I have existing buckets I want to import and I tried to import all the possible configuration resources, since I am not sure how they are currently configured, want to avoid manually figuring it out and want to avoid future configuration drift if implicitly disabled configuration happens to get explicitly defined outside of terraform.

I got errors "Cannot import non-existent remote object" regarding at least:

• lifecycle configuration
• cors configuration
• ownership controls
• replication configuration
• object lock configuration
• website configuration
• logging
• public access block

aws_s3_bucket_notification, aws_s3_bucket_accelerate_configuration, aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_request_payment_configuration seems to import fine even without anything explicitly defined.

I have not and will not try imperative state imports, since I want to have a record of what has happened in version control.

I am currently working around by commenting out imports that do not work, but this is not desirable because of potential configuration drift.

Affected Resource(s) and/or Data Source(s)

(at least) aws_s3_bucket_lifecycle configuration, aws_s3_bucket_cors_configuration, aws_s3_bucket_ownership_controls, aws_s3_bucket_replication_configuration, aws_s3_bucket_object_lock_configuration, aws_s3_bucket_website_configuration, aws_s3_bucket_logging, aws_s3_bucket_public_access_block

Potential Terraform Configuration

import {
  id = "example-123"
  to = aws_s3_bucket.example
}

# autogenerated without null values
resource "aws_s3_bucket" "example" {
  bucket              = "example-123"
  object_lock_enabled = false
  tags                = {}
  tags_all            = {}
}

import {
  id = "example-123"
  to = aws_s3_bucket_public_access_block.example # is off, results in "Cannot import non-existent remote object"
}

## in another file
# __generated__ by Terraform from "kodia-loadbalancerlogs"
resource "aws_s3_bucket_notification" "loadbalancer_logs" {
  bucket      = "kodia-loadbalancerlogs"
  eventbridge = false
}

References

eg. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#import states that importing with bucket id should work, but does not if it is not explicitly defined for an existing resource.

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.