TF Validate, Plan, Apply cause TF crash with shared S3 backend

[jimid27]

Terraform Version

1.6.0 (darwin_arm64)

Terraform Configuration Files

terraform {
  backend "s3" {
    bucket = "<REDACTED>"
    key    = "global/s3/terraform.tfstate"
    region = "us-east-2"

    dynamodb_table = "<REDACTED>"
    encrypt        = true
  }
}
data "aws_eks_cluster_auth" "cluster" {
  name = module.eks.cluster.name
}

Git repo is private but the main.tf looks like the following:

module "network" {
  count         = var.create_network ? 1 : 0
  vpc_cidr      = var.vpc_cidr
  region        = var.region
  source        = "./network"
  subnet_prefix = var.subnet_prefix
}
module "eks" {
  capacity_type = var.capacity_type
  node_size     = var.node_size
  source        = "./eks"
  subnet_ids    = var.create_network ? module.network[0].private_subnet_ids : var.subnet_ids
  vpc_id        = var.create_network ? module.network[0].vpc_id : var.vpc_id
  vpc_name      = var.create_network ? module.network[0].vpc_name : var.vpc_name
}
module "cluster_services" {
  account_id                                     = var.account_id
  adfs_auth_enabled                              = true
  amazon_fluent_bit_cloudwatch_role_arn          = module.eks.amazon_fluent_bit_cloudwatch_role_arn
  amazon_managed_service_prometheus_iam_role_arn = module.eks.amazon_managed_service_prometheus_iam_role_arn
  cluster_autoscaler_iam_role_arn                = module.eks.cluster_autoscaler_iam_role_arn
  cluster_name                                   = module.eks.cluster_name
  external_secrets_iam_role_arn                  = module.eks.external_secrets_iam_role_arn
  load_balancer_controller_iam_role_arn          = module.eks.load_balancer_controller_iam_role_arn
  source                                         = "./services"
}
module "postgres" {
  db_instance_name     = var.db_instance_name
  db_subnet_group_name = var.db_subnet_group_name
  source               = "./postgres"
  subnet_ids           = var.create_network ? module.network[0].private_subnet_ids : var.subnet_ids
  vpc_id               = var.create_network ? module.network[0].vpc_id : var.vpc_id
  vpc_cidr_block       = var.create_network ? module.network[0].vpc_cidr_block : var.vpc_cidr
}
module "redis" {
  eks_node_sg = module.eks.node_security_group_id
  vpc_id      = var.create_network ? module.network[0].vpc_id : var.vpc_id
  source      = "./redis"
  subnet_ids  = var.create_network ? module.network[0].private_subnet_ids : var.subnet_ids
}

Debug Output

value is marked, so must be unmarked first
goroutine 6423 [running]:
runtime/debug.Stack()
        /Users/runner/hostedtoolcache/go/1.21.1/x64/src/runtime/debug/stack.go:24 +0x64
runtime/debug.PrintStack()
        /Users/runner/hostedtoolcache/go/1.21.1/x64/src/runtime/debug/stack.go:16 +0x1c
github.com/hashicorp/terraform/internal/logging.PanicHandler()
        /Users/runner/work/terraform/terraform/internal/logging/panic.go:58 +0x164
panic({0x1059d68a0?, 0x105fc6060?})
        /Users/runner/hostedtoolcache/go/1.21.1/x64/src/runtime/panic.go:920 +0x26c
github.com/zclconf/go-cty/cty.Value.assertUnmarked(...)
        /Users/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.14.0/cty/marks.go:141
github.com/zclconf/go-cty/cty.Value.AsString({{{0x106003b88?, 0x14000010c91?}}, {0x105c639a0?, 0x1400255e0f0?}})
        /Users/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.14.0/cty/value_ops.go:1385 +0x54
github.com/zclconf/go-cty/cty.Value.Range({{{0x106003b88?, 0x14000010c91?}}, {0x105c639a0?, 0x1400255e0f0?}})
        /Users/runner/go/pkg/mod/github.com/zclconf/go-cty@v1.14.0/cty/value_range.go:53 +0x25c
github.com/hashicorp/hcl/v2/hclsyntax.(*ConditionalExpr).Value(0x140007b03f0, 0x1400255e0d8)
        /Users/runner/go/pkg/mod/github.com/hashicorp/hcl/v2@v2.18.0/hclsyntax/expression.go:746 +0x9dc
github.com/hashicorp/terraform/internal/lang.(*Scope).EvalExpr(0x14000eceea0, {0x106004258?, 0x140007b03f0}, {{0x1060043a8?, 0x1077c0580?}})
        /Users/runner/work/terraform/terraform/internal/lang/eval.go:175 +0x17c
github.com/hashicorp/terraform/internal/terraform.(*nodeModuleVariable).evalModuleVariable(0x14001a52c00, {0x10601e450?, 0x14001488000?}, 0x58?)
        /Users/runner/work/terraform/terraform/internal/terraform/node_module_variable.go:248 +0x1dc
github.com/hashicorp/terraform/internal/terraform.(*nodeModuleVariable).Execute(0x14001a52c00, {0x10601e450, 0x14001488000}, 0x0?)
        /Users/runner/work/terraform/terraform/internal/terraform/node_module_variable.go:183 +0xd8
github.com/hashicorp/terraform/internal/terraform.(*ContextGraphWalker).Execute(0x14007038b40, {0x10601e450, 0x14001488000}, {0x14f1f0ae8, 0x14001a52c00})
        /Users/runner/work/terraform/terraform/internal/terraform/graph_walk_context.go:143 +0xa0
github.com/hashicorp/terraform/internal/terraform.(*Graph).walk.func1({0x105d4ea60, 0x14001a52c00})
        /Users/runner/work/terraform/terraform/internal/terraform/graph.go:78 +0x280
github.com/hashicorp/terraform/internal/dag.(*Walker).walkVertex(0x14001a52cc0, {0x105d4ea60, 0x14001a52c00}, 0x14001bd2940)
        /Users/runner/work/terraform/terraform/internal/dag/walk.go:384 +0x2a8
created by github.com/hashicorp/terraform/internal/dag.(*Walker).Update in goroutine 3390
        /Users/runner/work/terraform/terraform/internal/dag/walk.go:307 +0xb0c

Expected Behavior

Terraform Validate/Plan/Apply working as expected.

Actual Behavior

Terraform Crashed w/ above trace

Steps to Reproduce

1. terraform plan

Additional Context

Downgrading to terraform version 1.5.7 resolves this issue.

References

No response

[kmoe]

Duplicate of https://github.com/hashicorp/terraform/issues/33977

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.