Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

resource/aws_lamba_function - possible regression w/3.17.0 on GovCloud #16398

Closed
pjaudiomv opened this issue Nov 24, 2020 · 13 comments · Fixed by #16412
Closed

resource/aws_lamba_function - possible regression w/3.17.0 on GovCloud #16398

pjaudiomv opened this issue Nov 24, 2020 · 13 comments · Fixed by #16412
Assignees
@bflad
Labels
bug Addresses a defect in current functionality. partition/aws-cn Pertains to the aws-cn partition. partition/aws-us-gov Pertains to the aws-us-gov partition. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/lambda Issues and PRs that pertain to the lambda service.
Milestone
v3.18.0

Comments

@pjaudiomv
Copy link
Contributor

pjaudiomv commented Nov 24, 2020
edited
Loading

After the release of 3.17.0 all my pipelines using lambdas started to fail. I suspect this has to do with the new lambda code signing resource/data source however I am not using this or any new feature from current release.

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform 0.13.5
AWS Provider 3.17.0

Affected Resource(s)

  • aws_lambda_function

Terraform Configuration Files

data archive_file test_lambda {
  type        = "zip"
  source_file = "test.py"
  output_path = "test.zip"
}

resource aws_lambda_function test {
  filename                       = data.archive_file.test_lambda.output_path
  function_name                  = "test-lamb"
  role                           = aws_iam_role.test_lambda.arn
  handler                        = "test.lambda_handler"
  source_code_hash               = data.archive_file.test_lambda.output_base64sha256
  runtime                        = "python3.8"
}

data aws_iam_policy_document test_lambda_assume_role {
  statement {
    effect  = "Allow"
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
}

resource aws_iam_role test_lambda {
  name               = "test-event-lambda-iam-role"
  description        = "test event role for lambda"
  assume_role_policy = data.aws_iam_policy_document.test_lambda_assume_role.json
}

data aws_iam_policy_document test_lambda {
  statement {
    effect = "Allow"
    actions = ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"]
    resources = ["*"]
  }
}

resource aws_iam_role_policy test_lambda {
  name   = "test-event-lambda-iam-policy"
  role   = aws_iam_role.test_lambda.id
  policy = data.aws_iam_policy_document.test_lambda.json
}

Debug Output

https://gist.github.com/pjaudiomv/775454e354ed98776cce6b191b7d019a

Panic Output

Expected Behavior

the provider should process my lambda without error

Actual Behavior

terraform dies with error

Error: error getting Lambda Function (test-lambda) code signing config AccessDeniedException: 
	status code: 403, request id: fghce9-fhjde1-4394-8e11-04fhjd174612

Steps to Reproduce

  1. Run a plan or apply with above code snippet on GovCloud

Important Factoids

This happens on a plan or an apply and did not happen previous to 3.17.0 release.

References
@ghost ghost added the service/lambda Issues and PRs that pertain to the lambda service. label Nov 24, 2020
@pjaudiomv pjaudiomv mentioned this issue Nov 24, 2020
Merged
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Nov 24, 2020
@pjaudiomv pjaudiomv changed the title Lambda plan/apply failing on 3.17.0 with GovCloud resourse/aws_lamba_function - possible regression w/3.17.0 on GovCloud Nov 24, 2020
@pjaudiomv pjaudiomv changed the title resourse/aws_lamba_function - possible regression w/3.17.0 on GovCloud resource/aws_lamba_function - possible regression w/3.17.0 on GovCloud Nov 24, 2020
@rayjlinden
Copy link

Terraform has also blown up for me when using localstack. However, I get a different error of 404 because the CodeSigning related endpoints do not exist in Localstack.

Is there a way to by-pass this checking?

@rayjlinden
Copy link

I am able to work around this issue by pinning to last version of the provider:

terraform {
  required_providers {
    aws = "<= 3.16.0"
  }
}

@dawidmalina
Copy link

I have same issue with AWS China and I can confirm that pinning to 3.16.0 solve the issue.

@bflad bflad added partition/aws-cn Pertains to the aws-cn partition. partition/aws-us-gov Pertains to the aws-us-gov partition. and removed needs-triage Waiting for first response or review from a maintainer. labels Nov 24, 2020
@bflad bflad self-assigned this Nov 24, 2020
bflad added a commit that referenced this issue Nov 24, 2020
@bflad
provider: Followup items from initial Code Signing release
919b888 
Reference: #16383 (review)
Reference: #16384 (review)
Reference: #16398

Changes:

```
* data-source/aws_lambda_function: Prevent Lambda GetFunctionCodeSigningConfig API call error outside AWS Commercial regions
* resource/aws_lambda_function: Prevent Lambda GetFunctionCodeSigningConfig API call error outside AWS Commercial regions
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSLambdaFunction_basic (660.06s)
--- PASS: TestAccAWSLambdaFunction_codeSigningConfig (1207.31s)
--- PASS: TestAccAWSLambdaFunction_concurrency (1032.30s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (1057.54s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (132.39s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (138.81s)
--- PASS: TestAccAWSLambdaFunction_disablePublish (88.73s)
--- PASS: TestAccAWSLambdaFunction_disappears (1220.09s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (86.77s)
--- PASS: TestAccAWSLambdaFunction_enablePublish (129.99s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (145.89s)
--- PASS: TestAccAWSLambdaFunction_envVariables (718.17s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (14.86s)
--- PASS: TestAccAWSLambdaFunction_KmsKeyArn_NoEnvironmentVariables (1370.29s)
--- PASS: TestAccAWSLambdaFunction_Layers (1016.49s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (160.26s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (505.56s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (503.80s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (48.16s)
--- PASS: TestAccAWSLambdaFunction_runtimes (1695.07s)
--- PASS: TestAccAWSLambdaFunction_s3 (40.08s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (64.03s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (64.88s)
--- PASS: TestAccAWSLambdaFunction_tags (1238.40s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (89.38s)
--- PASS: TestAccAWSLambdaFunction_UnpublishedCodeUpdate (737.76s)
--- PASS: TestAccAWSLambdaFunction_versioned (101.60s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (1113.10s)
--- PASS: TestAccAWSLambdaFunction_VPC (1412.53s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (989.01s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (623.72s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (1977.57s)
--- PASS: TestAccDataSourceAWSLambdaFunction_alias (1211.85s)
--- PASS: TestAccDataSourceAWSLambdaFunction_basic (54.11s)
--- PASS: TestAccDataSourceAWSLambdaFunction_environment (1182.31s)
--- PASS: TestAccDataSourceAWSLambdaFunction_fileSystemConfig (1941.83s)
--- PASS: TestAccDataSourceAWSLambdaFunction_layers (1106.50s)
--- PASS: TestAccDataSourceAWSLambdaFunction_version (966.75s)
--- PASS: TestAccDataSourceAWSLambdaFunction_vpc (1697.94s)

--- PASS: TestAccAWSSignerSigningJob_basic (35.73s)

--- PASS: TestAccAWSSignerSigningProfile_basic (18.48s)
--- PASS: TestAccAWSSignerSigningProfile_GenerateName (18.16s)
--- PASS: TestAccAWSSignerSigningProfile_GenerateNameWithNamePrefix (18.17s)
--- PASS: TestAccAWSSignerSigningProfile_SignatureValidityPeriod (25.69s)
--- PASS: TestAccAWSSignerSigningProfile_tags (30.83s)

--- PASS: TestAccAWSSignerSigningProfilePermission_basic (23.93s)
--- PASS: TestAccAWSSignerSigningProfilePermission_GetSigningProfile (39.86s)
--- PASS: TestAccAWSSignerSigningProfilePermission_StartSigningJob_GetSP (25.33s)
--- PASS: TestAccAWSSignerSigningProfilePermission_StatementPrefix (28.76s)

--- PASS: TestAccDataSourceAWSSignerSigningJob_basic (30.06s)

--- PASS: TestAccDataSourceAWSSignerSigningProfile_basic (12.39s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSLambdaFunction_basic (60.15s)
--- PASS: TestAccAWSLambdaFunction_concurrency (86.67s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (138.48s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (152.23s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (138.97s)
--- PASS: TestAccAWSLambdaFunction_disablePublish (72.75s)
--- PASS: TestAccAWSLambdaFunction_disappears (104.35s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (918.89s)
--- PASS: TestAccAWSLambdaFunction_enablePublish (111.27s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (156.43s)
--- PASS: TestAccAWSLambdaFunction_envVariables (168.64s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (25.56s)
--- PASS: TestAccAWSLambdaFunction_FileSystemConfig (1546.53s)
--- PASS: TestAccAWSLambdaFunction_KmsKeyArn_NoEnvironmentVariables (891.68s)
--- PASS: TestAccAWSLambdaFunction_Layers (916.74s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (401.14s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (1074.54s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (1062.94s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (888.61s)
--- PASS: TestAccAWSLambdaFunction_runtimes (1187.08s)
--- PASS: TestAccAWSLambdaFunction_s3 (35.88s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (64.64s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (62.12s)
--- PASS: TestAccAWSLambdaFunction_tags (859.06s)
--- PASS: TestAccAWSLambdaFunction_UnpublishedCodeUpdate (541.36s)
--- PASS: TestAccAWSLambdaFunction_versioned (148.92s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (692.93s)
--- PASS: TestAccAWSLambdaFunction_VPC (1181.39s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (703.33s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (455.69s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (994.78s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (1224.48s)
--- SKIP: TestAccAWSLambdaFunction_codeSigningConfig (2.22s)

--- SKIP: TestAccAWSSignerSigningJob_basic (7.57s)

--- SKIP: TestAccAWSSignerSigningProfile_basic (7.52s)
--- SKIP: TestAccAWSSignerSigningProfile_GenerateName (7.44s)
--- SKIP: TestAccAWSSignerSigningProfile_GenerateNameWithNamePrefix (1.85s)
--- SKIP: TestAccAWSSignerSigningProfile_SignatureValidityPeriod (7.35s)
--- SKIP: TestAccAWSSignerSigningProfile_tags (7.87s)

--- SKIP: TestAccAWSSignerSigningProfilePermission_basic (7.66s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_GetSigningProfile (7.65s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_StartSigningJob_GetSP (1.84s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_StatementPrefix (1.86s)

--- PASS: TestAccDataSourceAWSLambdaFunction_alias (42.58s)
--- PASS: TestAccDataSourceAWSLambdaFunction_basic (34.49s)
--- PASS: TestAccDataSourceAWSLambdaFunction_environment (113.95s)
--- PASS: TestAccDataSourceAWSLambdaFunction_fileSystemConfig (961.20s)
--- PASS: TestAccDataSourceAWSLambdaFunction_layers (136.12s)
--- PASS: TestAccDataSourceAWSLambdaFunction_version (248.84s)
--- PASS: TestAccDataSourceAWSLambdaFunction_vpc (598.98s)

--- SKIP: TestAccDataSourceAWSSignerSigningJob_basic (7.44s)

--- SKIP: TestAccDataSourceAWSSignerSigningProfile_basic (7.37s)
```
@bflad bflad mentioned this issue Nov 24, 2020
Merged
@bflad bflad added this to the v3.18.0 milestone Nov 24, 2020
@bflad
Copy link
Contributor

bflad commented Nov 24, 2020

Please note that we have a fix for this pending (#16412), we are just working with the Lambda service team to confirm some details before merging. We hope to have this resolved in some manner later today or tomorrow. 👍

@bflad bflad added bug Addresses a defect in current functionality. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. labels Nov 24, 2020
bflad added a commit that referenced this issue Nov 24, 2020
@bflad
provider: Followup items from initial Code Signing release (#16412)
61d7e93 
* provider: Followup items from initial Code Signing release

Reference: #16383 (review)
Reference: #16384 (review)
Reference: #16398

Changes:

```
* data-source/aws_lambda_function: Prevent Lambda GetFunctionCodeSigningConfig API call error outside AWS Commercial regions
* resource/aws_lambda_function: Prevent Lambda GetFunctionCodeSigningConfig API call error outside AWS Commercial regions
```

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccAWSLambdaFunction_basic (660.06s)
--- PASS: TestAccAWSLambdaFunction_codeSigningConfig (1207.31s)
--- PASS: TestAccAWSLambdaFunction_concurrency (1032.30s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (1057.54s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (132.39s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (138.81s)
--- PASS: TestAccAWSLambdaFunction_disablePublish (88.73s)
--- PASS: TestAccAWSLambdaFunction_disappears (1220.09s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (86.77s)
--- PASS: TestAccAWSLambdaFunction_enablePublish (129.99s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (145.89s)
--- PASS: TestAccAWSLambdaFunction_envVariables (718.17s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (14.86s)
--- PASS: TestAccAWSLambdaFunction_KmsKeyArn_NoEnvironmentVariables (1370.29s)
--- PASS: TestAccAWSLambdaFunction_Layers (1016.49s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (160.26s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (505.56s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (503.80s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (48.16s)
--- PASS: TestAccAWSLambdaFunction_runtimes (1695.07s)
--- PASS: TestAccAWSLambdaFunction_s3 (40.08s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (64.03s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (64.88s)
--- PASS: TestAccAWSLambdaFunction_tags (1238.40s)
--- PASS: TestAccAWSLambdaFunction_tracingConfig (89.38s)
--- PASS: TestAccAWSLambdaFunction_UnpublishedCodeUpdate (737.76s)
--- PASS: TestAccAWSLambdaFunction_versioned (101.60s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (1113.10s)
--- PASS: TestAccAWSLambdaFunction_VPC (1412.53s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (989.01s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (623.72s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (1977.57s)
--- PASS: TestAccDataSourceAWSLambdaFunction_alias (1211.85s)
--- PASS: TestAccDataSourceAWSLambdaFunction_basic (54.11s)
--- PASS: TestAccDataSourceAWSLambdaFunction_environment (1182.31s)
--- PASS: TestAccDataSourceAWSLambdaFunction_fileSystemConfig (1941.83s)
--- PASS: TestAccDataSourceAWSLambdaFunction_layers (1106.50s)
--- PASS: TestAccDataSourceAWSLambdaFunction_version (966.75s)
--- PASS: TestAccDataSourceAWSLambdaFunction_vpc (1697.94s)

--- PASS: TestAccAWSSignerSigningJob_basic (35.73s)

--- PASS: TestAccAWSSignerSigningProfile_basic (18.48s)
--- PASS: TestAccAWSSignerSigningProfile_GenerateName (18.16s)
--- PASS: TestAccAWSSignerSigningProfile_GenerateNameWithNamePrefix (18.17s)
--- PASS: TestAccAWSSignerSigningProfile_SignatureValidityPeriod (25.69s)
--- PASS: TestAccAWSSignerSigningProfile_tags (30.83s)

--- PASS: TestAccAWSSignerSigningProfilePermission_basic (23.93s)
--- PASS: TestAccAWSSignerSigningProfilePermission_GetSigningProfile (39.86s)
--- PASS: TestAccAWSSignerSigningProfilePermission_StartSigningJob_GetSP (25.33s)
--- PASS: TestAccAWSSignerSigningProfilePermission_StatementPrefix (28.76s)

--- PASS: TestAccDataSourceAWSSignerSigningJob_basic (30.06s)

--- PASS: TestAccDataSourceAWSSignerSigningProfile_basic (12.39s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- PASS: TestAccAWSLambdaFunction_basic (60.15s)
--- PASS: TestAccAWSLambdaFunction_concurrency (86.67s)
--- PASS: TestAccAWSLambdaFunction_concurrencyCycle (138.48s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfig (152.23s)
--- PASS: TestAccAWSLambdaFunction_DeadLetterConfigUpdated (138.97s)
--- PASS: TestAccAWSLambdaFunction_disablePublish (72.75s)
--- PASS: TestAccAWSLambdaFunction_disappears (104.35s)
--- PASS: TestAccAWSLambdaFunction_EmptyVpcConfig (918.89s)
--- PASS: TestAccAWSLambdaFunction_enablePublish (111.27s)
--- PASS: TestAccAWSLambdaFunction_encryptedEnvVariables (156.43s)
--- PASS: TestAccAWSLambdaFunction_envVariables (168.64s)
--- PASS: TestAccAWSLambdaFunction_expectFilenameAndS3Attributes (25.56s)
--- PASS: TestAccAWSLambdaFunction_FileSystemConfig (1546.53s)
--- PASS: TestAccAWSLambdaFunction_KmsKeyArn_NoEnvironmentVariables (891.68s)
--- PASS: TestAccAWSLambdaFunction_Layers (916.74s)
--- PASS: TestAccAWSLambdaFunction_LayersUpdate (401.14s)
--- PASS: TestAccAWSLambdaFunction_localUpdate (1074.54s)
--- PASS: TestAccAWSLambdaFunction_localUpdate_nameOnly (1062.94s)
--- PASS: TestAccAWSLambdaFunction_nilDeadLetterConfig (888.61s)
--- PASS: TestAccAWSLambdaFunction_runtimes (1187.08s)
--- PASS: TestAccAWSLambdaFunction_s3 (35.88s)
--- PASS: TestAccAWSLambdaFunction_s3Update_basic (64.64s)
--- PASS: TestAccAWSLambdaFunction_s3Update_unversioned (62.12s)
--- PASS: TestAccAWSLambdaFunction_tags (859.06s)
--- PASS: TestAccAWSLambdaFunction_UnpublishedCodeUpdate (541.36s)
--- PASS: TestAccAWSLambdaFunction_versioned (148.92s)
--- PASS: TestAccAWSLambdaFunction_versionedUpdate (692.93s)
--- PASS: TestAccAWSLambdaFunction_VPC (1181.39s)
--- PASS: TestAccAWSLambdaFunction_VPC_withInvocation (703.33s)
--- PASS: TestAccAWSLambdaFunction_VpcConfig_ProperIamDependencies (455.69s)
--- PASS: TestAccAWSLambdaFunction_VPCRemoval (994.78s)
--- PASS: TestAccAWSLambdaFunction_VPCUpdate (1224.48s)
--- SKIP: TestAccAWSLambdaFunction_codeSigningConfig (2.22s)

--- SKIP: TestAccAWSSignerSigningJob_basic (7.57s)

--- SKIP: TestAccAWSSignerSigningProfile_basic (7.52s)
--- SKIP: TestAccAWSSignerSigningProfile_GenerateName (7.44s)
--- SKIP: TestAccAWSSignerSigningProfile_GenerateNameWithNamePrefix (1.85s)
--- SKIP: TestAccAWSSignerSigningProfile_SignatureValidityPeriod (7.35s)
--- SKIP: TestAccAWSSignerSigningProfile_tags (7.87s)

--- SKIP: TestAccAWSSignerSigningProfilePermission_basic (7.66s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_GetSigningProfile (7.65s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_StartSigningJob_GetSP (1.84s)
--- SKIP: TestAccAWSSignerSigningProfilePermission_StatementPrefix (1.86s)

--- PASS: TestAccDataSourceAWSLambdaFunction_alias (42.58s)
--- PASS: TestAccDataSourceAWSLambdaFunction_basic (34.49s)
--- PASS: TestAccDataSourceAWSLambdaFunction_environment (113.95s)
--- PASS: TestAccDataSourceAWSLambdaFunction_fileSystemConfig (961.20s)
--- PASS: TestAccDataSourceAWSLambdaFunction_layers (136.12s)
--- PASS: TestAccDataSourceAWSLambdaFunction_version (248.84s)
--- PASS: TestAccDataSourceAWSLambdaFunction_vpc (598.98s)

--- SKIP: TestAccDataSourceAWSSignerSigningJob_basic (7.44s)

--- SKIP: TestAccDataSourceAWSSignerSigningProfile_basic (7.37s)
```

* tests/service/signer: Fix terrafmt issue

Output from acceptance testing in AWS Commercial:

```
--- PASS: TestAccDataSourceAWSSignerSigningJob_basic (29.41s)

--- PASS: TestAccAWSSignerSigningJob_basic (31.16s)
```

Output from acceptance testing in AWS GovCloud (US):

```
--- SKIP: TestAccDataSourceAWSSignerSigningJob_basic (2.08s)

--- SKIP: TestAccAWSSignerSigningJob_basic (2.09s)
```
@bflad
Copy link
Contributor

bflad commented Nov 24, 2020

The fix for this resource to (for now) skip the problematic API call in AWS GovCloud (US) and AWS China has been merged and will release with version 3.18.0 of the Terraform AWS Provider, likely in the next 24 hours.

For folks using LocalStack, we will probably need a separate fix due to the implementation. Please create a new bug report following the issue template (most importantly with the full terraform apply error output) and we can take a look at resolving that issue.

@rayjlinden
Copy link

rayjlinden commented Nov 24, 2020 via email

@ewbankkit ewbankkit mentioned this issue Nov 25, 2020
Closed
@ghost
Copy link

ghost commented Nov 25, 2020

This has been released in version 3.18.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

@kyleckf
Copy link

kyleckf commented Nov 25, 2020

We have just pulled 3.18 but are still getting the same error. We are moving back to 3.16 in the meantime.

@frostymelonade
Copy link

Can confirm we are still getting error in US East 1 with 3.18

@thomasmoormann1903
Copy link

Same with eu-central-1. 3.16 works

danjoneslf added a commit to alphagov/cyber-security-cloudwatch-config that referenced this issue Nov 27, 2020
@danjoneslf
Temporarily pin AWS provider to 3.16
9618ee5 
Terraform applies are failing with a code signing AccessDenied error.

See this issue for details:
hashicorp/terraform-provider-aws#16398
@danjoneslf danjoneslf mentioned this issue Nov 27, 2020
Merged
@pjaudiomv
Copy link
Contributor Author

3.18.0 works with GovCloud

@shellac85
Copy link

Where do I change the provider.aws: version? Its not in out Terraform code and I didn't set our environment up. Any help greatly appreciated

@kyleckf kyleckf mentioned this issue Dec 14, 2020
Closed
@ghost
Copy link

ghost commented Dec 25, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked as resolved and limited conversation to collaborators Dec 25, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@bflad bflad

Labels
bug Addresses a defect in current functionality. partition/aws-cn Pertains to the aws-cn partition. partition/aws-us-gov Pertains to the aws-us-gov partition. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/lambda Issues and PRs that pertain to the lambda service.
Projects
None yet
Milestone
v3.18.0
Development

Successfully merging a pull request may close this issue.

provider: Followup items from initial Code Signing release hashicorp/terraform-provider-aws
8 participants
@bflad @dawidmalina @shellac85 @frostymelonade @pjaudiomv @thomasmoormann1903 @rayjlinden @kyleckf