Open fahrradflucht opened 6 years ago
Somewhere between a "+1" and a reaction emoji, but to add some motivation: a colleague and I just wasted some significant time trying to figure out why terraform wasn't failing despite not creating an object for us in a versioned bucket, because we assumed that it wasn't going to delete all versions and just leave a delete marker in place. Instead, it was actually creating the object and then scrubbing all traces of it afterwards. This seems like very counterintuitive behavior.
Just ran into this on an S3 bucket that has MFADelete enabled - Terraform can't destroy objects because the current behaviour is to delete all versions instead of just placing a delete marker.
Also, deleting all versions without some kind of user feedback seems a dangerous thing to do.
Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.
If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!
I still think it would be nice to have a flag or similar that lets us toggle between retention and deletion of an aws_s3_bucket_object
in versioned buckets. The current behavior initially caught me by surprise and I expected the default behavior upon deletion was to place a delete marker, not remove all traces of the object in question.
I've just heard about the behavior for aws_s3_object
requiring the permission s3:DeleteObjectVersion
for a bucket with versioning enabled. And then I found this GitHub issue. This behavior is unexpected and not what is desired.
If an object created by aws_s3_bucket_object
or aws_s3_object
within a versioned bucket is to be "destroyed" by Terraform, it should set a delete marker only. The current behavior of this resource is counterintuitive.
Community Note
Description
Changes that result in the removal of an
aws_s3_bucket_object
should just create a delete marker if the bucket is versioned.While updating an
aws_s3_bucket_object
results in a new version being created, changes that require a re-creating (and therefore removal) like updating the key result in the real removal of all versions of the previous item. I think this is quite unintuitive since it defeats the purpose of a versioned bucket.Down Sides:
I don't think its a big issue but changing it to just creating delete markers removes the ability of actually removing the items with terraform. If necessary this could be solved with a
force_delete
option on the object similar to the oneaws_s3_bucket
has.New or Affected Resource(s)