search

milliHQ / terraform-aws-next-js

Terraform module for building and deploying Next.js apps to AWS. Supports SSR (Lambda), Static (S3) and API (Lambda) pages.
https://registry.terraform.io/modules/milliHQ/next-js/aws
Apache License 2.0
1.46k stars 152 forks source link

[0.13.2] S3 Put Authentication Error #334

Open Jake-RoundrockIO opened 2 years ago

Jake-RoundrockIO commented 2 years ago

When attempting to deploy using v0.13.2, Everything seems to go well until module.tf_next.module.statics_deploy.null_resource.static_s3_upload, which fails with a 403.

│ Error: local-exec provisioner error │ │ with module.tf_next.module.statics_deploy.null_resource.static_s3_upload[0], │ on .terraform/modules/tf_next/modules/statics-deploy/main.tf line 275, in resource "null_resource" "static_s3_upload": │ 275: provisioner "local-exec" { │ │ Error running command './s3-put -r us-east-1 -T /home/<...>/.next-tf/static-website-files.zip │ /\<bucket-name>/static-website-files.zip': exit status 22. Output:
│ % Total % Received % Xferd Average Speed Time Time Current Dload Upload Total Spent Left Speed │ 0 2867k 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 │ curl: (22) The requested URL returned error: 403

When running the script itself (s3-put) with the --debug flag it informs me:

The request signature we calculated does not match the signature you provided. Check your key and signing method.

I have verified that the correct AWS profile creds are exposed as environment variables and that the profile has the correct permissions to create objects in an S3 bucket, tested via the aws CLI.

ofhouse commented 2 years ago

Okay, this seems odd. The S3 upload script really is the Achilles' heel of this module (That's why it is also removed in the upcoming v1.0.0 release) 🙈.

Have you checked your openssl version (it's used internally to calculate the signature)?

 openssl version

> LibreSSL 2.8.3
Jake-RoundrockIO commented 2 years ago 
openssl version

> OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)
arnaudsm commented 2 years ago

Same bug here. Using v0.13.2 and openssl 3.0.2 on a fresh AWS account.

ofhouse commented 2 years ago

Thanks for reporting! Can confirm that the problem is related to the OpenSSL 3.x release.

Will take a look into it. In the meantime downgrading to OpenSSL 2.x should work, or otherwise install the AWS CLI and set use_awscli_for_static_upload to use it for the upload:

module "tf_next" {
  source = "milliHQ/next-js/aws"

+ use_awscli_for_static_upload = true
  ...
}
Jake-RoundrockIO commented 2 years ago

Thanks for the fix!

You're suggestion appears to solve my problem for the time being until the OpenSSL issue is worked out.