Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 Module Source does not work with AWS SSO #36487

Open
kevinprince opened this issue Feb 12, 2025 · 1 comment
Open

S3 Module Source does not work with AWS SSO #36487

kevinprince opened this issue Feb 12, 2025 · 1 comment
Labels
bug go-getter new new issue not yet triaged upstream

Comments

@kevinprince
Copy link
Contributor

kevinprince commented Feb 12, 2025
edited
Loading

Terraform Version

Terraform v1.10.5
on darwin_arm64

Terraform Configuration Files

"module": {
        "init": [
            {
                "environment": "${local.config.environment}",
                "name": "${local.config.name}",
                "source": "s3::https://bucket-name.s3.us-east-2.amazonaws.com/terraform/module.zip"
            }
        ]
    }

Debug Output

╷
│ Error: Failed to download module
│ 
│   on main.tf.json line 8, in module:
│    8:         "init": [
│ 
│ Could not download module "init" (main.tf.json:8) source code from "s3::https://the-bucket.s3.us-east-2.amazonaws.com/terraform/modules/truss-definitons.zip": NoCredentialProviders: no valid providers in chain
│ caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
│ SharedCredsLoad: failed to load shared credentials file
│ caused by: FailedRead: unable to open file
│ caused by: open /Users/kevin/.aws/credentials: no such file or directory
│ EC2RoleRequestError: no EC2 instance role found
│ caused by: RequestError: send request failed
│ caused by: Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: connect: host is down

Expected Behavior

Installs the module from AWS using available keys

Actual Behavior

See above.

Steps to Reproduce

  1. Source a module from S3
  2. Login to AWS using IAM Identity Center / AWS SSO
  3. Try to init

Additional Context

If using local file ref for module instead deployment is fine as Terraform using AWS SSO creds without any issue.

aws s3 ls works and can download the file with aws s3 cp.

References

No response

Generative AI / LLM assisted development?

No response
@kevinprince kevinprince added bug new new issue not yet triaged labels Feb 12, 2025
@bschaatsbergen
Copy link
Member

bschaatsbergen commented Feb 12, 2025
edited
Loading

Hey @kevinprince,

Thank you for reporting this. It's good to note that Terraform module sourcing relies on functionality from an upstream package called go-getter. I expect this to require an upstream fix, specifically in the AWS credential chain resolution, to properly support SSO federated credentials.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug go-getter new new issue not yet triaged upstream
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kevinprince @bschaatsbergen