Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

An argument named "source_policy_documents" is not expected here. #80

Closed
bryantbiggs opened this issue Apr 9, 2021 · 4 comments
Closed

An argument named "source_policy_documents" is not expected here. #80

bryantbiggs opened this issue Apr 9, 2021 · 4 comments

Comments

@bryantbiggs
Copy link
Member

Description

Starting with v1.23 and #77, there is an issue with the secure transport policy as see below:

Error: Unsupported argument

  on .terraform/modules/dynamodb_backup.secondary_dynamodb_backup_bucket/main.tf line 247, in data "aws_iam_policy_document" "combined":
 247:   source_policy_documents = compact([

An argument named "source_policy_documents" is not expected here.

Versions

  • Terraform:
    0.14.9
  • Provider(s):
    3.36.0
  • Module:
    1.23/1.24

Reproduction

Steps to reproduce the behavior:

Code Snippet to Reproduce

data "aws_iam_policy_document" "service_reports_artifact_bucket" {
  statement {
    sid    = "DenyNonSecureTransport"
    effect = "Deny"
    actions = [
      "s3:*"
    ]

    resources = [
      module.service_reports_artifact_bucket.this_s3_bucket_arn,
      "${module.service_reports_artifact_bucket.this_s3_bucket_arn}/*",
    ]

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    condition {
      test     = "Bool"
      variable = "aws:SecureTransport"
      values = [
        "false"
      ]
    }
  }
}

module "service_reports_artifact_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = "~> 1.22"

  bucket = "service-reports-artifacts-something-random"

  attach_policy = true
  policy        = data.aws_iam_policy_document.service_reports_artifact_bucket.json

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true

  server_side_encryption_configuration = {
    rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule = [
    {
      id      = "all"
      enabled = true

      expiration = {
        days = 30
      }

      noncurrent_version_expiration = {
        days = 5
      }
    }
  ]

  tags = module.tags.tags
}

Expected behavior

  • bucket should be provisioned without issue

Actual behavior

  • see above
@antonbabenko
Copy link
Member

I see that source_policy_documents was added in v3.28.0 of Terraform AWS provider, so we need to update versions.tf in the module (I will make a PR now), but if you have 3.36.0 already it should not be a problem.

Could you double-check that you are not using a version older than 3.28.0?

@antonbabenko antonbabenko mentioned this issue Apr 10, 2021
Merged
@antonbabenko
Copy link
Member

v1.25.0 has been just released. Please give it a try.

@bryantbiggs
Copy link
Member Author

ah yes, this was my bad - one project is pinned to v3.20 and this was that one project. all good, thanks @antonbabenko !

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antonbabenko @bryantbiggs