-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS Environment Variable Errors #23283
Comments
my workaround was to add the following to my variables, import, then remove them
|
This isn't just the AWS keys — I ran into it with some variables we'd set for our accounts which aren't used by the AWS SDK but do have “AWS” in the name. |
Hi @lee5i3! Thanks for reporting this. We'd like to understand a bit better what situation is leading to this behavior. It sounds like you don't have either the Our best guess right now is that in your Terraform Cloud or Terraform Enterprise remote workspace you have configured stored values for these To fix it, you can either declare those variables as you showed in your follow-up comment (if you do actually need them) or you can remove them from the settings in the remote workspace in Terraform Cloud or Terraform Enterprise (if they are not actually needed). Based on the names of these, we wonder if you intended to create these actually as environment variables rather than Terraform variables. Both of those are configurable on the same page in Terraform Cloud and Enterprise, and setting both of these in the Environment Variables section will allow the AWS provider to access them for remote operations run inside Terraform Cloud, and allow you to separately set them locally when you run commands like This specific situation aside, the general rule here is that only Terraform variables actually declared in the configuration should be configured in the remote workspace. When Terraform is running local operations against a remote workspace (as with It sounds like prior versions of Terraform were incorrectly permitting these undeclared variables, and thus allowing the import operation to work in spite of the incorrect configuration. |
Yes we are using Terraform Cloud, we have the AWS credentials set as an Environment Variables in each workspace, they are not set as Terraform Variables |
@teamterraform I ran into the exact same issue just like @lee5i3 which I’m trying to explain here: On terraform 0.12.12 we used to successfully declare environment variables (not terraform variables) The scenario I described above used to work with terraform 0.12.12 but since 0.12.13 the same procedure exits with the error as @lee5i3 pointed out. My expectation here is that terraform should not require me to define a terraform variable for these environment variables in my terraform template. |
My project similarly set those as environmental variables specifically following the recommendation to avoid this error. We were bulk provisioning workspaces and set a couple of environmental variables (e.g. (And to be clear: 0% chance these were Terraform variables – they were set by reviewed code, and Terraform was used for many tasks for months until the last release.) |
Thanks for the additional context, all! It sounds like the remote backend in incorrectly interpreting both the Terraform variables and the environment variables as if they are Terraform variables. In the underlying Terraform Cloud API the two are represented together as a single type of object, so it sounds like there's some missing filtering logic which wasn't previously causing problems because the validation of valid variable names wasn't working at all in prior releases. We'll get this fixed up so that it will only try to use the ones defined under "Terraform Variables" in the UI, and ignore the ones under "Environment Variables". |
Following up on hashicorp#23122, the remote system (Terraform Cloud or Enterprise) serves environment and Terraform variables using a single type of object. We only should load Terraform variables into the Terraform context. Fixes hashicorp#23283.
…3358) * backend/remote: Filter environment variables when loading context Following up on #23122, the remote system (Terraform Cloud or Enterprise) serves environment and Terraform variables using a single type of object. We only should load Terraform variables into the Terraform context. Fixes #23283.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
I am running into errors when trying to import my existing AWS resources into Terraform Enterprise remote state..
On Terraform v0.12.13, when I run
It says
However when I downgrade to Terraform v0.12.12, it works fine
The text was updated successfully, but these errors were encountered: