aws_s3_bucket: UnsupportedArgument acceleration_status in us-gov region

[dekimsey]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.19
+ provider.aws v2.43.1
+ provider.null v2.1.2
+ provider.template v2.1.2

Affected Resource(s)

• aws_s3_bucket

Terraform Configuration Files

Note it doesn't matter if acceleration_status is set to Suspended or Enabled.

resource "aws_s3_bucket" "this" {
  bucket_prefix       = "foo-"
  acl                 = "private"
  acceleration_status = var.acceleration_status
  tags = {
    terraform = "true"
  }

Debug Output

None

Panic Output

None

Expected Behavior

s3 bucket created successfully.

Actual Behavior

Error: Error putting S3 acceleration: UnsupportedArgument: The request contained an unsupported argument.
    status code: 400, request id: D6C1756A80C277E5, host id: rT2dEL2WsDrSu5+np5sJrBM6INmF3MvTRRS7vB5hvaGdUtlZkk4XRCzTsKPmTwyi3zKiWyJUe6o=
  on .terraform/modules/repo-tw-custom-el6/main.tf line 7, in resource "aws_s3_bucket" "this":
   7: resource "aws_s3_bucket" "this" {

Steps to Reproduce

1. terraform apply

Important Factoids

US government region

References

• resource/aws_ssm_parameter: Remove Tier from PutParameter if unsupported, fix testing for GovCloud #8664

[slapula]

I was under the impression that this feature does not exist yet in Govcloud. Has that changed recently?

[dekimsey]

Correct, it doesn't. I'm hoping that instead of failing & aborting, the parameter can be ignored similar to the implementation in the referenced ticket #8664.

[slapula]

Why do you need to keep the parameter around when operating in a region that doesn't support it? Versus just removing the parameter etc...

[dekimsey]

Fair question, in our case we operate in multiple regions and this parameter is being set by a module. I don't recall, but passing null didn't seem to work either. I think because null meant the default of true was being taken in our variable.

We have a couple of variables that indicate this is the gov cloud region and need certain features disabled. On some resources a simple false suffices, however this resource it does not and will error.

[c4milo]

@dekimsey, let me know if #12049 does it for you.

[dekimsey]

@c4milo, I'm going to have to take this one on faith.

[dekimsey]

(Okay. Didn't mean to close this. That's what I get for replying on mobile.)

Anyway. @c4milo I'm going to take your patch as is. I cannot test it because getting our gov team to run a custom build of the provider will be quite an exercise. Patch is so simple and is handling the error I saw, I expect it'll work perfectly. Thank you for identifying such a simple fix!

[c4milo]

@dekimsey, please keep us posted!

[gdavison]

@dekimsey what is the behaviour of the resource if your var.acceleration_status is set to null instead of a value? This is a Terraform language feature that might address the problem.

[dekimsey]

tl;dr Changing the default value of my variable to null does appear to ignore the attribute safely.

So, in my case its the awkward interaction between default variables and this unsupported parameter.

Given:

resource "aws_s3_bucket" "demo" {
   ...
   acceleration_status = var.acceleration_status
}

variable "acceleration_status" {
  default = "Enabled"
}

And a terraform.tfvars like such:

acceleration_status=null

Will cause the default value to be used. Setting the variable to "Disabled" or "Enabled" throws UnsupportedArgument, and setting it to "" throws a validation error (with unclear output here):

Error: expected acceleration_status to be one of [Enabled Suspended], got

  on s3.tf line 1, in resource "aws_s3_bucket" "demo":

However. Changing the default value of my variable to null does appear to ignore the attribute safely.

[gdavison]

Hi @dekimsey, sorry for the delay in getting back to this issue. I addressed an associated PR, but left this hanging.

To work around the differences in AWS support by region, you could make the value of acceleration_status either a variable or local value, and set it to null if the region does not support it.

For example

data "aws_region" "current" {}

locals {
  acceleration_status = data.aws_region.current.name != "us-gov-west-1" ? "Enabled" : null
}

resource "aws_s3_bucket" "bucket" {
  bucket              = "my_bucket"
  acceleration_status = local. acceleration_status
}

I'm going to close this issue since this sample should allow you to work in multiple regions and partitions. If you run into problems, please open another issue.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!