Not Deployable on Latest Provider

[jseiser]

Description

Please provide a clear and concise description of the issue you are encountering, and a reproduction of your configuration (see the examples/* directory for references that you can copy+paste and tailor to match your configs if you are unable to copy your exact configuration). The reproduction MUST be executable by running terraform init && terraform apply without any further changes.

If your request is for a new feature, please use the Feature request template.

• [x] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]:

• Terraform version: 1.3.7

• Provider version(s): 5.0.0

Reproduction Code [Required]

module "atlantis" {
  source  = "terraform-aws-modules/atlantis/aws"
  version = "3.28.0"

  atlantis_version = "v0.24.2-debian"

  name               = format("%s-%s", local.deploymentid, local.environment)
  atlantis_fqdn      = "atlantis-ground.company.network"
  vpc_id             = module.vpc.vpc_id
  private_subnet_ids = module.vpc.private_subnets
  public_subnet_ids  = module.vpc.public_subnets

  enable_ephemeral_storage     = true
  ecs_service_platform_version = "LATEST"
  ecs_container_insights       = true
  ecs_task_cpu                 = 1024
  ecs_task_memory              = 2048
  container_memory_reservation = 256

  runtime_platform = {
    operating_system_family = "LINUX"
    cpu_architecture        = "X86_64"
  }

  entrypoint        = ["docker-entrypoint.sh"]
  command           = ["server"]
  working_directory = "/tmp"
  docker_labels = {
    "org.opencontainers.image.title"       = "Atlantis"
    "org.opencontainers.image.description" = "A self-hosted golang application that listens for Terraform pull request events via webhooks."
    "org.opencontainers.image.url"         = "https://github.com/runatlantis/atlantis/pkgs/container/atlantis"
  }
  start_timeout = 30
  stop_timeout  = 30

  readonly_root_filesystem = false # atlantis currently mutable access to root filesystem
  ulimits = [{
    name      = "nofile"
    softLimit = 4096
    hardLimit = 16384
  }]

  user                                  = "1000:1000"
  alb_listener_ssl_policy_default       = "ELBSecurityPolicy-TLS-1-2-2017-01"
  alb_drop_invalid_header_fields        = true
  alb_enable_cross_zone_load_balancing  = true
  allow_unauthenticated_access          = true
  whitelist_unauthenticated_cidr_blocks = ["52.61.43.91/32", "3.32.186.237/32", "15.205.195.133/32"]
  create_route53_record                 = false
  certificate_arn                       = aws_acm_certificate.cert.arn

  alb_authenticate_oidc = {
    issuer                 = "https://auth.company.network/oauth2/default"
    token_endpoint         = "https://auth.company.network/oauth2/default/v1/token"
    user_info_endpoint     = "https://auth.company.network/oauth2/default/v1/userinfo"
    authorization_endpoint = "https://auth.company.network/oauth2/default/v1/authorize"
    client_id              = "0oa4118y2iaRimyth4h7"
    client_secret          = data.aws_ssm_parameter.atlantis_okta_client_secret.value
  }

  extra_container_definitions = [
    {
      name      = "log-router"
      image     = "amazon/aws-for-fluent-bit:latest"
      essential = true

      firelens_configuration = {
        type = "fluentbit"

        logConfiguration = {
          logDriver = "awslogs",
          options = {
            awslogs-group         = "firelens-container",
            awslogs-region        = local.region,
            awslogs-create-group  = true,
            awslogs-stream-prefix = "firelens"
          }
        }
      }
    }
  ]

  custom_environment_variables = [
    # Override server config
    {
      "name" : "ATLANTIS_REPO_CONFIG_JSON",
      "value" : jsonencode(yamldecode(file("${path.module}/server-atlantis.yaml"))),
    },
  ]

  atlantis_gitlab_user       = "gitlab_atlantis"
  atlantis_gitlab_user_token = data.aws_ssm_parameter.atlantis_gitlab_user_token.value
  atlantis_gitlab_hostname   = "gitlab.company.network"
  atlantis_repo_allowlist    = ["gitlab.company.network/company/company_ground_infra"]
  atlantis_log_level         = "debug"

  depends_on = [
    aws_acm_certificate.cert
  ]
}

Expected behavior

Deploys

Actual behavior

running "/home/atlantis/.atlantis/bin/terraform1.3.7 plan -input=false -refresh -out \"/home/atlantis/.atlantis/repos/trex/trex_ground_infra/44/default/prod/us-west-2/ops/atlantis/default.tfplan\"" in "/home/atlantis/.atlantis/repos/trex/trex_ground_infra/44/default/prod/us-west-2/ops/atlantis": exit status 1
Releasing state lock. This may take a few moments...
╷
│ Warning: Argument is deprecated
│ 
│   with module.atlantis.module.vpc.aws_eip.nat,
│   on .terraform/modules/atlantis.vpc/main.tf line 1068, in resource "aws_eip" "nat":
│ 1068:   vpc = true
│ 
│ use domain attribute instead
╵
╷
│ Error: Unsupported argument
│ 
│   on .terraform/modules/atlantis.ecs/main.tf line 6, in resource "aws_ecs_cluster" "this":
│    6:   capacity_providers = var.capacity_providers
│ 
│ An argument named "capacity_providers" is not expected here.
╵
╷
│ Error: Unsupported block type
│ 
│   on .terraform/modules/atlantis.ecs/main.tf line 8, in resource "aws_ecs_cluster" "this":
│    8:   dynamic "default_capacity_provider_strategy" {
│ 
│ Blocks of type "default_capacity_provider_strategy" are not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on .terraform/modules/atlantis.vpc/main.tf line 32, in resource "aws_vpc" "this":
│   32:   enable_classiclink               = var.enable_classiclink
│ 
│ An argument named "enable_classiclink" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on .terraform/modules/atlantis.vpc/main.tf line 33, in resource "aws_vpc" "this":
│   33:   enable_classiclink_dns_support   = var.enable_classiclink_dns_support
│ 
│ An argument named "enable_classiclink_dns_support" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on .terraform/modules/atlantis.vpc/main.tf line 1307, in resource "aws_default_vpc" "this":
│ 1307:   enable_classiclink   = var.default_vpc_enable_classiclink
│ 
│ An argument named "enable_classiclink" is not expected here.
╵
╷
│ Error: Unsupported argument
│ 
│   on .terraform/modules/atlantis/main.tf line 593, in data "aws_iam_policy_document" "ecs_task_access_secrets_with_kms":
│  593:   source_json = data.aws_iam_policy_document.ecs_task_access_secrets.json
│ 
│ An argument named "source_json" is not expected here.
╵

[Ileriayo]

For now, I'm using a lower provider version <5.0:

terraform {
  ...

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 3.69, < 5.0"
    }
  }

  ...
}

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[aaleksandrov]

Have the same issue. Not a big deal since atlantis lives in its own state and I can use any provider version regardless of the rest of the code

[jseiser]

This is def a problem for us, because its preventing the upgrade of our VPC module that this ECS deployment exists in : https://github.com/terraform-aws-modules/terraform-aws-vpc

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[aaleksandrov]

Still an issue

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[stuart-storypark]

Still an issue

[antonbabenko]

This issue has been resolved in version 4.0.0 :tada:

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.