Terraform-provider-aws: S3 not being created on the right region

Created on 13 Sep 2017  ยท  7Comments  ยท  Source: hashicorp/terraform-provider-aws

_This issue was originally opened by @hernan82arg as hashicorp/terraform#16085. It was migrated here as a result of the provider split. The original body of the issue is below._

Hi there,

I've set aws provider to eu-west-2 and I'm trying to create a bucket on us-east-1, when I run the plan I get the bucket is going to be created on the right region, but after I apply, it gets created where the provider is configured (eu-west-2) and if I run plan again, terraform wants to change the region to us-east-1

$ terraform -v
Terraform v0.10.4

region: eu-west-2

Code I'm running:

provider "aws" {
    region = "${var.region}"

    assume_role {
        role_arn     = "arn:aws:iam::${var.account}:role/${var.role}"
        session_name = "Terraform"
    }
}


resource "aws_s3_bucket" "mycompany_logs" {
  bucket = "someTag-${var.project}-${var.environment}-mycompany-logs"
  acl    = "private"
  region = "us-east-1"

  tags {
      Name = "${var.project}-${var.environment}-mycompany-logs"
      Project = "${var.project}"
      Environment = "${var.environment}"
  }

  lifecycle {
      prevent_destroy = true
  }
}

Plan output:

Terraform will perform the following actions:

  • aws_s3_bucket.mycompany_logs
    id:
    acceleration_status:
    acl: "private"
    arn:
    bucket: "someTag-someProject-dev-mycompany-logs"
    bucket_domain_name:
    force_destroy: "false"
    hosted_zone_id:
    policy: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::107630771604:user/s3-copy\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::someTag-someProject-dev-mycompany-logs/mycompany-logs/*\"\n }\n ]\n}\n"
    region: "us-east-1"
    request_payer:
    tags.%: "3"
    tags.Environment: "dev"
    tags.Name: "someProject-dev-mycompany-logs"
    tags.Project: "someProject"
    versioning.#:
    website_domain:
    website_endpoint:

Apply:

Applying for environment dev
aws_s3_bucket.mycompany_logs: Creating...
acceleration_status: "" => ""
acl: "" => "private"
arn: "" => ""
bucket: "" => "someTag-someProject-dev-mycompany-logs"
bucket_domain_name: "" => ""
force_destroy: "" => "false"
hosted_zone_id: "" => ""
policy: "" => "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::107630771604:user/s3-copy\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::someTag-someProject-dev-mycompany-logs/mycompany-logs/*\"\n }\n ]\n}\n"
region: "" => "us-east-1"
request_payer: "" => ""
tags.%: "" => "3"
tags.Environment: "" => "dev"
tags.Name: "" => "someProject-dev-mycompany-logs"
tags.Project: "" => "someProject"
versioning.#: "" => ""
website_domain: "" => ""
website_endpoint: "" => ""
aws_s3_bucket.mycompany_logs: Creation complete after 4s (ID: someTag-someProject-dev-mycompany-logs)

Plan after applying:

Terraform will perform the following actions:

~ aws_s3_bucket.mycompany_logs
region: "eu-west-2" => "us-east-1"

Expected Behavior

Create a bucket on us-east-1

Actual Behavior

Created a bucket on us-west-2

Steps to Reproduce

Please list the full steps required to reproduce the issue, for example:

  1. terraform init
  2. terraform plan
  3. terraform apply
  4. terraform plan

Important Factoids

I'm running terraform apply "dev.tfplan" which is the plan I run before applying.

Any idea?

Thanks.

bug servics3
Source
picture hashibot

Most helpful comment

facing same issue. This was added to fix 6051. -1 for removing region option.

picture avdhoot on 17 Jan 2018
👍2

All 7 comments

Hi @hernan82arg,

I'm not sure if it worked before, but it looks like the region field on the bucket can't work as it is right now and may need to be deprecated. I'll let someone more familiar with the aws provider internals comment on that.

The provider sets up all the clients with the region provided, and you can't authenticate with an s3 endpoint outside of your region. Even if the provider was updated to use separate configurations for each service (you can _almost_ so this by setting the s3 endpoint, but it doesn't change the region), the region field would be of limited use, since they would all have to match anyway.

The best way to work around this is probably going to be to use separate modules with a provider configured for each region.

jbardin picture jbardin on 14 Sep 2017

This can work without modules.
Define multiple providers first:

provider "aws" {
  region = "${var.region}"
}

provider "aws" {
  alias  = "oregon"
  region = "us-west-2"
}

provider "aws" {
  alias  = "virginia"
  region = "us-east-1"

Then use a specific provider by specifying its alias:

resource "aws_s3_bucket" "mycompany_logs" {
  bucket = "someTag-${var.project}-${var.environment}-mycompany-logs"
  acl    = "private"
  provider = "aws.virginia"

  tags {
      Name = "${var.project}-${var.environment}-mycompany-logs"
      Project = "${var.project}"
      Environment = "${var.environment}"
  }

  lifecycle {
      prevent_destroy = true
  }
}
endofcake picture endofcake on 22 Sep 2017

facing same issue. This was added to fix 6051. -1 for removing region option.

avdhoot picture avdhoot on 17 Jan 2018
👍2

Note: for importing buckets from different regions you may also need to pass provider in the import argument to match the bucket provider (Ex: -provider=aws.useast).

See: #13750 (comment)

facundovictor picture facundovictor on 27 Feb 2019

Removing the confusing configurability of the region attribute in the aws_s3_bucket resource has been merged and will release with version 3.0.0 of the Terraform AWS Provider, likely in about two weeks. In the future if we want to allow individual resource region configuration, we will need to come up with a design proposal since it will be very high impact on the overall user experience of the provider.

bflad picture bflad on 15 Jul 2020

This has been released in version 3.0.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

hashibot[bot] picture hashibot[bot] on 31 Jul 2020

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

hashibot[bot] picture hashibot[bot] on 14 Aug 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

obourdon picture obourdon  ยท  54Comments
Bwanabanana picture Bwanabanana  ยท  46Comments
gazoakley picture gazoakley  ยท  40Comments
jckuester picture jckuester  ยท  53Comments
oarmstrong picture oarmstrong  ยท  44Comments