ARN must end with the version number error
Closed this issue · 7 comments
I ran this setup and everything worked except this.
Error: Error applying plan:
1 error(s) occurred:
-
module.munki-repo.aws_cloudfront_distribution.www_distribution: 1 error(s) occurred:
-
aws_cloudfront_distribution.www_distribution: error creating CloudFront Distribution: InvalidLambdaFunctionAssociation: The function ARN must reference a specific function version. (The ARN must end with the version number.) ARN: arn:aws:lambda:us-west-1:080972764581:function:munki_basic_auth:$LATEST
status code: 400, request id: 27138030-6c9f-11e9-815d-e1426c0813f0
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
I set up the main.tf file with this info:
module "munki-repo" {
source = "grahamgilbert/munki-repo/aws"
version = "0.0.5"
munki_s3_bucket = "mueller report"
username = "mueller"
password = "mueller report password"
prefix = "munki"
# price_class is one of PriceClass_All, PriceClass_200, PriceClass_100
price_class = "PriceClass_100"
}
I ran 0.4 version before this (didn't notice a 0.5 one), but I neglected to give permission to these things. AWSLambdaFullAccess, IAMFullAccess, AmazonS3FullAccess, CloudFrontFullAccess. Got these errors on that run.
Error: Error applying plan:
3 error(s) occurred:
* module.munki-repo.aws_s3_bucket.log_bucket: 1 error(s) occurred:
* aws_s3_bucket.log_bucket: Error validating S3 bucket name: only lowercase alphanumeric characters and hyphens allowed in "macfaq_munki_bucket-logs"
* module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity: 1 error(s) occurred:
* aws_cloudfront_origin_access_identity.origin_access_identity: AccessDenied: User: arn:aws:iam::080972764581:user/brandon is not authorized to perform: cloudfront:CreateCloudFrontOriginAccessIdentity
status code: 403, request id: 04272e8a-6c9e-11e9-88ef-a955e2b50e1b
* module.munki-repo.aws_iam_role.iam_for_lambda: 1 error(s) occurred:
* aws_iam_role.iam_for_lambda: Error creating IAM Role iam_for_lambda: AccessDenied: User: arn:aws:iam::080972764581:user/brandon is not authorized to perform: iam:CreateRole on resource: arn:aws:iam::080972764581:role/iam_for_lambda
status code: 403, request id: 043252c8-6c9e-11e9-977a-9997c59109bf
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.`
I'm new to AWS, and thought I had those permissions, but didn't. So I logged into AWS, fixed permissions. Then ran 0.5 and got the ARN error. Maybe I need to wipe it out and start over?
Here's my terraform code from 0.5 run.
brandon@mahogany:~/Desktop$ terraform init
Initializing modules...
- module.munki-repo
Initializing provider plugins...
The following providers do not have any version constraints in configuration,
so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.
* provider.archive: version = "~> 1.2"
* provider.aws: version = "~> 2.8"
* provider.template: version = "~> 2.1"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
------------------------------------------------------------------------------------------------ 22:56:13
brandon@mahogany:~/Desktop$ terraform get
- module.munki-repo
------------------------------------------------------------------------------------------------ 22:56:19
brandon@mahogany:~/Desktop$ terraform plan
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Default: us-east-1
Enter a value: us-west-1
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.template_file.basic_auth_js: Refreshing state...
data.archive_file.basic_auth_lambda_zip: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
<= module.munki-repo.data.aws_iam_policy_document.s3_policy
id: <computed>
json: <computed>
statement.#: "2"
statement.0.actions.#: "1"
statement.0.actions.2071725391: "s3:GetObject"
statement.0.effect: "Allow"
statement.0.principals.#: "1"
statement.0.principals.~3303760437.identifiers.#: <computed>
statement.0.principals.~3303760437.type: "AWS"
statement.0.resources.#: <computed>
statement.1.actions.#: "1"
statement.1.actions.486976917: "s3:ListBucket"
statement.1.effect: "Allow"
statement.1.principals.#: "1"
statement.1.principals.~3303760437.identifiers.#: <computed>
statement.1.principals.~3303760437.type: "AWS"
statement.1.resources.#: <computed>
version: "2012-10-17"
+ module.munki-repo.aws_cloudfront_distribution.www_distribution
id: <computed>
active_trusted_signers.%: <computed>
arn: <computed>
caller_reference: <computed>
default_cache_behavior.#: "1"
default_cache_behavior.0.allowed_methods.#: "2"
default_cache_behavior.0.allowed_methods.1040875975: "GET"
default_cache_behavior.0.allowed_methods.1445840968: "HEAD"
default_cache_behavior.0.cached_methods.#: "2"
default_cache_behavior.0.cached_methods.1040875975: "GET"
default_cache_behavior.0.cached_methods.1445840968: "HEAD"
default_cache_behavior.0.compress: "true"
default_cache_behavior.0.default_ttl: "86400"
default_cache_behavior.0.forwarded_values.#: "1"
default_cache_behavior.0.forwarded_values.0.cookies.#: "1"
default_cache_behavior.0.forwarded_values.0.cookies.0.forward: "none"
default_cache_behavior.0.forwarded_values.0.query_string: "false"
default_cache_behavior.0.lambda_function_association.#: "1"
default_cache_behavior.0.lambda_function_association.~833201226.event_type: "viewer-request"
default_cache_behavior.0.lambda_function_association.~833201226.include_body: "false"
default_cache_behavior.0.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
default_cache_behavior.0.max_ttl: "31536000"
default_cache_behavior.0.min_ttl: "0"
default_cache_behavior.0.target_origin_id: "munki"
default_cache_behavior.0.viewer_protocol_policy: "redirect-to-https"
default_root_object: "index.html"
domain_name: <computed>
enabled: "true"
etag: <computed>
hosted_zone_id: <computed>
http_version: "http2"
in_progress_validation_batches: <computed>
is_ipv6_enabled: "false"
last_modified_time: <computed>
ordered_cache_behavior.#: "2"
ordered_cache_behavior.0.allowed_methods.#: "2"
ordered_cache_behavior.0.allowed_methods.1040875975: "GET"
ordered_cache_behavior.0.allowed_methods.1445840968: "HEAD"
ordered_cache_behavior.0.cached_methods.#: "2"
ordered_cache_behavior.0.cached_methods.1040875975: "GET"
ordered_cache_behavior.0.cached_methods.1445840968: "HEAD"
ordered_cache_behavior.0.compress: "true"
ordered_cache_behavior.0.default_ttl: "30"
ordered_cache_behavior.0.forwarded_values.#: "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.#: "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.0.forward: "none"
ordered_cache_behavior.0.forwarded_values.0.query_string: "false"
ordered_cache_behavior.0.lambda_function_association.#: "1"
ordered_cache_behavior.0.lambda_function_association.~833201226.event_type: "viewer-request"
ordered_cache_behavior.0.lambda_function_association.~833201226.include_body: "false"
ordered_cache_behavior.0.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
ordered_cache_behavior.0.max_ttl: "60"
ordered_cache_behavior.0.min_ttl: "0"
ordered_cache_behavior.0.path_pattern: "/catalogs/*"
ordered_cache_behavior.0.target_origin_id: "munki"
ordered_cache_behavior.0.viewer_protocol_policy: "redirect-to-https"
ordered_cache_behavior.1.allowed_methods.#: "2"
ordered_cache_behavior.1.allowed_methods.1040875975: "GET"
ordered_cache_behavior.1.allowed_methods.1445840968: "HEAD"
ordered_cache_behavior.1.cached_methods.#: "2"
ordered_cache_behavior.1.cached_methods.1040875975: "GET"
ordered_cache_behavior.1.cached_methods.1445840968: "HEAD"
ordered_cache_behavior.1.compress: "true"
ordered_cache_behavior.1.default_ttl: "30"
ordered_cache_behavior.1.forwarded_values.#: "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.#: "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.0.forward: "none"
ordered_cache_behavior.1.forwarded_values.0.query_string: "false"
ordered_cache_behavior.1.lambda_function_association.#: "1"
ordered_cache_behavior.1.lambda_function_association.~833201226.event_type: "viewer-request"
ordered_cache_behavior.1.lambda_function_association.~833201226.include_body: "false"
ordered_cache_behavior.1.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
ordered_cache_behavior.1.max_ttl: "60"
ordered_cache_behavior.1.min_ttl: "0"
ordered_cache_behavior.1.path_pattern: "/manifests/*"
ordered_cache_behavior.1.target_origin_id: "munki"
ordered_cache_behavior.1.viewer_protocol_policy: "redirect-to-https"
origin.#: "1"
origin.~3928225203.custom_header.#: "0"
origin.~3928225203.custom_origin_config.#: "0"
origin.~3928225203.domain_name: "${aws_s3_bucket.www.bucket_regional_domain_name}"
origin.~3928225203.origin_id: "munki"
origin.~3928225203.origin_path: ""
origin.~3928225203.s3_origin_config.#: "1"
origin.~3928225203.s3_origin_config.0.origin_access_identity: "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
price_class: "PriceClass_100"
restrictions.#: "1"
restrictions.0.geo_restriction.#: "1"
restrictions.0.geo_restriction.0.restriction_type: "none"
retain_on_delete: "false"
status: <computed>
viewer_certificate.#: "1"
viewer_certificate.0.cloudfront_default_certificate: "true"
viewer_certificate.0.minimum_protocol_version: "TLSv1"
wait_for_deployment: "true"
+ module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity
id: <computed>
caller_reference: <computed>
cloudfront_access_identity_path: <computed>
comment: "Some comment"
etag: <computed>
iam_arn: <computed>
s3_canonical_user_id: <computed>
+ module.munki-repo.aws_iam_role.iam_for_lambda
id: <computed>
arn: <computed>
assume_role_policy: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": [\n \"lambda.amazonaws.com\",\n \"edgelambda.amazonaws.com\"\n ]\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n"
create_date: <computed>
force_detach_policies: "false"
max_session_duration: "3600"
name: "iam_for_lambda"
path: "/"
unique_id: <computed>
+ module.munki-repo.aws_lambda_function.basic_auth_lambda
id: <computed>
arn: <computed>
filename: "basic_auth_lambda.zip"
function_name: "munki_basic_auth"
handler: "basic_auth.handler"
invoke_arn: <computed>
last_modified: <computed>
memory_size: "128"
publish: "false"
qualified_arn: <computed>
reserved_concurrent_executions: "-1"
role: "${aws_iam_role.iam_for_lambda.arn}"
runtime: "nodejs8.10"
source_code_hash: "GTdpyQABCPmmfbk+yGemJhRblQS5Fpg12vpe4/X1lYA="
source_code_size: <computed>
timeout: "3"
tracing_config.#: <computed>
version: <computed>
+ module.munki-repo.aws_s3_bucket.log_bucket
id: <computed>
acceleration_status: <computed>
acl: "log-delivery-write"
arn: <computed>
bucket: "macfaq-munki-bucket-logs"
bucket_domain_name: <computed>
bucket_regional_domain_name: <computed>
force_destroy: "false"
hosted_zone_id: <computed>
lifecycle_rule.#: "1"
lifecycle_rule.0.enabled: "true"
lifecycle_rule.0.id: <computed>
lifecycle_rule.0.transition.#: "1"
lifecycle_rule.0.transition.2000431762.date: ""
lifecycle_rule.0.transition.2000431762.days: "30"
lifecycle_rule.0.transition.2000431762.storage_class: "STANDARD_IA"
region: <computed>
request_payer: <computed>
versioning.#: <computed>
website_domain: <computed>
website_endpoint: <computed>
+ module.munki-repo.aws_s3_bucket.www
id: <computed>
acceleration_status: <computed>
acl: "private"
arn: <computed>
bucket: "macfaq-munki-bucket"
bucket_domain_name: <computed>
bucket_regional_domain_name: <computed>
force_destroy: "false"
hosted_zone_id: <computed>
logging.#: "1"
logging.~4016003484.target_bucket: "${aws_s3_bucket.log_bucket.id}"
logging.~4016003484.target_prefix: "logs/"
region: <computed>
request_payer: <computed>
versioning.#: <computed>
website_domain: <computed>
website_endpoint: <computed>
+ module.munki-repo.aws_s3_bucket_policy.www
id: <computed>
bucket: "${aws_s3_bucket.www.id}"
policy: "${data.aws_iam_policy_document.s3_policy.json}"
Plan: 7 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
------------------------------------------------------------------------------------------------ 22:56:36
brandon@mahogany:~/Desktop$ terraform apply
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Default: us-east-1
Enter a value: us-west-1
data.template_file.basic_auth_js: Refreshing state...
data.archive_file.basic_auth_lambda_zip: Refreshing state...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
<= read (data resources)
Terraform will perform the following actions:
<= module.munki-repo.data.aws_iam_policy_document.s3_policy
id: <computed>
json: <computed>
statement.#: "2"
statement.0.actions.#: "1"
statement.0.actions.2071725391: "s3:GetObject"
statement.0.effect: "Allow"
statement.0.principals.#: "1"
statement.0.principals.~3303760437.identifiers.#: <computed>
statement.0.principals.~3303760437.type: "AWS"
statement.0.resources.#: <computed>
statement.1.actions.#: "1"
statement.1.actions.486976917: "s3:ListBucket"
statement.1.effect: "Allow"
statement.1.principals.#: "1"
statement.1.principals.~3303760437.identifiers.#: <computed>
statement.1.principals.~3303760437.type: "AWS"
statement.1.resources.#: <computed>
version: "2012-10-17"
+ module.munki-repo.aws_cloudfront_distribution.www_distribution
id: <computed>
active_trusted_signers.%: <computed>
arn: <computed>
caller_reference: <computed>
default_cache_behavior.#: "1"
default_cache_behavior.0.allowed_methods.#: "2"
default_cache_behavior.0.allowed_methods.1040875975: "GET"
default_cache_behavior.0.allowed_methods.1445840968: "HEAD"
default_cache_behavior.0.cached_methods.#: "2"
default_cache_behavior.0.cached_methods.1040875975: "GET"
default_cache_behavior.0.cached_methods.1445840968: "HEAD"
default_cache_behavior.0.compress: "true"
default_cache_behavior.0.default_ttl: "86400"
default_cache_behavior.0.forwarded_values.#: "1"
default_cache_behavior.0.forwarded_values.0.cookies.#: "1"
default_cache_behavior.0.forwarded_values.0.cookies.0.forward: "none"
default_cache_behavior.0.forwarded_values.0.query_string: "false"
default_cache_behavior.0.lambda_function_association.#: "1"
default_cache_behavior.0.lambda_function_association.~833201226.event_type: "viewer-request"
default_cache_behavior.0.lambda_function_association.~833201226.include_body: "false"
default_cache_behavior.0.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
default_cache_behavior.0.max_ttl: "31536000"
default_cache_behavior.0.min_ttl: "0"
default_cache_behavior.0.target_origin_id: "munki"
default_cache_behavior.0.viewer_protocol_policy: "redirect-to-https"
default_root_object: "index.html"
domain_name: <computed>
enabled: "true"
etag: <computed>
hosted_zone_id: <computed>
http_version: "http2"
in_progress_validation_batches: <computed>
is_ipv6_enabled: "false"
last_modified_time: <computed>
ordered_cache_behavior.#: "2"
ordered_cache_behavior.0.allowed_methods.#: "2"
ordered_cache_behavior.0.allowed_methods.1040875975: "GET"
ordered_cache_behavior.0.allowed_methods.1445840968: "HEAD"
ordered_cache_behavior.0.cached_methods.#: "2"
ordered_cache_behavior.0.cached_methods.1040875975: "GET"
ordered_cache_behavior.0.cached_methods.1445840968: "HEAD"
ordered_cache_behavior.0.compress: "true"
ordered_cache_behavior.0.default_ttl: "30"
ordered_cache_behavior.0.forwarded_values.#: "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.#: "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.0.forward: "none"
ordered_cache_behavior.0.forwarded_values.0.query_string: "false"
ordered_cache_behavior.0.lambda_function_association.#: "1"
ordered_cache_behavior.0.lambda_function_association.~833201226.event_type: "viewer-request"
ordered_cache_behavior.0.lambda_function_association.~833201226.include_body: "false"
ordered_cache_behavior.0.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
ordered_cache_behavior.0.max_ttl: "60"
ordered_cache_behavior.0.min_ttl: "0"
ordered_cache_behavior.0.path_pattern: "/catalogs/*"
ordered_cache_behavior.0.target_origin_id: "munki"
ordered_cache_behavior.0.viewer_protocol_policy: "redirect-to-https"
ordered_cache_behavior.1.allowed_methods.#: "2"
ordered_cache_behavior.1.allowed_methods.1040875975: "GET"
ordered_cache_behavior.1.allowed_methods.1445840968: "HEAD"
ordered_cache_behavior.1.cached_methods.#: "2"
ordered_cache_behavior.1.cached_methods.1040875975: "GET"
ordered_cache_behavior.1.cached_methods.1445840968: "HEAD"
ordered_cache_behavior.1.compress: "true"
ordered_cache_behavior.1.default_ttl: "30"
ordered_cache_behavior.1.forwarded_values.#: "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.#: "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.0.forward: "none"
ordered_cache_behavior.1.forwarded_values.0.query_string: "false"
ordered_cache_behavior.1.lambda_function_association.#: "1"
ordered_cache_behavior.1.lambda_function_association.~833201226.event_type: "viewer-request"
ordered_cache_behavior.1.lambda_function_association.~833201226.include_body: "false"
ordered_cache_behavior.1.lambda_function_association.~833201226.lambda_arn: "${aws_lambda_function.basic_auth_lambda.arn}:${aws_lambda_function.basic_auth_lambda.version}"
ordered_cache_behavior.1.max_ttl: "60"
ordered_cache_behavior.1.min_ttl: "0"
ordered_cache_behavior.1.path_pattern: "/manifests/*"
ordered_cache_behavior.1.target_origin_id: "munki"
ordered_cache_behavior.1.viewer_protocol_policy: "redirect-to-https"
origin.#: "1"
origin.~3928225203.custom_header.#: "0"
origin.~3928225203.custom_origin_config.#: "0"
origin.~3928225203.domain_name: "${aws_s3_bucket.www.bucket_regional_domain_name}"
origin.~3928225203.origin_id: "munki"
origin.~3928225203.origin_path: ""
origin.~3928225203.s3_origin_config.#: "1"
origin.~3928225203.s3_origin_config.0.origin_access_identity: "${aws_cloudfront_origin_access_identity.origin_access_identity.cloudfront_access_identity_path}"
price_class: "PriceClass_100"
restrictions.#: "1"
restrictions.0.geo_restriction.#: "1"
restrictions.0.geo_restriction.0.restriction_type: "none"
retain_on_delete: "false"
status: <computed>
viewer_certificate.#: "1"
viewer_certificate.0.cloudfront_default_certificate: "true"
viewer_certificate.0.minimum_protocol_version: "TLSv1"
wait_for_deployment: "true"
+ module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity
id: <computed>
caller_reference: <computed>
cloudfront_access_identity_path: <computed>
comment: "Some comment"
etag: <computed>
iam_arn: <computed>
s3_canonical_user_id: <computed>
+ module.munki-repo.aws_iam_role.iam_for_lambda
id: <computed>
arn: <computed>
assume_role_policy: "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": [\n \"lambda.amazonaws.com\",\n \"edgelambda.amazonaws.com\"\n ]\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n"
create_date: <computed>
force_detach_policies: "false"
max_session_duration: "3600"
name: "iam_for_lambda"
path: "/"
unique_id: <computed>
+ module.munki-repo.aws_lambda_function.basic_auth_lambda
id: <computed>
arn: <computed>
filename: "basic_auth_lambda.zip"
function_name: "munki_basic_auth"
handler: "basic_auth.handler"
invoke_arn: <computed>
last_modified: <computed>
memory_size: "128"
publish: "false"
qualified_arn: <computed>
reserved_concurrent_executions: "-1"
role: "${aws_iam_role.iam_for_lambda.arn}"
runtime: "nodejs8.10"
source_code_hash: "GTdpyQABCPmmfbk+yGemJhRblQS5Fpg12vpe4/X1lYA="
source_code_size: <computed>
timeout: "3"
tracing_config.#: <computed>
version: <computed>
+ module.munki-repo.aws_s3_bucket.log_bucket
id: <computed>
acceleration_status: <computed>
acl: "log-delivery-write"
arn: <computed>
bucket: "macfaq-munki-bucket-logs"
bucket_domain_name: <computed>
bucket_regional_domain_name: <computed>
force_destroy: "false"
hosted_zone_id: <computed>
lifecycle_rule.#: "1"
lifecycle_rule.0.enabled: "true"
lifecycle_rule.0.id: <computed>
lifecycle_rule.0.transition.#: "1"
lifecycle_rule.0.transition.2000431762.date: ""
lifecycle_rule.0.transition.2000431762.days: "30"
lifecycle_rule.0.transition.2000431762.storage_class: "STANDARD_IA"
region: <computed>
request_payer: <computed>
versioning.#: <computed>
website_domain: <computed>
website_endpoint: <computed>
+ module.munki-repo.aws_s3_bucket.www
id: <computed>
acceleration_status: <computed>
acl: "private"
arn: <computed>
bucket: "macfaq-munki-bucket"
bucket_domain_name: <computed>
bucket_regional_domain_name: <computed>
force_destroy: "false"
hosted_zone_id: <computed>
logging.#: "1"
logging.~4016003484.target_bucket: "${aws_s3_bucket.log_bucket.id}"
logging.~4016003484.target_prefix: "logs/"
region: <computed>
request_payer: <computed>
versioning.#: <computed>
website_domain: <computed>
website_endpoint: <computed>
+ module.munki-repo.aws_s3_bucket_policy.www
id: <computed>
bucket: "${aws_s3_bucket.www.id}"
policy: "${data.aws_iam_policy_document.s3_policy.json}"
Plan: 7 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity: Creating...
caller_reference: "" => "<computed>"
cloudfront_access_identity_path: "" => "<computed>"
comment: "" => "Some comment"
etag: "" => "<computed>"
iam_arn: "" => "<computed>"
s3_canonical_user_id: "" => "<computed>"
module.munki-repo.aws_iam_role.iam_for_lambda: Creating...
arn: "" => "<computed>"
assume_role_policy: "" => "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": [\n \"lambda.amazonaws.com\",\n \"edgelambda.amazonaws.com\"\n ]\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n"
create_date: "" => "<computed>"
force_detach_policies: "" => "false"
max_session_duration: "" => "3600"
name: "" => "iam_for_lambda"
path: "" => "/"
unique_id: "" => "<computed>"
module.munki-repo.aws_s3_bucket.log_bucket: Creating...
acceleration_status: "" => "<computed>"
acl: "" => "log-delivery-write"
arn: "" => "<computed>"
bucket: "" => "macfaq-munki-bucket-logs"
bucket_domain_name: "" => "<computed>"
bucket_regional_domain_name: "" => "<computed>"
force_destroy: "" => "false"
hosted_zone_id: "" => "<computed>"
lifecycle_rule.#: "" => "1"
lifecycle_rule.0.enabled: "" => "true"
lifecycle_rule.0.id: "" => "<computed>"
lifecycle_rule.0.transition.#: "" => "1"
lifecycle_rule.0.transition.2000431762.date: "" => ""
lifecycle_rule.0.transition.2000431762.days: "" => "30"
lifecycle_rule.0.transition.2000431762.storage_class: "" => "STANDARD_IA"
region: "" => "<computed>"
request_payer: "" => "<computed>"
versioning.#: "" => "<computed>"
website_domain: "" => "<computed>"
website_endpoint: "" => "<computed>"
module.munki-repo.aws_iam_role.iam_for_lambda: Creation complete after 0s (ID: iam_for_lambda)
module.munki-repo.aws_lambda_function.basic_auth_lambda: Creating...
arn: "" => "<computed>"
filename: "" => "basic_auth_lambda.zip"
function_name: "" => "munki_basic_auth"
handler: "" => "basic_auth.handler"
invoke_arn: "" => "<computed>"
last_modified: "" => "<computed>"
memory_size: "" => "128"
publish: "" => "false"
qualified_arn: "" => "<computed>"
reserved_concurrent_executions: "" => "-1"
role: "" => "arn:aws:iam::080972764581:role/iam_for_lambda"
runtime: "" => "nodejs8.10"
source_code_hash: "" => "GTdpyQABCPmmfbk+yGemJhRblQS5Fpg12vpe4/X1lYA="
source_code_size: "" => "<computed>"
timeout: "" => "3"
tracing_config.#: "" => "<computed>"
version: "" => "<computed>"
module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity: Creation complete after 1s (ID: E1ZGXOZ2SJHNIE)
module.munki-repo.aws_s3_bucket.log_bucket: Creation complete after 2s (ID: macfaq-munki-bucket-logs)
module.munki-repo.aws_s3_bucket.www: Creating...
acceleration_status: "" => "<computed>"
acl: "" => "private"
arn: "" => "<computed>"
bucket: "" => "macfaq-munki-bucket"
bucket_domain_name: "" => "<computed>"
bucket_regional_domain_name: "" => "<computed>"
force_destroy: "" => "false"
hosted_zone_id: "" => "<computed>"
logging.#: "" => "1"
logging.56300298.target_bucket: "" => "macfaq-munki-bucket-logs"
logging.56300298.target_prefix: "" => "logs/"
region: "" => "<computed>"
request_payer: "" => "<computed>"
versioning.#: "" => "<computed>"
website_domain: "" => "<computed>"
website_endpoint: "" => "<computed>"
module.munki-repo.aws_s3_bucket.www: Creation complete after 3s (ID: macfaq-munki-bucket)
module.munki-repo.data.aws_iam_policy_document.s3_policy: Refreshing state...
module.munki-repo.aws_s3_bucket_policy.www: Creating...
bucket: "" => "macfaq-munki-bucket"
policy: "" => "{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:GetObject\",\n \"Resource\": \"arn:aws:s3:::macfaq-munki-bucket/*\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1ZGXOZ2SJHNIE\"\n }\n },\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Action\": \"s3:ListBucket\",\n \"Resource\": \"arn:aws:s3:::macfaq-munki-bucket\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity E1ZGXOZ2SJHNIE\"\n }\n }\n ]\n}"
module.munki-repo.aws_lambda_function.basic_auth_lambda: Still creating... (10s elapsed)
module.munki-repo.aws_s3_bucket_policy.www: Creation complete after 8s (ID: macfaq-munki-bucket)
module.munki-repo.aws_lambda_function.basic_auth_lambda: Creation complete after 16s (ID: munki_basic_auth)
module.munki-repo.aws_cloudfront_distribution.www_distribution: Creating...
active_trusted_signers.%: "" => "<computed>"
arn: "" => "<computed>"
caller_reference: "" => "<computed>"
default_cache_behavior.#: "0" => "1"
default_cache_behavior.0.allowed_methods.#: "0" => "2"
default_cache_behavior.0.allowed_methods.1040875975: "" => "GET"
default_cache_behavior.0.allowed_methods.1445840968: "" => "HEAD"
default_cache_behavior.0.cached_methods.#: "0" => "2"
default_cache_behavior.0.cached_methods.1040875975: "" => "GET"
default_cache_behavior.0.cached_methods.1445840968: "" => "HEAD"
default_cache_behavior.0.compress: "" => "true"
default_cache_behavior.0.default_ttl: "" => "86400"
default_cache_behavior.0.forwarded_values.#: "0" => "1"
default_cache_behavior.0.forwarded_values.0.cookies.#: "0" => "1"
default_cache_behavior.0.forwarded_values.0.cookies.0.forward: "" => "none"
default_cache_behavior.0.forwarded_values.0.query_string: "" => "false"
default_cache_behavior.0.lambda_function_association.#: "0" => "1"
default_cache_behavior.0.lambda_function_association.1612320388.event_type: "" => "viewer-request"
default_cache_behavior.0.lambda_function_association.1612320388.include_body: "" => "false"
default_cache_behavior.0.lambda_function_association.1612320388.lambda_arn: "" => "arn:aws:lambda:us-west-1:080972764581:function:munki_basic_auth:$LATEST"
default_cache_behavior.0.max_ttl: "" => "31536000"
default_cache_behavior.0.min_ttl: "" => "0"
default_cache_behavior.0.target_origin_id: "" => "munki"
default_cache_behavior.0.viewer_protocol_policy: "" => "redirect-to-https"
default_root_object: "" => "index.html"
domain_name: "" => "<computed>"
enabled: "" => "true"
etag: "" => "<computed>"
hosted_zone_id: "" => "<computed>"
http_version: "" => "http2"
in_progress_validation_batches: "" => "<computed>"
is_ipv6_enabled: "" => "false"
last_modified_time: "" => "<computed>"
ordered_cache_behavior.#: "0" => "2"
ordered_cache_behavior.0.allowed_methods.#: "0" => "2"
ordered_cache_behavior.0.allowed_methods.1040875975: "" => "GET"
ordered_cache_behavior.0.allowed_methods.1445840968: "" => "HEAD"
ordered_cache_behavior.0.cached_methods.#: "0" => "2"
ordered_cache_behavior.0.cached_methods.1040875975: "" => "GET"
ordered_cache_behavior.0.cached_methods.1445840968: "" => "HEAD"
ordered_cache_behavior.0.compress: "" => "true"
ordered_cache_behavior.0.default_ttl: "" => "30"
ordered_cache_behavior.0.forwarded_values.#: "0" => "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.#: "0" => "1"
ordered_cache_behavior.0.forwarded_values.0.cookies.0.forward: "" => "none"
ordered_cache_behavior.0.forwarded_values.0.query_string: "" => "false"
ordered_cache_behavior.0.lambda_function_association.#: "0" => "1"
ordered_cache_behavior.0.lambda_function_association.1612320388.event_type: "" => "viewer-request"
ordered_cache_behavior.0.lambda_function_association.1612320388.include_body: "" => "false"
ordered_cache_behavior.0.lambda_function_association.1612320388.lambda_arn: "" => "arn:aws:lambda:us-west-1:080972764581:function:munki_basic_auth:$LATEST"
ordered_cache_behavior.0.max_ttl: "" => "60"
ordered_cache_behavior.0.min_ttl: "" => "0"
ordered_cache_behavior.0.path_pattern: "" => "/catalogs/*"
ordered_cache_behavior.0.target_origin_id: "" => "munki"
ordered_cache_behavior.0.viewer_protocol_policy: "" => "redirect-to-https"
ordered_cache_behavior.1.allowed_methods.#: "0" => "2"
ordered_cache_behavior.1.allowed_methods.1040875975: "" => "GET"
ordered_cache_behavior.1.allowed_methods.1445840968: "" => "HEAD"
ordered_cache_behavior.1.cached_methods.#: "0" => "2"
ordered_cache_behavior.1.cached_methods.1040875975: "" => "GET"
ordered_cache_behavior.1.cached_methods.1445840968: "" => "HEAD"
ordered_cache_behavior.1.compress: "" => "true"
ordered_cache_behavior.1.default_ttl: "" => "30"
ordered_cache_behavior.1.forwarded_values.#: "0" => "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.#: "0" => "1"
ordered_cache_behavior.1.forwarded_values.0.cookies.0.forward: "" => "none"
ordered_cache_behavior.1.forwarded_values.0.query_string: "" => "false"
ordered_cache_behavior.1.lambda_function_association.#: "0" => "1"
ordered_cache_behavior.1.lambda_function_association.1612320388.event_type: "" => "viewer-request"
ordered_cache_behavior.1.lambda_function_association.1612320388.include_body: "" => "false"
ordered_cache_behavior.1.lambda_function_association.1612320388.lambda_arn: "" => "arn:aws:lambda:us-west-1:080972764581:function:munki_basic_auth:$LATEST"
ordered_cache_behavior.1.max_ttl: "" => "60"
ordered_cache_behavior.1.min_ttl: "" => "0"
ordered_cache_behavior.1.path_pattern: "" => "/manifests/*"
ordered_cache_behavior.1.target_origin_id: "" => "munki"
ordered_cache_behavior.1.viewer_protocol_policy: "" => "redirect-to-https"
origin.#: "0" => "1"
origin.29530236.custom_header.#: "0" => "0"
origin.29530236.custom_origin_config.#: "0" => "0"
origin.29530236.domain_name: "" => "macfaq-munki-bucket.s3.us-west-1.amazonaws.com"
origin.29530236.origin_id: "" => "munki"
origin.29530236.origin_path: "" => ""
origin.29530236.s3_origin_config.#: "0" => "1"
origin.29530236.s3_origin_config.0.origin_access_identity: "" => "origin-access-identity/cloudfront/E1ZGXOZ2SJHNIE"
price_class: "" => "PriceClass_100"
restrictions.#: "0" => "1"
restrictions.0.geo_restriction.#: "0" => "1"
restrictions.0.geo_restriction.0.restriction_type: "" => "none"
retain_on_delete: "" => "false"
status: "" => "<computed>"
viewer_certificate.#: "0" => "1"
viewer_certificate.0.cloudfront_default_certificate: "" => "true"
viewer_certificate.0.minimum_protocol_version: "" => "TLSv1"
wait_for_deployment: "" => "true"
Error: Error applying plan:
1 error(s) occurred:
* module.munki-repo.aws_cloudfront_distribution.www_distribution: 1 error(s) occurred:
* aws_cloudfront_distribution.www_distribution: error creating CloudFront Distribution: InvalidLambdaFunctionAssociation: The function ARN must reference a specific function version. (The ARN must end with the version number.) ARN: arn:aws:lambda:us-west-1:080972764581:function:munki_basic_auth:$LATEST
status code: 400, request id: 27138030-6c9f-11e9-815d-e1426c0813f0
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
22:57:22
brandon@mahogany:~/Desktop$ terraform state show
Multiple instances found for the given pattern!
This command requires that the pattern match exactly one instance
of a resource. To view the matched instances, use "terraform state list".
Please modify the pattern to match only a single instance.
22:59:42
brandon@mahogany:~/Desktop$ terraform state list
module.munki-repo.archive_file.basic_auth_lambda_zip
module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity
module.munki-repo.aws_iam_policy_document.s3_policy
module.munki-repo.aws_iam_role.iam_for_lambda
module.munki-repo.aws_lambda_function.basic_auth_lambda
module.munki-repo.aws_s3_bucket.log_bucket
module.munki-repo.aws_s3_bucket.www
module.munki-repo.aws_s3_bucket_policy.www
module.munki-repo.template_file.basic_auth_js
----------------------------------------------------------------------------------------- 22:59:54
brandon@mahogany:~/Desktop$ terraform state show module.munki.aws_cloudfront_distribution.www_distribution | grep domain_name
You probably want to check out version 0.0.6
.
Thanks. Can just adjust the main.tf file accordingly and re-run? Or do I need to wipe things out to begin fresh?
You will need to init
to get the updated version of the module, but that's about it.
Just ran it and it was successful. :) However, can't find the distribution url.
running
terraform state show module.munki.aws_cloudfront_distribution.www_distribution | grep domain_name
returns no value
brandon@mahogany:~/Desktop$ terraform state list
module.munki-repo.archive_file.basic_auth_lambda_zip
module.munki-repo.aws_cloudfront_distribution.www_distribution
module.munki-repo.aws_cloudfront_origin_access_identity.origin_access_identity
module.munki-repo.aws_iam_policy_document.s3_policy
module.munki-repo.aws_iam_role.iam_for_lambda
module.munki-repo.aws_lambda_function.basic_auth_lambda
module.munki-repo.aws_s3_bucket.log_bucket
module.munki-repo.aws_s3_bucket.www
module.munki-repo.aws_s3_bucket_policy.www
module.munki-repo.template_file.basic_auth_js
12:42:56 brandon@mahogany:~/Desktop$ terraform state show module.munki.aws_cloudfront_distribution.www_distribution | grep domain_name
12:43:26 brandon@mahogany:~/Desktop$
I had to update this line to find the domain.
From this:
terraform state show module.munki.aws_cloudfront_distribution.www_distribution | grep domain_name
to this:
terraform state show module.munki-repo.aws_cloudfront_distribution.www_distribution | grep domain_name
Thanks for creating this! :)