Terraform AWS Provider Error: Value for unconfigurable attribute. Can't configure a value for "acl": its value will be decided automatically
Terraform AWS Provider Error: Value for unconfigurable attribute. Can't configure a value for "acl": its value will be decided automatically
就在今天,每当我 运行 terraform apply 时,我都会看到类似这样的错误:Can't configure a value for "lifecycle_rule": its value will be decided automatically based on the result of applying this configuration.
昨天还在用。
以下是我运行的命令:terraform init && terraform apply
以下是已初始化的提供程序插件列表:
- Finding latest version of hashicorp/archive...
- Finding latest version of hashicorp/aws...
- Finding latest version of hashicorp/null...
- Installing hashicorp/null v3.1.0...
- Installed hashicorp/null v3.1.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.2.0...
- Installed hashicorp/archive v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.0.0...
- Installed hashicorp/aws v4.0.0 (signed by HashiCorp)
错误如下:
Acquiring state lock. This may take a few moments...
Releasing state lock. This may take a few moments...
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "lifecycle_rule": its value will be decided
│ automatically based on the result of applying this configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "server_side_encryption_configuration": its
│ value will be decided automatically based on the result of applying this
│ configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 3, in resource "aws_s3_bucket" "this":
│ 3: acl = "private"
│
│ Can't configure a value for "acl": its value will be decided automatically
│ based on the result of applying this configuration.
╵
ERRO[0012] 1 error occurred:
* exit status 1
我的代码如下:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
lifecycle_rule {
id = "backups"
enabled = true
prefix = "backups/"
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
Terraform AWS Provider 已升级到 2022 年 2 月 10 日发布的版本 4.0.0。
版本中的主要变化包括:
- AWS 提供商 4.0.0 版对 aws_s3_bucket 资源进行了重大更改。
- AWS Provider 的版本 4.0.0 将是支持 EC2-Classic 资源的最后一个主要版本,因为 AWS 计划完全停用 EC2-Classic 网络。有关更多详细信息,请参阅 AWS 新闻博客。
- 版本 4.0.0 和 4.x.x 版本的 AWS Provider 将是与 Terraform 0.12-0.15 兼容的最后版本。
Terraform 进行此更改的原因如下:为了帮助通过独立资源分配 S3 存储桶设置的管理,aws_s3_bucket 资源中的各种参数和属性已变为 read-only。应更新依赖于这些参数的配置以使用相应的 aws_s3_bucket_* 资源。更新后,new aws_s3_bucket_* 资源应导入 Terraform 状态。
因此,我按照此处的指南相应地更新了我的代码:Terraform AWS Provider Version 4 Upgrade Guide | S3 Bucket Refactor
新的工作代码如下所示:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
resource "aws_s3_bucket_acl" "this" {
bucket = aws_s3_bucket.this.id
acl = "private"
}
resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
resource "aws_s3_bucket_lifecycle_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
id = "backups"
status = "Enabled"
filter {
prefix = "backups/"
}
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
}
如果您不想将您的 Terraform AWS Provider 版本升级到 4.0.0,您可以通过在代码中明确指定来使用现有或旧版本,如下所示:
terraform {
required_version = "~> 1.0.11"
required_providers {
aws = "~> 3.73.0"
}
}
它已损坏,因为 Terraform AWS Provider 已更新到版本 4.0.0。
如果您无法升级您的版本,也许您可以像这样锁定您的 AWS 提供商版本:
terraform {
required_version = "~> 0.12.31"
required_providers {
aws = "~> 3.74.1"
}
}
Terragrunt/Terraform 用户:
正如其他人提到的,AWS Provider 已升级到 4.0。 此处描述了重大更改(在 git 4.0 标签下):GitHub | terraform-provider-aws | v4.0.0
请注意对 s3 的重大更改。我在页面上找到了 39 个 的 aws_s3_bucket 引用。现实是我们中的一些人没有时间解决我们当前项目的所有重大变化。 我发现 3.74.1 版本非常有效。
要限制使用 Terragrunt 配置的所有 Terraform 项目,在 terragrunt 存储库的根 terragrunt.hcl 文件中,您可以指定以下内容:
generate "versions" {
path = "versions_override.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
terraform {
required_providers {
aws = {
version = "= 3.74.1"
source = "hashicorp/aws"
}
}
}
EOF
}
实际上,Terragrunt 将生成一个 versions_override.tf terraform 配置文件,它将定义 3.74.1.
的显式版本
快速解决方案:将您的项目保留在版本 3 上,直到您准备好按照 Terraform 在此处提供的升级指南迁移到版本 4:Terraform AWS Provider Version 4 Upgrade Guide.
为此,请冻结您的提供商,如下所示:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.74.2"
}
consul = {
source = "hashicorp/consul"
}
}
required_version = ">= 0.13"
}
我正在按照有关 terraform 文档的教程在 AWS Lambda 上创建服务。
https://learn.hashicorp.com/tutorials/terraform/lambda-api-gateway
这个配置
resource "aws_s3_bucket" "lambda_bucket" {
bucket = random_pet.lambda_bucket_name.id
acl = "private"
force_destroy = true
}
会出现以下错误
Error: Value for unconfigurable attribute
with aws_s3_bucket.lambda_bucket,
on main.tf line 32, in resource "aws_s3_bucket" "lambda_bucket":
32: acl = "private"
Can't configure a value for "acl": its value will be decided automatically
based on the result of applying this configuration.
由于 acl 现在是只读的,请更新您的配置以使用 aws_s3_bucket_acl 资源并删除 aws_s3_bucket 资源中的 acl 参数:
resource "aws_s3_bucket" "lambda_bucket" {
bucket = random_pet.lambda_bucket_name.id
force_destroy = true
}
resource "aws_s3_bucket_acl" "lamdbda_bucket" {
bucket = aws_s3_bucket.lambda_bucket.id
acl = "private"
}
就在今天,每当我 运行 terraform apply 时,我都会看到类似这样的错误:Can't configure a value for "lifecycle_rule": its value will be decided automatically based on the result of applying this configuration.
昨天还在用。
以下是我运行的命令:terraform init && terraform apply
以下是已初始化的提供程序插件列表:
- Finding latest version of hashicorp/archive...
- Finding latest version of hashicorp/aws...
- Finding latest version of hashicorp/null...
- Installing hashicorp/null v3.1.0...
- Installed hashicorp/null v3.1.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.2.0...
- Installed hashicorp/archive v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.0.0...
- Installed hashicorp/aws v4.0.0 (signed by HashiCorp)
错误如下:
Acquiring state lock. This may take a few moments...
Releasing state lock. This may take a few moments...
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "lifecycle_rule": its value will be decided
│ automatically based on the result of applying this configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│ 1: resource "aws_s3_bucket" "this" {
│
│ Can't configure a value for "server_side_encryption_configuration": its
│ value will be decided automatically based on the result of applying this
│ configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│
│ with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│ on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 3, in resource "aws_s3_bucket" "this":
│ 3: acl = "private"
│
│ Can't configure a value for "acl": its value will be decided automatically
│ based on the result of applying this configuration.
╵
ERRO[0012] 1 error occurred:
* exit status 1
我的代码如下:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
acl = "private"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
lifecycle_rule {
id = "backups"
enabled = true
prefix = "backups/"
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
Terraform AWS Provider 已升级到 2022 年 2 月 10 日发布的版本 4.0.0。
版本中的主要变化包括:
- AWS 提供商 4.0.0 版对 aws_s3_bucket 资源进行了重大更改。
- AWS Provider 的版本 4.0.0 将是支持 EC2-Classic 资源的最后一个主要版本,因为 AWS 计划完全停用 EC2-Classic 网络。有关更多详细信息,请参阅 AWS 新闻博客。
- 版本 4.0.0 和 4.x.x 版本的 AWS Provider 将是与 Terraform 0.12-0.15 兼容的最后版本。
Terraform 进行此更改的原因如下:为了帮助通过独立资源分配 S3 存储桶设置的管理,aws_s3_bucket 资源中的各种参数和属性已变为 read-only。应更新依赖于这些参数的配置以使用相应的 aws_s3_bucket_* 资源。更新后,new aws_s3_bucket_* 资源应导入 Terraform 状态。
因此,我按照此处的指南相应地更新了我的代码:Terraform AWS Provider Version 4 Upgrade Guide | S3 Bucket Refactor
新的工作代码如下所示:
resource "aws_s3_bucket" "this" {
bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
tags = {
Name = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
Environment = var.environment
}
}
resource "aws_s3_bucket_acl" "this" {
bucket = aws_s3_bucket.this.id
acl = "private"
}
resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = data.aws_kms_key.s3.arn
sse_algorithm = "aws:kms"
}
}
}
resource "aws_s3_bucket_lifecycle_configuration" "this" {
bucket = aws_s3_bucket.this.id
rule {
id = "backups"
status = "Enabled"
filter {
prefix = "backups/"
}
transition {
days = 90
storage_class = "GLACIER_IR"
}
transition {
days = 180
storage_class = "DEEP_ARCHIVE"
}
expiration {
days = 365
}
}
}
如果您不想将您的 Terraform AWS Provider 版本升级到 4.0.0,您可以通过在代码中明确指定来使用现有或旧版本,如下所示:
terraform {
required_version = "~> 1.0.11"
required_providers {
aws = "~> 3.73.0"
}
}
它已损坏,因为 Terraform AWS Provider 已更新到版本 4.0.0。
如果您无法升级您的版本,也许您可以像这样锁定您的 AWS 提供商版本:
terraform {
required_version = "~> 0.12.31"
required_providers {
aws = "~> 3.74.1"
}
}
Terragrunt/Terraform 用户:
正如其他人提到的,AWS Provider 已升级到 4.0。 此处描述了重大更改(在 git 4.0 标签下):GitHub | terraform-provider-aws | v4.0.0
请注意对 s3 的重大更改。我在页面上找到了 39 个 的 aws_s3_bucket 引用。现实是我们中的一些人没有时间解决我们当前项目的所有重大变化。 我发现 3.74.1 版本非常有效。
要限制使用 Terragrunt 配置的所有 Terraform 项目,在 terragrunt 存储库的根 terragrunt.hcl 文件中,您可以指定以下内容:
generate "versions" {
path = "versions_override.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
terraform {
required_providers {
aws = {
version = "= 3.74.1"
source = "hashicorp/aws"
}
}
}
EOF
}
实际上,Terragrunt 将生成一个 versions_override.tf terraform 配置文件,它将定义 3.74.1.
的显式版本快速解决方案:将您的项目保留在版本 3 上,直到您准备好按照 Terraform 在此处提供的升级指南迁移到版本 4:Terraform AWS Provider Version 4 Upgrade Guide.
为此,请冻结您的提供商,如下所示:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.74.2"
}
consul = {
source = "hashicorp/consul"
}
}
required_version = ">= 0.13"
}
我正在按照有关 terraform 文档的教程在 AWS Lambda 上创建服务。 https://learn.hashicorp.com/tutorials/terraform/lambda-api-gateway
这个配置
resource "aws_s3_bucket" "lambda_bucket" {
bucket = random_pet.lambda_bucket_name.id
acl = "private"
force_destroy = true
}
会出现以下错误
Error: Value for unconfigurable attribute
with aws_s3_bucket.lambda_bucket,
on main.tf line 32, in resource "aws_s3_bucket" "lambda_bucket":
32: acl = "private"
Can't configure a value for "acl": its value will be decided automatically
based on the result of applying this configuration.
由于 acl 现在是只读的,请更新您的配置以使用 aws_s3_bucket_acl 资源并删除 aws_s3_bucket 资源中的 acl 参数:
resource "aws_s3_bucket" "lambda_bucket" {
bucket = random_pet.lambda_bucket_name.id
force_destroy = true
}
resource "aws_s3_bucket_acl" "lamdbda_bucket" {
bucket = aws_s3_bucket.lambda_bucket.id
acl = "private"
}