Provider.aws: "region" error with example from docs

[djenriquez]

Having an issue using a terraform config built from an example in the official terraform docs: https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#using-replication-configuration
This config is quite literally the same, just abstracted out some values for our use case. However, this example does not work.

Terraform Version

0.9.2

Affected Resource(s)

Please list the resources as a list, for example:

• provider.aws

Terraform Configuration Files

provider "aws" {
  region = "us-east-1"
  alias  = "primary"
}

provider "aws" {
  region = "us-east-2"
  alias  = "replica"
}

resource "aws_iam_role" "replication" {
  name = "${var.env_letter}-${var.datacenter}-${var.app}-${var.service}-replication"

  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
POLICY
}

resource "aws_iam_policy" "replication" {
  name = "${var.env_letter}-${var.datacenter}-${var.app}-${var.service}-replication"

  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetReplicationConfiguration",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": [
        "${aws_s3_bucket.bucket.arn}"
      ]
    },
    {
      "Action": [
        "s3:GetObjectVersion",
        "s3:GetObjectVersionAcl"
      ],
      "Effect": "Allow",
      "Resource": [
        "${aws_s3_bucket.bucket.arn}/*"
      ]
    },
    {
      "Action": [
        "s3:ReplicateObject",
        "s3:ReplicateDelete"
      ],
      "Effect": "Allow",
      "Resource": "${aws_s3_bucket.destination.arn}/*"
    }
  ]
}
POLICY
}

resource "aws_iam_policy_attachment" "replication" {
  name       = "${var.env_letter}-${var.datacenter}-${var.app}-${var.service}-replication"
  roles      = ["${aws_iam_role.replication.name}"]
  policy_arn = "${aws_iam_policy.replication.arn}"
}

resource "aws_s3_bucket" "destination" {
  provider = "aws.replica"
  bucket   = "${var.replica_bucket}"
  region   = "us-east-2"

  versioning {
    enabled = true
  }
}

resource "aws_s3_bucket" "bucket" {
  provider = "aws.primary"
  bucket   = "${var.env_letter}-${var.datacenter}-${var.app}-${var.service}"
  acl      = "private"
  region   = "us-east-1"

  versioning {
    enabled = true
  }

  replication_configuration {
    role = "${aws_iam_role.replication.arn}"

    rules {
      id     = "${var.env_letter}-${var.datacenter}-${var.app}-${var.service}"
      prefix = "/"
      status = "Enabled"

      destination {
        bucket        = "${aws_s3_bucket.destination.arn}"
        storage_class = "STANDARD"
      }
    }
  }
}

Expected Behavior

The config should have used the regions that were provided. It says no region, but they are most definitely provided.

Actual Behavior

Planning/Applying fails with

Planning
1 error(s) occurred:



* provider.aws: "region": required field is not set

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform plan/apply

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• terraform plan bug with region and modules #3081

[apparentlymart]

Hi @djenriquez! Sorry things didn't work out as expected here.

I think the issue here is that you have only defined providers with aliases:

provider "aws" {
  region = "us-east-1"
  alias  = "primary"
}

provider "aws" {
  region = "us-east-2"
  alias  = "replica"
}

This is valid, but in order for it to work you must set the provider argument on every resource whose type begins with aws_. If you don't, Terraform assumes you want to use the default, unaliased AWS provider, which has no configuration and thus does not have a version set.

Adding the following to the resources that don't already have a provider should resolve it:

  provider = "aws.primary"

Alternatively, you could choose to remove the alias from the "primary" AWS provider instance and then it will act as your default. You would then only use provider = "aws.replica" to override that default.

Terraform is working as designed here, but the error message it gave you leaves a lot to be desired.

I hope this helps! I'm going to close this since I think this explains the problem, but if I'm wrong and the problem persists please let me know and I will reopen this and look some more. Thanks!

[djenriquez]

Hi @apparentlymart! Thanks for the clarification, I could have sworn I tried this but apparently I didn't catch all of the resources. The plan/apply is working now.

I would like to recommend that the example in the project's documentation is updated as it currently is incorrect. Though we shouldn't rely on examples, they should atleast work.

https://www.terraform.io/docs/providers/aws/r/s3_bucket.html#using-replication-configuration

[apparentlymart]

Oh yes, that example is indeed incorrect. Let's reopen this and consider it a documentation ticket to fix up those docs.

[joestump]

Just wanted to chime in and say that @apparentlymart's suggesting fixed my issue. What if we want all of our providers aliased? It'd be nice to set default = true or something.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.