-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Terraform seems to be ignoring skip_credentials_validation flag for AWS provider #5584
Comments
It looks like a breaking change has been introduced in Forcing my guess is something messing with:
Would it be possible to put this credential validation behind |
Using
Previously when fetching account ID information, the STS call ignored all errors: I will submit a pull request to reinstate that behavior. |
After looking more at the old code, it was actually that we completely ignored errors when trying to find account ID, not specifically that we were ignoring any of the specific calls. While we can reinstate this behavior since changing the provider initialization process is considered a major breaking change, please note that in the next major version may require |
Summary: If the provider is unable to determine the AWS account ID from a provider assume role configuration or the STS GetCallerIdentity call used to verify the credentials (if There are implications of the provider not having its AWS account ID properly initialized, which are noted at: https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id Since the provider behavior change was breaking, I have submitted a pull request to temporarily reinstate the old behavior and note the upcoming error change in the next major version of the provider: #5794 I would recommend adding the following to your provider configurations, which should work with the latest 1.X versions (even before the above pull request is released) as well as 2.X: provider "aws" {
# ... other configuration ...
skip_requesting_account_id = true
} |
@bflad FYI, I tried both of the workarounds suggested here and neither worked. For reference, here's the provider configuration I tried:
And here's the output I saw on the console:
|
@Ghazgkull I believe you may also need to provide fake access key and secret key credentials, either via the AWS credentials file or provider configuration. We should probably create a how-to guide for configuring the provider for LocalStack. 😄 |
Yes. With the latest AWS provider (version 1.41), the following config works to run Terraform against LocalStack without actually authenticating to AWS:
I think it's worth noting that adding a fake |
I am having this problem too cant seem to find a solution. Any help guys? |
I had the same problem, but in my case it was because I was not specifying the |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This issue was originally opened by @Ghazgkull as hashicorp/terraform#18696. It was migrated here as a result of the provider split. The original body of the issue is below.
We are trying to use Terraform to create AWS resources in LocalStack. It works correctly if we first authenticate to AWS, but fails when lacking AWS credentials.
Since we are pointing Terraform at LocalStack and not the real AWS, there's no need for Terraform to authenticate to AWS. So we are settings both skip_credentials_validation and skip_metadata_api_check to true. Various blog posts on the internet suggest this as the way to point Terraform to LocalStack, so it presumably worked at some point?
Terraform Version
Terraform Configuration Files
Expected Behavior
When an AWS provider is configured with
skip_credentials_validation = true
, credential validation is skipped.Actual Behavior
Terraform still tries to validate credentials.
Steps to Reproduce
Run
terraform plan
with an AWS provider configured to skip credential validation.Additional Context
Terraform output at the time of credential validation:
The text was updated successfully, but these errors were encountered: