Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

backend/s3: Deprecate AWS_???_ENDPOINT environment variables and replace with TF_S3_???_ENDPOINT #30479

Closed
Tracked by #33687
gdavison opened this issue Feb 5, 2022 · 4 comments · Fixed by #33715
Closed
Tracked by #33687
Assignees
Labels
backend/s3 enhancement new new issue not yet triaged

Comments

@gdavison
Copy link
Contributor

gdavison commented Feb 5, 2022

Use-cases

The S3 backend can use the environment variables AWS_IAM_ENDPOINT, AWS_S3_ENDPOINT, AWS_STS_ENDPOINT, and AWS_DYNAMODB_ENDPOINT to override the corresponding AWS API service endpoints. Environment variables starting with AWS_ should be considered as reserved by AWS themselves, and the S3 backend should avoid conflicting with potential future environment variables defined by AWS.

Proposal

The existing environment variables should be deprecated and the environment variables described at https://docs.aws.amazon.com/sdkref/latest/guide/ss-endpoints-table.html, AWS_ENDPOINT_URL_IAM, AWS_ENDPOINT_URL_S3, AWS_ENDPOINT_URL_STS, and AWS_ENDPOINT_URL_DYNAMODB should be added.

They will eventually be added to the AWS SDK (aws/aws-sdk-go-v2#2226)

@gdavison gdavison added enhancement new new issue not yet triaged backend/s3 labels Feb 5, 2022
@gdavison gdavison changed the title backend/s3: Deprecate AWS_???_ENDPOINT environment variables and replace with TF_AWS_???_ENDPOINT backend/s3: Deprecate AWS_???_ENDPOINT environment variables and replace with TF_S3_???_ENDPOINT Oct 28, 2022
@gdavison gdavison self-assigned this Aug 18, 2023
@jhoelzel
Copy link

jhoelzel commented Oct 5, 2023

What do people do on non aws s3 endpoints? currently everything is broken because it can not find an iam. which i wont need on digitalocean.

│ Error: Retrieving AWS account details: AWS account ID not previously found and failed retrieving via all available methods. See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. Errors: 2 errors occurred:
│ 	* retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 0da35d8e-5b58-48ca-a43d-1e6e735aedf7, api error InvalidClientTokenId: The security token included in the request is invalid.
│ 	* retrieving account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: e209a1b2-03ce-4ab6-b724-634f3d80aace, api error InvalidClientTokenId: The security token included in the request is invalid.

@vineelachavali
Copy link

Was above issue fixed? "What do people do on non aws s3 endpoints? currently everything is broken because it can not find an iam. which i wont need on digitalocean." As its broken for us too on similar senario

@kevinisageek
Copy link

@jhoelzel @vineelachavali #33981 (comment) seems to do the job

Copy link
Contributor

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
backend/s3 enhancement new new issue not yet triaged
Projects
None yet
4 participants