Terraform module download from S3 doesn't support AWS SSO

[zmingxie]

Terraform Version

❯ terraform --version
Terraform v1.1.5
on darwin_amd64

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 3.0"
    }
  }
}

module "test_module" {
  source = "s3::<my_bucket>.s3.amazonaws.com/my_module.zip"
  ...
}

Debug Output

Initializing modules...
2022-02-06T11:13:06.225-0500 [TRACE] ModuleInstaller: installing child modules for . into .terraform/modules
2022-02-06T11:13:06.226-0500 [DEBUG] Module installer: begin test_cluster
2022-02-06T11:13:06.226-0500 [TRACE] ModuleInstaller: test_cluster is not yet installed
2022-02-06T11:13:06.226-0500 [TRACE] ModuleInstaller: cleaning directory .terraform/modules/test_cluster prior to install of test_cluster
2022-02-06T11:13:06.226-0500 [TRACE] ModuleInstaller: test_cluster address "s3::https://s3.amazonaws.com/<my_bucket>/my_module.zip" will be handled by go-getter
Downloading s3::https://s3.amazonaws.com/<my_bucket>/my_module.zip for test_cluster...
2022-02-06T11:13:06.226-0500 [TRACE] getmodules: fetching "s3::https://s3.amazonaws.com/<my_bucket>/my_module.zip" to ".terraform/modules/test_cluster"
2022-02-06T11:13:11.530-0500 [TRACE] modsdir: writing modules manifest to .terraform/modules/modules.json
╷
│ Error: Failed to download module
│ 
│ Could not download module "test_cluster" (main.tf:17) source code from "s3::https://s3.amazonaws.com/<my_bucket>/my_module.zip": NoCredentialProviders: no valid providers in chain
│ caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
│ SharedCredsLoad: failed to get profile
│ EC2RoleRequestError: no EC2 instance role found
│ caused by: RequestError: send request failed
│ caused by: Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: connect: host is down

Expected Behavior

Modules can be downloaded using the AWS credentials obtained via AWS SSO

Actual Behavior

go-getter isn't able to download the module due to missing credentials

Steps to Reproduce

This failed during terraform init

Additional Context

I have done some digging and looks like there has been an open issue in go-getter about this: hashicorp/go-getter#323

The AWS SDK version and credential obtain process would need to be updated to support this.

Side note: AWS SSO is working fine with Terraform in managing AWS resources. It's only failing due to this bug and makes the setup experience inconsistent.

[crw]

Thanks for the report! I'll mark this as having an upstream dependency and keep an eye on any changes.

[lnattrass]

Duplicate of #27192

[crw]

Thanks for that, closing as a duplicate of #27192

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.