Closed 7adityaraj closed 2 years ago
error validating provider credentials
indicates that you don't have the correct AWS permissions to do what is necessary. I am pretty sure there is something wrong (sts:GetCallerIdentity
should succeed).
This is not a module issue.
@antonbabenko yeap, there is confusion with the error above. when I remove the alias from terraform configs, it works fine. Is there any advice/recommendations that I can try.
` provider "aws" {
alias = "sre-dev"
region = "us-east-1" assume_role { role_arn = "arn:aws:iam::6360000008:role/terraform" } } ` thank you for checking.
There is an example where I use aliases, and it works - https://github.com/terraform-aws-modules/terraform-aws-acm/blob/master/examples/complete-dns-validation/main.tf#L54-L73
Maybe there is some bug in the AWS provider, but I am not sure...
@antonbabenko thank you again, I figured out what is the issue. It's actually my error, I am pointing account id as the current caller id.
account_id = data.aws_caller_identity.current.account_id
I would request having the caller ID output from module would be a good help.
Thank you again.
The current caller ID is not so much related to the main module's resources, so we won't add it to the module output.
Good that you fixed an issue.
I'm going to lock this issue because it has been closed for 30 days β³. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Description
I am trying to use the provider alias in ACM module with the latest tag but it returns a provider error. Can someone please confirm that this is not an issue with the module? I have been using the provider alias for other configs and it's working fine.
terraform configs
provider "aws" { alias = "sre-dev" region = "us-east-1" assume_role { role_arn = "arn:aws:iam::6360000008:role/terraform" } } provider "aws" { alias = "sre-ops" region = "us-east-1" assume_role { role_arn = "arn:aws:iam::1790000008:role/terraform" } } terraform { required_version = "1.2.2" required_providers { aws = { source = "hashicorp/aws" } } } module "cert" { source = "git@github.com:terraform-aws-modules/terraform-aws-acm.git?ref=v4.1.0" providers = { aws = aws.sre-ops } create_certificate = true wait_for_validation = true validate_certificate = true dns_ttl = 3600 domain_name = local.domain_name["sre_master"] zone_id = local.zone_id["sre_master"] subject_alternative_names = local.subject_alternative_names["sre_master"] tags = merge(local.aws_tags, { Name = "${local.aws_tags.project}-acm_sre_master" account_id = data.aws_caller_identity.current.account_id }) } locals { aws_tags = { project = "sre" environment = DEV department = "engineering" service = "acm" role = "acm" git_repo = "terraform-sre/services/certificates" } subject_alternative_names = { sre_master = [ "*.sre.abc.com", ] } domain_name = { "sre_master" = "sre.abc.com" } zone_id = { "sre_master" = "Z3HV12435SDGFG" } }β οΈ Note
Before you submit an issue, please perform the following first:
.terraform
directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/
βterraform init
βVersions
Module version [Required]:
v4.1.0
Terraform version:
Terraform v1.2.2 on darwin_amd64
Provider version(s):
Reproduction Code [Required]
terraform plan
Steps to reproduce the behavior:
NO YESExpected behavior
error with provider block
Actual behavior
the alias should be honored for different account
Terminal Output Screenshot(s)
Additional context
When i add a block without alias, it does work with the given account.