To my understanding, since aws_s3_bucket configuration is split into multiple different resources, there is a risk of configuration drift if each resource is not explicitly defined. Also when importing existing infrastructure, it might not be clear how it is currently configured and there is an additional risk of not importing an explicit configuration that should not drift eather.
I have existing buckets I want to import and I tried to import all the possible configuration resources, since I am not sure how they are currently configured, want to avoid manually figuring it out and want to avoid future configuration drift if implicitly disabled configuration happens to get explicitly defined outside of terraform.
I got errors "Cannot import non-existent remote object" regarding at least:
lifecycle configuration
cors configuration
ownership controls
replication configuration
object lock configuration
website configuration
logging
public access block
aws_s3_bucket_notification, aws_s3_bucket_accelerate_configuration, aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_request_payment_configuration seems to import fine even without anything explicitly defined.
I have not and will not try imperative state imports, since I want to have a record of what has happened in version control.
I am currently working around by commenting out imports that do not work, but this is not desirable because of potential configuration drift.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Description
To my understanding, since aws_s3_bucket configuration is split into multiple different resources, there is a risk of configuration drift if each resource is not explicitly defined. Also when importing existing infrastructure, it might not be clear how it is currently configured and there is an additional risk of not importing an explicit configuration that should not drift eather.
I have existing buckets I want to import and I tried to import all the possible configuration resources, since I am not sure how they are currently configured, want to avoid manually figuring it out and want to avoid future configuration drift if implicitly disabled configuration happens to get explicitly defined outside of terraform.
I got errors "Cannot import non-existent remote object" regarding at least:
aws_s3_bucket_notification, aws_s3_bucket_accelerate_configuration, aws_s3_bucket_versioning, aws_s3_bucket_server_side_encryption_configuration, aws_s3_bucket_request_payment_configuration seems to import fine even without anything explicitly defined.
I have not and will not try imperative state imports, since I want to have a record of what has happened in version control.
I am currently working around by commenting out imports that do not work, but this is not desirable because of potential configuration drift.
Affected Resource(s) and/or Data Source(s)
(at least) aws_s3_bucket_lifecycle configuration, aws_s3_bucket_cors_configuration, aws_s3_bucket_ownership_controls, aws_s3_bucket_replication_configuration, aws_s3_bucket_object_lock_configuration, aws_s3_bucket_website_configuration, aws_s3_bucket_logging, aws_s3_bucket_public_access_block
Potential Terraform Configuration
References
eg. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_public_access_block#import states that importing with bucket id should work, but does not if it is not explicitly defined for an existing resource.
Would you like to implement a fix?
None