-
Notifications
You must be signed in to change notification settings - Fork 9.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS provider crash on 0.7.5 (multiple resources) #9272
Comments
@akerl hi there! Thank you for letting us know, and I am very sorry that you have problems with Terraform! We are going to have a look and see what can be the problem and keep you updated. |
@akerl hi! The failure in https://circleci.com/gh/akerl/aws-account/23 is related to the lack of IAM user permissions:
You would need to add necessary permissions so that the IAM user. Whereas, we need to address the panic by handling this error gracefully (so this is a bug for us to fix). |
Content of the stack trace for reference:
|
@akerl I had a look at other builds failing, and it is the same resource each time:
This is due to lack of permission on the IAM user side, which causes nil pointer dereference at the following line:
|
Interesting. My apologies for not catching that; I'm too used to the AWS provider calling out 403s directly as errors. I'll dig a bit and get my user policy lined up to sort this out, so I can confirm which new perm is required that it doesn't have. For the failures on the other resources, is it possible that's just other stuff it happened to be processing when it crashed (which would explain why the other resources that fail do so transiently)? |
Confirmed that "cloudfront:List*" is what I needed to fix this |
@akerl hi! I am glad you were able to fix the issue. I am going to work on a fix to handle the lack of permissions to tag more gracefully, so that it does not cause a crash. |
@akerl hi there! I have send a Pull Request which should address the panic due to nil pointer dereference due to lack of permission to use EC2 tags with CloudFront Distribution. I have tested it manually, and it seem to do the right thing, but I would be very grateful if you could test your setup and/or configuration using patched Terraform, if possible. If you have a moment, would you be able to help with this? |
Fixed via #9298 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Terraform Version
Affected Resource(s)
Seems to change w/ each run. I've seen failures for any of the following, though cloudfront seems most common:
Terraform Configuration Files
The errors are occurring in my CircleCI builds for https://github.com/akerl/aws-account/
Example failure: https://circleci.com/gh/akerl/aws-account/23
Debug Output
https://gist.github.com/anonymous/365a7fab5342ea10724f7040f595ba91
Panic Output
https://gist.github.com/anonymous/3e19fa70b2536e8c4db87a7d6106feec
Expected Behavior
Plan should have completed successfully
Actual Behavior
Crashes with:
Steps to Reproduce
terraform plan
Appears to need to be run from Linux system; I couldn't reproduce on my Mac with 0.7.5 (also didn't occur on 0.7.4 on Linux or OSX)
Important Factoids
Running in CircleCI, test user has privilege set described here: https://github.com/akerl/aws-account/blob/master/akerl/aws-account/main.tf
The text was updated successfully, but these errors were encountered: