Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Version 2 Release] provider: Return error if AWS account ID cannot be determined with skip_requesting_account_id = false #7674

Closed
bflad opened this issue Feb 24, 2019 · 1 comment · Fixed by #7737
Closed

[Version 2 Release] provider: Return error if AWS account ID cannot be determined with skip_requesting_account_id = false #7674

bflad opened this issue Feb 24, 2019 · 1 comment · Fixed by #7737
Labels
provider Pertains to the provider itself, rather than any interaction with AWS. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Milestone
v2.0.0

Comments

@bflad
Copy link
Contributor

bflad commented Feb 24, 2019

Description

Tracking issue for: https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#skip_requesting_account_id-argument-now-required-to-skip-account-id-lookup-errors

If the provider is unable to determine the AWS account ID from a provider assume role configuration or the STS GetCallerIdentity call used to verify the credentials (if skip_credentials_validation = false), it will attempt to lookup the AWS account ID via EC2 metadata, IAM GetUser, IAM ListRoles, and STS GetCallerIdentity. Previously, the provider would silently allow the failure of all the above methods.

The provider will now return an error to ensure operators understand the implications of the missing AWS account ID in the provider.

If necessary, the AWS account ID lookup logic can be skipped via:

provider "aws" {
  # ... other configuration ...

  skip_requesting_account_id = true
}

Remediation

Previously, this pull request would have handled this change: #5795

We are now migrating to a shared AWS Go SDK Client instantiation library between the Terraform AWS Provider and Terraform S3 Backend: #7653

The log message conversion to an error now needs to occur upstream and the library dependency updated with the change.
@bflad bflad added technical-debt Addresses areas of the codebase that need refactoring or redesign. provider Pertains to the provider itself, rather than any interaction with AWS. labels Feb 24, 2019
@bflad bflad added this to the v2.0.0 milestone Feb 24, 2019
@bflad bflad mentioned this issue Feb 24, 2019
Closed
bflad added a commit to hashicorp/aws-sdk-go-base that referenced this issue Feb 27, 2019
@bflad
session: Return error instead of logging with AWS Account ID lookup f…
0de5f5f 
…ailure

References:
* hashicorp/terraform-provider-aws#7674
* hashicorp/terraform-provider-aws#5795
@bflad bflad mentioned this issue Feb 27, 2019
Merged
bflad added a commit that referenced this issue Feb 27, 2019
@bflad
provider: Return error instead of logging on AWS Account ID lookup fa…
4176d50 
…ilure during initialization

References:
* #7674
* #5795

Updated via:

```
$ go get github.com/hashicorp/aws-sdk-go-base@v0.3.0
$ go mod tidy
$ go mod vendor
```
@bflad bflad mentioned this issue Feb 27, 2019
Merged
@ghost
Copy link

ghost commented Mar 31, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Mar 31, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
provider Pertains to the provider itself, rather than any interaction with AWS. technical-debt Addresses areas of the codebase that need refactoring or redesign.
Projects
None yet
Milestone
v2.0.0
1 participant
@bflad