Just today, whenever I run terraform apply
, I see an error something like this: Can't configure a value for "lifecycle_rule": its value will be decided automatically based on the result of applying this configuration.
It was working yesterday.
Following is the command I run: terraform init && terraform apply
Following is the list of initialized provider plugins:
- Finding latest version of hashicorp/archive...
- Finding latest version of hashicorp/aws...
- Finding latest version of hashicorp/null...
- Installing hashicorp/null v3.1.0...
- Installed hashicorp/null v3.1.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.2.0...
- Installed hashicorp/archive v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.0.0...
- Installed hashicorp/aws v4.0.0 (signed by HashiCorp)
Following are the errors:
Acquiring state lock. This may take a few moments...
Releasing state lock. This may take a few moments...
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "lifecycle_rule": its value will be decided
│ automatically based on the result of applying this configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "server_side_encryption_configuration": its
│ value will be decided automatically based on the result of applying this
│ configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 3, in resource "aws_s3_bucket" "this":
│ 3: acl = "private"
│
│ Can't configure a value for "acl": its value will be decided automatically
│ based on the result of applying this configuration.
╵
ERRO[0012] 1 error occurred:
* exit status 1
My code is as follows:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
lifecycle_rule {
id = "backups"
enabled = true
prefix = "backups/"
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
CodePudding user response:
Terraform AWS Provider is upgraded to version 4.0.0 which is published on 10 February 2022.
Major changes in the release include:
- Version 4.0.0 of the AWS Provider introduces significant changes to the aws_s3_bucket resource.
- Version 4.0.0 of the AWS Provider will be the last major version to support EC2-Classic resources as AWS plans to fully retire EC2-Classic Networking. See the AWS News Blog for additional details.
- Version 4.0.0 and 4.x.x versions of the AWS Provider will be the last versions compatible with Terraform 0.12-0.15.
The reason for this change by Terraform is as follows: To help distribute the management of S3 bucket settings via independent resources, various arguments and attributes in the aws_s3_bucket
resource have become read-only. Configurations dependent on these arguments should be updated to use the corresponding aws_s3_bucket_*
resource. Once updated, new aws_s3_bucket_*
resources should be imported into Terraform state.
So, I updated my code accordingly by following the guide here: Terraform AWS Provider Version 4 Upgrade Guide | S3 Bucket Refactor
The new working code looks like this:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
resource "aws_s3_bucket_acl" "this" {
bucket = aws_s3_bucket.this.id
acl = "private"
}
resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
resource "aws_s3_bucket_lifecycle_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
id = "backups"
status = "Enabled"
filter {
prefix = "backups/"
}
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
}
CodePudding user response:
It's broken because Terraform AWS Provider was updated to version 4.0.0.
If you can't upgrade your version maybe you could lock your AWS provider version like this:
terraform {
required_version = "~> 0.12.31"
required_providers {
aws = "~> 3.74.1"
}
}