Terraform: Backend S3: NoSuchBucket
$ terraform init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error loading state: NoSuchBucket: The specified bucket does not exist
status code: 404, request id: FE5C34284092813D, host id: CSxM5O4YchTMpMHDkofhRbGmvrxbKopdYgnEc8l9LX8sJoIMtkhRcjMVA4TrXOHYWSafst+O8d8=
Removing the backend and adding a resource aws_s3_bucket works as expected.
Terraform Version
Terraform v0.10.8
Terraform Configuration Files
main.tf
terraform {
backend "s3" {
bucket = "willfarrell.ca-terraform-state"
key = "app/terraform.tfstate"
region = "ca-central-1"
encrypt = true
profile = "willfarrell"
dynamodb_table = "terraform-lock-table"
}
}
provider "aws" {
region = "ca-central-1"
profile = "willfarrell"
}
Note: aws_profile has admin rights
Debug Output
$ TF_LOG=trace terraform init
2017/11/09 15:43:17 [INFO] Terraform version: 0.10.8
2017/11/09 15:43:17 [INFO] Go runtime version: go1.9.1
2017/11/09 15:43:17 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.10.8/bin/terraform", "init"}
2017/11/09 15:43:17 [DEBUG] Attempting to open CLI config file: /Users/willfarrell/.terraformrc
2017/11/09 15:43:17 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2017/11/09 15:43:17 [DEBUG] CLI config is &main.Config{Providers:map[string]string{}, Provisioners:map[string]string{}, DisableCheckpoint:false, DisableCheckpointSignature:false, PluginCacheDir:"", Credentials:map[string]map[string]interface {}(nil), CredentialsHelpers:map[string]*main.ConfigCredentialsHelper(nil)}
2017/11/09 15:43:17 [INFO] CLI command args: []string{"init"}
2017/11/09 15:43:17 [DEBUG] command: loading backend config file: /Users/willfarrell/Development/willfarrell/willfarrell.ca-terraform/app/resume
Downloading modules...
2017/11/09 15:43:17 [TRACE] module source "../../modules/s3-website"
Initializing the backend...
2017/11/09 15:43:17 [TRACE] Preserving existing state lineage "6d564efe-1827-4db0-bfde-9e138b45e5df"
2017/11/09 15:43:17 [TRACE] Preserving existing state lineage "6d564efe-1827-4db0-bfde-9e138b45e5df"
2017/11/09 15:43:17 [INFO] Building AWS region structure
2017/11/09 15:43:17 [INFO] Building AWS auth structure
2017/11/09 15:43:17 [INFO] Setting AWS metadata API timeout to 100ms
2017/11/09 15:43:18 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id
2017/11/09 15:43:18 [INFO] AWS Auth provider used: "SharedCredentialsProvider"
2017/11/09 15:43:18 [INFO] Initializing DeviceFarm SDK connection
2017/11/09 15:43:18 [DEBUG] [aws-sdk-go] DEBUG: Request sts/GetCallerIdentity Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: sts.amazonaws.com
User-Agent: aws-sdk-go/1.10.36 (go1.9.1; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.10.8
Content-Length: 43
Authorization: AWS4-HMAC-SHA256 Credential=AKIAJK7DTYHO545YVEJQ/20171109/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=80de4d475cd79b2f66b26893ef8dd49b1c43b59a9478082096e1f1d1f623f15c
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20171109T224318Z
Accept-Encoding: gzip
Action=GetCallerIdentity&Version=2011-06-15
-----------------------------------------------------
2017/11/09 15:43:18 [DEBUG] [aws-sdk-go] DEBUG: Response sts/GetCallerIdentity Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Content-Length: 409
Content-Type: text/xml
Date: Thu, 09 Nov 2017 22:43:18 GMT
X-Amzn-Requestid: 61a25567-c59f-11e7-a968-791f6ea71b19
-----------------------------------------------------
2017/11/09 15:43:18 [DEBUG] [aws-sdk-go] <GetCallerIdentityResponse xmlns="https://sts.amazonaws.com/doc/2011-06-15/">
<GetCallerIdentityResult>
<Arn>arn:aws:iam::${account}:user/will.farrell</Arn>
<UserId>${access}</UserId>
<Account>${account}</Account>
</GetCallerIdentityResult>
<ResponseMetadata>
<RequestId>61a25567-c59f-11e7-a968-791f6ea71b19</RequestId>
</ResponseMetadata>
</GetCallerIdentityResponse>
2017/11/09 15:43:18 [DEBUG] Trying to get account ID via iam:GetUser
2017/11/09 15:43:18 [DEBUG] [aws-sdk-go] DEBUG: Request iam/GetUser Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: iam.amazonaws.com
User-Agent: aws-sdk-go/1.10.36 (go1.9.1; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.10.8
Content-Length: 33
Authorization: AWS4-HMAC-SHA256 Credential=AKIAJK7DTYHO545YVEJQ/20171109/us-east-1/iam/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=e5ce6e15891fc33a1be0fb5c5cb55ac4eff4acdfd63316bac149a25a8e47b6e8
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20171109T224318Z
Accept-Encoding: gzip
Action=GetUser&Version=2010-05-08
-----------------------------------------------------
2017/11/09 15:43:19 [DEBUG] [aws-sdk-go] DEBUG: Response iam/GetUser Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Content-Length: 537
Content-Type: text/xml
Date: Thu, 09 Nov 2017 22:43:19 GMT
X-Amzn-Requestid: 61f494b7-c59f-11e7-89fe-67482efaf3d7
-----------------------------------------------------
2017/11/09 15:43:19 [DEBUG] [aws-sdk-go] <GetUserResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<GetUserResult>
<User>
<Path>/</Path>
<PasswordLastUsed>2017-11-09T21:17:58Z</PasswordLastUsed>
<UserName>will.farrell</UserName>
<Arn>arn:aws:iam::${account}:user/will.farrell</Arn>
<UserId>${access}</UserId>
<CreateDate>2017-11-09T21:13:32Z</CreateDate>
</User>
</GetUserResult>
<ResponseMetadata>
<RequestId>61f494b7-c59f-11e7-89fe-67482efaf3d7</RequestId>
</ResponseMetadata>
</GetUserResponse>
2017/11/09 15:43:19 [DEBUG] [aws-sdk-go] DEBUG: Request ec2/DescribeAccountAttributes Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: ec2.ca-central-1.amazonaws.com
User-Agent: aws-sdk-go/1.10.36 (go1.9.1; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.10.8
Content-Length: 87
Authorization: AWS4-HMAC-SHA256 Credential=AKIAJK7DTYHO545YVEJQ/20171109/ca-central-1/ec2/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=5762e58475757b457ab3643868b5a268d6133130e9c9d1e1326c156806bdc000
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20171109T224319Z
Accept-Encoding: gzip
Action=DescribeAccountAttributes&AttributeName.1=supported-platforms&Version=2016-11-15
-----------------------------------------------------
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] DEBUG: Response ec2/DescribeAccountAttributes Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Content-Type: text/xml;charset=UTF-8
Date: Thu, 09 Nov 2017 22:43:19 GMT
Server: AmazonEC2
Vary: Accept-Encoding
-----------------------------------------------------
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
<DescribeAccountAttributesResponse xmlns="http://ec2.amazonaws.com/doc/2016-11-15/">
<requestId>3ee708c2-8b43-4942-b337-07b996bb736d</requestId>
<accountAttributeSet>
<item>
<attributeName>supported-platforms</attributeName>
<attributeValueSet>
<item>
<attributeValue>VPC</attributeValue>
</item>
</attributeValueSet>
</item>
</accountAttributeSet>
</DescribeAccountAttributesResponse>
2017/11/09 15:43:20 [INFO] command: backend initialized: *s3.Backend
2017/11/09 15:43:20 [DEBUG] checking for provider in "."
2017/11/09 15:43:20 [DEBUG] checking for provider in "/usr/local/Cellar/terraform/0.10.8/bin"
2017/11/09 15:43:20 [DEBUG] checking for provisioner in "."
2017/11/09 15:43:20 [DEBUG] checking for provisioner in "/usr/local/Cellar/terraform/0.10.8/bin"
2017/11/09 15:43:20 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2017/11/09 15:43:20 [INFO] command: backend *s3.Backend is not enhanced, wrapping in local
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] DEBUG: Request s3/ListObjects Details:
---[ REQUEST POST-SIGN ]-----------------------------
GET /willfarrell.ca-terraform-state?prefix=env%3A%2F HTTP/1.1
Host: s3.ca-central-1.amazonaws.com
User-Agent: aws-sdk-go/1.10.36 (go1.9.1; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.10.8
Authorization: AWS4-HMAC-SHA256 Credential=AKIAJK7DTYHO545YVEJQ/20171109/ca-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=b02bb86b5ab9951c188074ea02715ef3ed0ec90615aec78d2f91d9872291bd14
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20171109T224320Z
Accept-Encoding: gzip
-----------------------------------------------------
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] DEBUG: Response s3/ListObjects Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 404 Not Found
Connection: close
Transfer-Encoding: chunked
Content-Type: application/xml
Date: Thu, 09 Nov 2017 22:43:19 GMT
Server: AmazonS3
X-Amz-Id-2: s/ZtkE8zpu4s+XvNJF5y1jqwMsYxo4rzu5FnFttam/gYxBrcWAbMirqHMzWjSh4A+p7/nBv3Oj4=
X-Amz-Request-Id: BD11E93F2702ED1B
-----------------------------------------------------
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist</Message><BucketName>willfarrell.ca-terraform-state</BucketName><RequestId>BD11E93F2702ED1B</RequestId><HostId>s/ZtkE8zpu4s+XvNJF5y1jqwMsYxo4rzu5FnFttam/gYxBrcWAbMirqHMzWjSh4A+p7/nBv3Oj4=</HostId></Error>
2017/11/09 15:43:20 [DEBUG] [aws-sdk-go] DEBUG: Validate Response s3/ListObjects failed, not retrying, error NoSuchBucket: The specified bucket does not exist
status code: 404, request id: BD11E93F2702ED1B, host id: s/ZtkE8zpu4s+XvNJF5y1jqwMsYxo4rzu5FnFttam/gYxBrcWAbMirqHMzWjSh4A+p7/nBv3Oj4=
2017/11/09 15:43:20 [DEBUG] plugin: waiting for all plugin processes to complete...
Error loading state: NoSuchBucket: The specified bucket does not exist
status code: 404, request id: BD11E93F2702ED1B, host id: s/ZtkE8zpu4s+XvNJF5y1jqwMsYxo4rzu5FnFttam/gYxBrcWAbMirqHMzWjSh4A+p7/nBv3Oj4=
Expected Behavior
Remote state storage created
Actual Behavior
Nothing was created
Steps to Reproduce
terraform init
willfarrell
👍6
All 13 comments
Are you certain you have a bucket named willfarrell.ca-terraform-state? in that region, or do you have a policy that could prevent it's from being accessed with your credentials?
jbardin
on 10 Nov 2017
Nope, the bucket didn't exist. I was just confirming with a colleague. Seems terraform init doesn't create the bucket if it doesn't exist. Guess I've been spoiled using terragrunt which does create the bucket for you.
Perhaps we should change this into a feature request?
Work around for those that also run into this:
#!/usr/bin/env bash
aws_region=ca-central-1
aws_profile=willfarrell
tfstate_name=willfarrell.ca-terraform-state
tfstate_s3_bucket=${tfstate_name}
tfstate_dynamodb_table=${tfstate_name}
aws s3 mb s3://${tfstate_s3_bucket} \
--region "${aws_region}" \
--profile "${aws_profile}"
aws s3api put-bucket-versioning \
--region "${aws_region}" \
--profile "${aws_profile}" \
--bucket "${tfstate_s3_bucket}" \
--versioning-configuration "Status=Enabled"
aws dynamodb create-table \
--region "${aws_region}" \
--profile "${aws_profile}" \
--table-name "${tfstate_dynamodb_table}" \
--key-schema "AttributeName=LockID,KeyType=HASH" \
--provisioned-throughput "ReadCapacityUnits=5,WriteCapacityUnits=5" \
--attribute-definitions "AttributeName=LockID,AttributeType=S AttributeName=Digest,AttributeType=S"
👍3
Hi @willfarrell,
Thanks for the update.
Terraform doesn't create the backend resources directly, because it can't manage the resources without storing their state, which would reside in the resource itself.
However, I have toyed with creating an interface for backends to allow automatically allocating the necessary resources to store the state, and warning that these _will not_ be managed by terraform. While it would be a nice UI for getting started, most users want to be able to properly manage those resources as well, and eventually setup a managed bootstrap system of some sort.
jbardin
on 10 Nov 2017
Oooh, that makes sense why it doesn't exist already.
I wrote up a quick pseudo console output w/ logic comments, might be a place to start.
$ terraform init
# backend not found
Backend S3 doesn't exists. Like us to create it for you? [yes/no]
You can visit ${url} to learn more about what's happening behind the scenes.
$ yes
# creates `/tmp/terraform/backend-s3.tf`
# creates a local state
# runs `/tmp/terraform/backend-s3.tf`
Would you like the state of the backend to be saved? [yes/no]
$ yes
# yes: uploads state files to backend
We've completed bootstrapping you backend, you can add the your tf file to manage your backend:
cat /tmp/terraform/backend-s3.tf
# clear tmp files and local state
# re-runs `init` command
# user is good to go now
Alternatively one could write a tf file for setting up the backend-s3 and manage it locally. However I feel it makes more sense for it to be automagically handled from the backend block.
willfarrell
on 10 Nov 2017
👍1
I'm running into this same issue...
@willfarrell I tried with terragrunt and it did not create the bucket.
@jbardin you mentioned: "UI for getting started" I could use that ...
heldersepu
on 6 Jun 2018
A more reusable workaround if anyone wants it:
function createBucketIfNotExists() {
local BUCKET_NAME=$1
local bucketListFilterResult=$(aws s3 ls | grep -i $BUCKET_NAME)
if [ ${#bucketListFilterResult} -eq 0 ] ; then
echo "No S3 bucket. Generating S3 bucket $1."
createS3Bucket $BUCKET_NAME
else
echo "S3 bucket $1 already exists"
fi
}
Use this function and the script won't attempt to create the bucket if it already exists.
Mattsi-Jansky
on 7 Sep 2018
My personal workaround was to create a state module (https://github.com/willfarrell/terraform-state-module) and commit the tfstate.
willfarrell
on 7 Sep 2018
I'll post it to the terraform module repo at some point.
willfarrell
on 7 Sep 2018
This is indeed a confusing behaviour. I can understand that terraform cannot do inception on itself but I was expecting at least a more descriptive error message.
gurre
on 9 Jan 2019
@gurre I just merged #19951, which will release in Terraform 0.12-beta1, that should hopefully provide a more description in these situations:
$ terraform init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error: Failed to get migrated workspaces: S3 bucket does not exist.
The referenced S3 bucket must have been previously created. If the S3 bucket
was created within the last minute, please wait for a minute or two and try
again.
Error: NoSuchBucket: The specified bucket does not exist
status code: 404, request id: D86813ECDB673CEC, host id: 4150WwALQP5kbei8NG/Xu/94aLJoJxrqfZckh1zt/HLklXSI3tfAE8MB15pj5GWFgzv2VUAOYeY=
bflad
on 11 Jan 2019
Very nice! GJ
gurre
on 11 Jan 2019
Hi folks! I am going to close this issue now that terraform 0.12 has been released including bflad's PR. Thanks!
mildwonkey
on 28 Aug 2019
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 28 Sep 2019
Was this page helpful?
0 / 5 - 0 ratings
Related issues
darron
ยท
3Comments
ketzacoatl
ยท
3Comments
rnowosielski
ยท
3Comments
Seraf
ยท
3Comments
jrnt30
ยท
3Comments
Most helpful comment
Nope, the bucket didn't exist. I was just confirming with a colleague. Seems
terraform initdoesn't create the bucket if it doesn't exist. Guess I've been spoiled usingterragruntwhich does create the bucket for you.Perhaps we should change this into a feature request?
Work around for those that also run into this: