Terraform-provider-aws: AWS S3 output fails for website_endpoint and website_domain

Hey @llibicpep – how is var.website defined/declared? I can't manage to reproduce your bug, can you examine this config and spot anything?

variable "website" {
  default = "true"
}

variable "bucket_name" {
  default = "cts-bucket-output-test"
}

resource "aws_s3_bucket" "bucket" {
  bucket = "${var.bucket_name}"
  acl    = "${var.website == "true" ? "public-read" : "private"}"

  website = {
    index_document = "index.html"
  }
}

output "actual_bucket_website_endpoint" {
  value = "${aws_s3_bucket.bucket.website_endpoint}"
}

output "actual_bucket_website_domain" {
  value = "${aws_s3_bucket.bucket.website_domain}"
}

output "bucket_website_endpoint" {
  value = "${var.website =="true"? aws_s3_bucket.bucket.website_endpoint : ""}"
}

output "bucket_website_domain" {
  value = "${var.website =="true"? aws_s3_bucket.bucket.website_domain : ""}"
}

log:

~>$ terraform apply
aws_s3_bucket.bucket: Creating...
  acceleration_status:      "" => "<computed>"
  acl:                      "" => "public-read"
  arn:                      "" => "<computed>"
  bucket:                   "" => "cts-bucket-output-test"
  bucket_domain_name:       "" => "<computed>"
  force_destroy:            "" => "false"
  hosted_zone_id:           "" => "<computed>"
  region:                   "" => "<computed>"
  request_payer:            "" => "<computed>"
  versioning.#:             "" => "<computed>"
  website.#:                "" => "1"
  website.0.index_document: "" => "index.html"
  website_domain:           "" => "<computed>"
  website_endpoint:         "" => "<computed>"
aws_s3_bucket.bucket: Creation complete after 7s (ID: cts-bucket-output-test)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

actual_bucket_website_domain = s3-website-us-west-2.amazonaws.com
actual_bucket_website_endpoint = cts-bucket-output-test.s3-website-us-west-2.amazonaws.com
bucket_website_domain = s3-website-us-west-2.amazonaws.com
bucket_website_endpoint = cts-bucket-output-test.s3-website-us-west-2.amazonaws.com

Yeah that's the point, it fails for website=false. According to the docs I was expecting it not to fail and return an empty string, but it fails even with this ternary operator, which was my attempt to work around the problem.
For website=true it works great.

do we know what change introduced this behaviour? probably could do with a changelog update.

@randomvariable no I do not know this. I am doing a new project and 1.16 was the version I started from and immediately hit this issue. BTW I just had similar case with ec2 instance and it's public ip/dns, and did not encounter this issue, which makes me think this is S3 resource specific.

Yeah, it's definitely a change in the S3 resource. It broke on one of our customer site where we didn't originally have website specified, but we unfortunately haven't been tracking the provider versions at this site.

Either this is a bug, or it's a breaking change and needs more documentation.

Hi,
i just faced the same error for our environment.
@catsby do you need further examples to examine the issue?

This is our config:

resource "aws_s3_bucket" "bucket" {
  bucket = "bucket"
  region = "eu-central-1"
  acl    = "public-read"

  cors_rule {
    allowed_headers = ["*"]
    allowed_methods = ["GET", "HEAD"]

    allowed_origins = [
      "*"
    ]

    expose_headers  = ["ETag"]
    max_age_seconds = 3000
  }

  versioning {
    enabled = true
  }

  tags {
    Name        = "webgl-bucket"    
  }
}
output "Website Endpoint" {
  value = "${aws_s3_bucket.bucket.website_endpoint}"
}
output "Website Domain" {
  value = "${aws_s3_bucket.bucket.website_domain}"
}   

We've fixed this in the customer TF we had, and it was related to moving from Terraform 0.10 -> 0.11 and hitting https://www.terraform.io/upgrade-guides/0-11.html#error-checking-for-output-values

Because the customer didn't have astatic website enabled for those s3 buckets, which is enabled by adding a website stanza to the bucket resource, website_endpoint isn't actually a valid attribute. In Terraform < 0.11, this will interpolate as empty string, in 0.11 onwards, this hard errors.

Deleting the website_endpoint output as it wasn't being used fixed it.

As far as the documentation goes, either, this is a bug and the documentation is correct, or vice versa.

Think someone could pick this up easily, but need a steer from @catsby or other maintainers as to what "correct" should be (fix 'bug', or 'fix' documentation).

Relevant code is at https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_s3_bucket.go#L1093

okay i deleted the output, in my case it is only informational.

Hrm, I have a website stanza and I am still getting an error.

resource "aws_s3_bucket" "b" {
  bucket = "${local.domain_name}"
  acl    = "private"

  website {
    index_document = "index.html"
    error_document = "error.html"
  }
}

I am trying to use the website_endpoint to configure CloudFront like so:

resource "aws_cloudfront_distribution" "s3_distribution" {

   origin {
     domain_name = "${aws_s3_bucket.b.website_endpoint}"
     origin_id   = "${local.s3_origin_id}"
  }
}

This throws the following error:

aws_cloudfront_distribution.s3_distribution: Resource 'aws_s3_bucket.b' does not have attribute 'website_endpoint' for variable 'aws_s3_bucket.b.website_endpoint'

I'm having the same issue. The presence of website object in aws_s3_bucket resource doesn't actually enable static website hosting when viewing in AWS console and also it's not written to the .tfstate file. When I manually enable static website from AWS console and run terraform apply the bucket state is updated and terraform output shows the correct website_endpoint

▶ terraform --version
Terraform v0.11.8
+ provider.aws v1.35.0

I seem to have the same issue.

Seems to be solved if I recreate the bucket from scratch with acl = "public-read"

I'm seeing this now with public-read acl on bucket. But I did notice something perhaps others have failed to note as well...

s3_origin_config was in the origin 😂 I'm hoping removing that fixes. We might need a custom_origin_config (IDK yet) but I doubt it

I experienced the same problem with a bucket that had already been created without the website directive. I worked around it by first applying the change to add the website to the bucket, then referring to the website_endpoint in the cloudfront distro after.

Hi,

I've the same issue with terraform 0.11.14 and provider 2.19.

Run fail with :+1:
* module.env.module.s3-app.output.bucket_website_domain: Resource 'aws_s3_bucket.default' does not have attribute 'website_domain' for variable 'aws_s3_bucket.default.*.website_domai n' * module.env.module.s3-app.output.bucket_website_endpoint: Resource 'aws_s3_bucket.default' does not have attribute 'website_endpoint' for variable 'aws_s3_bucket.default.*.website_e ndpoint'

According to : https://www.terraform.io/docs/providers/aws/r/s3_bucket.html it's not supposed to fail if the website is not activate.

Regards