Terraform-provider-aws: Dynamic block in S3 resource fails on: Too many server_side_encryption_configuration blocks
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Terraform Version
Terraform v0.12.5
+ provider.aws v2.21.1
Terraform Configuration Files
main.tf:
resource "aws_s3_bucket" "this" {
bucket = var.name
versioning {
enabled = var.versioning
}
dynamic "server_side_encryption_configuration" {
for_each = var.sse == null ? {} : var.sse
iterator = test
content {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = var.sse.kms_master_key_id
sse_algorithm = var.sse.sse_algorithm
}
}
}
}
variables.tf:
variable "versioning" {
type = bool
}
variable "sse" {
type = object({
kms_master_key_id = string
sse_algorithm = string
})
default = {
kms_master_key_id = "TEST"
sse_algorithm = "aws:kms"
}
}
variable "name" {
description = "Name of the bucket"
}
Expected Behavior
Resource (S3 Bucket) should be created with the right values.
Actual Behavior
Error: Too many server_side_encryption_configuration blocks
on line 0:
(source code not available)
No more than 1 "server_side_encryption_configuration" blocks are allowed
Steps to Reproduce
terraform plan
- #0000
erikkn
All 5 comments
Similar (but related to MinItems):
ewbankkit
on 31 Jul 2019
Would like to add, this does actually work:
main.tf:
resource "aws_s3_bucket" "this" {
bucket = var.name
versioning {
enabled = var.versioning
}
dynamic "server_side_encryption_configuration" {
for_each = var.sse == null ? [] : var.sse
iterator = test
content {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = test.value.kms_master_key_id
sse_algorithm = test.value.sse_algorithm
}
}
}
}
}
variables.tf:
variable "acl" {
description = "The canned ACL to apply. Default is private"
default = "private"
}
variable "versioning" {
type = bool
}
variable "sse" {
type = list(object({
kms_master_key_id = string
sse_algorithm = string
}))
default = [{
kms_master_key_id = "123"
sse_algorithm = "AES256"
}]
}
variable "name" {
description = "Name of the bucket"
}
@erikkn In the initial example for_each is over an object which has 2 keys (kms_master_key_id and sse_algorithm), hence the error message.
In the example that works, for_each is over a list with 1 element, hence success.
ewbankkit
on 31 Jul 2019
@erikkn just to add onto the answer provided by @ewbankkit the object in the first configuration is identical to a map, where each key accounts for 1 item in the iteration.
I'm going to close this issue as it appears to be a configuration error. If you find that you are still running into problems or feel like you've encountered a bug please comment on this issue and we can reopen it for further investigation.
Cheers
nywilken
on 31 Jul 2019
I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 2 Nov 2019
Related issues
hashibot
·
3Comments
dvishniakov
·
3Comments
hashibot
·
3Comments
hashibot
·
3Comments
gothrek22
·
3Comments
Most helpful comment
@erikkn In the initial example
for_eachis over anobjectwhich has 2 keys (kms_master_key_idandsse_algorithm), hence the error message.In the example that works,
for_eachis over alistwith 1 element, hence success.