Terraform AWS 提供商错误：属性值不可配置。无法为“acl”配置值：其值将自动决定

Question

就在今天，每当我运行时terraform apply，我都会看到类似这样的错误：Can\'t configure a value for "lifecycle_rule": its value will be decided automatically based on the result of applying this configuration.

\n

昨天还在工作。

\n

以下是我运行的命令：terraform init && terraform apply

\n

以下是初始化的提供者插件列表：

\n

- Finding latest version of hashicorp/archive...\n- Finding latest version of hashicorp/aws...\n- Finding latest version of hashicorp/null...\n- Installing hashicorp/null v3.1.0...\n- Installed hashicorp/null v3.1.0 (signed by HashiCorp)\n- Installing hashicorp/archive v2.2.0...\n- Installed hashicorp/archive v2.2.0 (signed by HashiCorp)\n- Installing hashicorp/aws v4.0.0...\n- Installed hashicorp/aws v4.0.0 (signed by HashiCorp)\n

\n

以下是错误：

\n

Acquiring state lock. This may take a few moments...\nReleasing state lock. This may take a few moments...\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Value for unconfigurable attribute\n\xe2\x94\x82 \n\xe2\x94\x82   with module.ssm-parameter-store-backup.aws_s3_bucket.this,\n\xe2\x94\x82   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":\n\xe2\x94\x82    1: resource "aws_s3_bucket" "this" {\n\xe2\x94\x82 \n\xe2\x94\x82 Can\'t configure a value for "lifecycle_rule": its value will be decided\n\xe2\x94\x82 automatically based on the result of applying this configuration.\n\xe2\x95\xb5\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Value for unconfigurable attribute\n\xe2\x94\x82 \n\xe2\x94\x82   with module.ssm-parameter-store-backup.aws_s3_bucket.this,\n\xe2\x94\x82   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":\n\xe2\x94\x82    1: resource "aws_s3_bucket" "this" {\n\xe2\x94\x82 \n\xe2\x94\x82 Can\'t configure a value for "server_side_encryption_configuration": its\n\xe2\x94\x82 value will be decided automatically based on the result of applying this\n\xe2\x94\x82 configuration.\n\xe2\x95\xb5\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Value for unconfigurable attribute\n\xe2\x94\x82 \n\xe2\x94\x82   with module.ssm-parameter-store-backup.aws_s3_bucket.this,\n\xe2\x94\x82   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 3, in resource "aws_s3_bucket" "this":\n\xe2\x94\x82    3:   acl    = "private"\n\xe2\x94\x82 \n\xe2\x94\x82 Can\'t configure a value for "acl": its value will be decided automatically\n\xe2\x94\x82 based on the result of applying this configuration.\n\xe2\x95\xb5\nERRO[0012] 1 error occurred:\n        * exit status 1\n

\n

我的代码如下：

\n

resource "aws_s3_bucket" "this" {\n  bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"\n  acl    = "private"\n\n  server_side_encryption_configuration {\n    rule {\n      apply_server_side_encryption_by_default {\n        kms_master_key_id = data.aws_kms_key.s3.arn\n        sse_algorithm     = "aws:kms"\n      }\n    }\n  }\n\n  lifecycle_rule {\n    id      = "backups"\n    enabled = true\n\n    prefix = "backups/"\n\n    transition {\n      days          = 90\n      storage_class = "GLACIER_IR"\n    }\n\n    transition {\n      days          = 180\n      storage_class = "DEEP_ARCHIVE"\n    }\n\n    expiration {\n      days = 365\n    }\n  }\n\n  tags = {\n    Name        = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"\n    Environment = var.environment\n  }\n}\n

\n

Answer 1

Terraform AWS Provider 已升级至版本 4.0.0，于 2022 年 2 月 10 日发布。

该版本的主要变化包括：

• AWS Provider 版本 4.0.0 对 aws_s3_bucket 资源进行了重大更改。
• AWS Provider 4.0.0 版本将是支持 EC2-Classic 资源的最后一个主要版本，因为 AWS 计划完全淘汰 EC2-Classic 网络。请参阅 AWS 新闻博客了解更多详细信息。
• AWS Provider 的 4.0.0 和 4.xx 版本将是与 Terraform 0.12-0.15 兼容的最后一个版本。

Terraform 进行此更改的原因如下：为了帮助通过独立资源分发 S3 存储桶设置的管理，资源中的各种参数和属性aws_s3_bucket已变为只读。应更新依赖于这些参数的配置以使用相应的aws_s3_bucket_*资源。更新后，new aws_s3_bucket_*资源应导入 Terraform 状态。

因此，我按照此处的指南相应地更新了我的代码： Terraform AWS Provider Version 4 Upgrade Guide | S3桶重构

新的工作代码如下所示：

resource "aws_s3_bucket" "this" {
  bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"

  tags = {
    Name        = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
    Environment = var.environment
  }
}

resource "aws_s3_bucket_acl" "this" {
  bucket = aws_s3_bucket.this.id
  acl    = "private"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
  bucket = aws_s3_bucket.this.id

  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = data.aws_kms_key.s3.arn
      sse_algorithm     = "aws:kms"
    }
  }
}

resource "aws_s3_bucket_lifecycle_configuration" "this" {
  bucket = aws_s3_bucket.this.id

  rule {
    id     = "backups"
    status = "Enabled"

    filter {
      prefix = "backups/"
    }

    transition {
      days          = 90
      storage_class = "GLACIER_IR"
    }

    transition {
      days          = 180
      storage_class = "DEEP_ARCHIVE"
    }

    expiration {
      days = 365
    }
  }
}

如果您不想将 Terraform AWS Provider 版本升级到 4.0.0，您可以通过在代码中显式指定来使用现有版本或旧版本，如下所示：

terraform {
  required_version = "~> 1.0.11"
  required_providers {
    aws  = "~> 3.73.0"
  }
}

Answer 2

它已损坏，因为 Terraform AWS Provider 已更新到版本 4.0.0。

如果您无法升级版本，也许您可​​以像这样锁定您的 AWS 提供商版本：

terraform {
  required_version = "~> 0.12.31"

  required_providers {
    aws  = "~> 3.74.1"
  }
}

Answer 3

对于 Terragrunt/Terraform 用户：

正如其他人提到的，AWS Provider 升级到了 4.0。此处描述了重大更改（在 git 4.0 标签下）：GitHub | terraform-provider-aws | terraform-provider-aws | v4.0.0

请注意 s3 的重大更改。我在页面上找到了39 条参考文献。aws_s3_bucket现实情况是，我们中的一些人没有时间解决当前项目的所有重大变化。我发现 3.74.1 版本非常有效。

要限制所有使用 Terragrunt 配置的 Terraform 项目，在terragrunt.hclterragrunt 存储库的根文件中，您可以指定以下内容：

generate "versions" {
    path      = "versions_override.tf"
    if_exists = "overwrite_terragrunt"
    contents  = <<EOF
    terraform {
        required_providers {
        aws = {
            version = "= 3.74.1"
            source = "hashicorp/aws"
        }
        }
    }
EOF
}

实际上，Terragrunt 将生成一个 versions_override.tf terraform 配置文件，该文件将定义 3.74.1 的显式版本。