backend/s3: Support New af-south-1 Region Automatic Validation #24741
Labels
Comments
bflad
added a commit
that referenced
this issue
Apr 22, 2020
Reference: #24710 Reference: #24741 Changes: ``` NOTES: * backend/s3: Region validation now automatically supports the new `af-south-1` (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the [AWS Documentation](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable). When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. `error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid`). ENHANCEMENTS: * backend/s3: Support automatic region validation for `af-south-1` * backend/s3: Support Client Side Metrics (CSM) options from shared configuration file * backend/s3: Support IAM Roles for Service Accounts (IRSA) via `AWS_ROLE_ARN` and `AWS_WEB_IDENTITY_TOKEN_FILE` environment variables ``` Updated via: ```console $ go get github.com/aws/aws-sdk-go@v1.30.12 $ go mod tidy $ go mod vendor ``` Output from acceptance testing: ```console $ TF_ACC=1 go test -v ./backend/remote-state/s3 | grep '^--- ' --- PASS: TestBackend_impl (0.00s) --- PASS: TestBackendConfig (1.68s) --- PASS: TestBackendConfig_invalidKey (0.00s) --- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s) --- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s) --- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s) --- PASS: TestBackend (15.07s) --- PASS: TestBackendLocked (26.40s) --- PASS: TestBackendSSECustomerKey (16.99s) --- PASS: TestBackendExtraPaths (12.05s) --- PASS: TestBackendPrefixInWorkspace (5.55s) --- PASS: TestKeyEnv (45.07s) --- PASS: TestRemoteClient_impl (0.00s) --- PASS: TestRemoteClient (5.39s) --- PASS: TestRemoteClientLocks (14.30s) --- PASS: TestForceUnlock (20.08s) --- PASS: TestRemoteClient_clientMD5 (16.43s) --- PASS: TestRemoteClient_stateChecksum (24.58s) ```
bflad
added a commit
that referenced
this issue
Apr 24, 2020
* update github.com/aws/aws-sdk-go to v1.30.9 * deps: github.com/aws/aws-sdk-go@v1.30.12 Reference: #24710 Reference: #24741 Changes: ``` NOTES: * backend/s3: Region validation now automatically supports the new `af-south-1` (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the [AWS Documentation](https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable). When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. `error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid`). ENHANCEMENTS: * backend/s3: Support automatic region validation for `af-south-1` ``` Updated via: ```console $ go get github.com/aws/aws-sdk-go@v1.30.12 $ go mod tidy $ go mod vendor ``` Output from acceptance testing: ```console $ TF_ACC=1 go test -v ./backend/remote-state/s3 | grep '^--- ' --- PASS: TestBackend_impl (0.00s) --- PASS: TestBackendConfig (1.68s) --- PASS: TestBackendConfig_invalidKey (0.00s) --- PASS: TestBackendConfig_invalidSSECustomerKeyLength (0.00s) --- PASS: TestBackendConfig_invalidSSECustomerKeyEncoding (0.00s) --- PASS: TestBackendConfig_conflictingEncryptionSchema (0.00s) --- PASS: TestBackend (15.07s) --- PASS: TestBackendLocked (26.40s) --- PASS: TestBackendSSECustomerKey (16.99s) --- PASS: TestBackendExtraPaths (12.05s) --- PASS: TestBackendPrefixInWorkspace (5.55s) --- PASS: TestKeyEnv (45.07s) --- PASS: TestRemoteClient_impl (0.00s) --- PASS: TestRemoteClient (5.39s) --- PASS: TestRemoteClientLocks (14.30s) --- PASS: TestForceUnlock (20.08s) --- PASS: TestRemoteClient_clientMD5 (16.43s) --- PASS: TestRemoteClient_stateChecksum (24.58s) ``` Co-authored-by: Nicola Senno <nicola.senno@workday.com>
|
Support for this has been merged into master, which is currently the development branch for the first releases of Terraform CLI v0.13. Please follow #24745 and the v0.12 branch for updates about any potential Terraform CLI v0.12.25 release that would also contain this update. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Current Terraform Version
Use-cases
https://aws.amazon.com/about-aws/whats-new/2020/04/announcing-aws-africa-cape-town-region/
The region shorthand name is
af-south-1. Allow S3 Back storage in the new region without special backend configuration.Attempted Solutions
Available Workaround
Proposal
Update AWS Go SDK dependency to v1.30.12, which contains new region endpoint information.
References
The text was updated successfully, but these errors were encountered: