Open pk-hugo opened 3 months ago
From the docs for mfa_delete
: "This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS"
So I believe this setting should be set in the AWS console, rather than through pulumi. I'm not sure why it would flip-flow without a pulumi up
in between those pulumi preview --diff
s. Are you running any commands in between running pulumi preview --diff
?
Regarding the error, either you need to use 2fa credentials for running the pulumi command, or disable the setting in the AWS console.
Moving this to the aws provider repo for further triage.
Hey, @tgummerer is correct that the mfaDelete
property cannot be used currently for toggling this setting, rather just for keeping the pulumi state in sync with AWS.
Enabling MFA delete itself requires using an MFA token, which the provider currently doesn't support. This comment here goes into more details explaining the background: https://github.com/hashicorp/terraform-provider-aws/issues/629#issuecomment-408937315
What happened?
I have enabled the flag
mfa_delete
in the aws S3 bucket versioning. After doing any further updates is always showing this flag in the differences and throwing the below error.` error: 1 error occurred:
If I change
mfa_delete
flag toFalse
Thenpulumi preview --diff
command shows like this:~ versioning: { ~ mfaDelete: true => false }
Then if I change the
mfa_delete
flag toTrue
Thepulumi preview --diff
command shows like this:~ versioning: { ~ mfaDelete: false => true }
Example
Steps to reproduce:
mfa_delete
flag to True.pulumi preview --diff
. The mfa_delete flag is always toggled and showed as difference.Output of
pulumi about
CLI
Version 3.116.1 Go Version go1.22.3 Go Compiler gc
Plugins KIND NAME VERSION resource aws 6.18.2 resource aws-native 0.95.0 language python unknown
Host
OS darwin Version 14.5 Arch arm64
This project is written in python: executable='/Users/pk-hugo/Documents/hugo/repos/venv/pk-venv/bin/python3' version='3.11.9'
Dependencies: NAME VERSION allure-behave 2.13.2 autoflake 2.2.0 awscli 1.29.84 awscli-local 0.21 black 23.7.0 cfn-flip 1.3.0 dacite 1.8.1 Faker 19.3.0 flake8 6.1.0 hugo-lib 0.0.73 infra-lib 0.0.10 isort 5.12.0 jq 1.7.0 localstack 2.2.0 phonenumbers 8.13.18 pip 24.0 pipdeptree 2.13.0 pydantic 2.7.3 pytest-dependency 0.5.1 pytest-mock 3.11.1 pytest-xdist 3.3.1 pytz 2023.3 reportlab 4.1.0 retry2 0.9.5 setuptools 69.5.1 sshtunnel 0.3.1 wheel 0.41.1 yq 3.4.3
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).