operations/provision-vault/dev/terraform-aws gives errors

Question

operations/provision-vault/dev/terraform-aws gives errors

jayeye opened this issue 6 years ago · 4 comments

Today's branch:

$ git rev-parse HEAD
001485be5f35bc20f4a092cd36fc82f2b7117ec1

Version built with go get github.com/hashicorp/terraform:

$ terraform -v
Terraform v0.11.8-dev
+ provider.aws v1.24.0
+ provider.null v1.0.0
+ provider.random v1.3.1
+ provider.template v1.0.0
+ provider.tls v1.1.0

Yes, my AWS region is already configured:

$ cat ~/.aws/config
[default]
output = json
region = us-east-1

I'm running in an EC2 instance under a role with full privileges

$ curl 169.254.169.254/latest/meta-data/iam/security-credentials/AWS_Admin
{
  "Code" : "Success",
  "LastUpdated" : "2018-06-23T01:12:19Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "...redacted...",
  "SecretAccessKey" : "...redacted...",
  "Token" : "...redacted...",
  "Expiration" : "2018-06-23T07:43:49Z"
}

$ pwd
/home/ji/workspace/vault-guides/operations/provision-vault/dev/terraform-aws

$ terraform apply
provider.aws.region
  The region where AWS operations will take place. Examples
  are us-east-1, us-west-2, etc.

  Default: us-east-1
  Enter a value: us-east-1

provider.aws.region
  The region where AWS operations will take place. Examples
  are us-east-1, us-west-2, etc.

  Default: us-east-1
  Enter a value: us-east-1

provider.aws.region
  The region where AWS operations will take place. Examples
  are us-east-1, us-west-2, etc.

  Default: us-east-1
  Enter a value: us-east-1


Error: module.consul_lb_aws.provider.aws: "region": required field is not set

Error: module.network_aws.module.bastion_consul_client_sg.provider.aws: "region": required field is not set

Error: module.network_aws.module.consul_auto_join_instance_role.provider.aws: "region": required field is not set

Error: module.network_aws.module.ssh_keypair_aws.provider.aws: "region": required field is not set

Error: module.network_aws.provider.aws: "region": required field is not set

Error: module.ssh_keypair_aws.provider.aws: "region": required field is not set

Error: module.vault_aws.module.consul_auto_join_instance_role.provider.aws: "region": required field is not set

Error: module.vault_aws.module.vault_server_sg.provider.aws: "region": required field is not set

Error: module.vault_aws.provider.aws: "region": required field is not set

Answer 1 · 2018-06-25T20:33:56.000Z

I'm experiencing the same issue.

$ git rev-parse HEAD
001485be5f35bc20f4a092cd36fc82f2b7117ec1

Version built with brew install terraform:

Terraform v0.11.7
+ provider.aws v1.24.0
+ provider.null v1.0.0
+ provider.random v1.3.1
+ provider.template v1.0.0
+ provider.tls v1.1.0

Error output is identical to @jayeye above.

Answer 2 · 2018-06-25T22:02:33.000Z

After scouting around, you can avoid the region prompts by declaring it in an environment variable on the command line: AWS_DEFAULT_REGION='us-east-1' terraform plan

Answer 3 · 2018-07-17T01:27:04.000Z

@jayeye @mattkeeler - apologies for the delay here, it seems I wasn't getting notifications on issues created on this repo!

@mattkeeler is correct, I built these guides with the AWS_DEFAULT_REGION env var was set (e.g. export AWS_DEFAULT_REGION=us-east-1 - I add this to my .bashrc file) while using Terraform, so hadn't tested the other methods.

That said, Terraform should be able to pick up your shared credentials file (which should include region and keys) automatically.

region - (Required) This is the AWS region. It must be provided, but it can also be sourced from the AWS_DEFAULT_REGION environment variables, or via a shared credentials file if profile is specified.

shared_credentials_file = (Optional) This is the path to the shared credentials file. If this is not set and a profile is specified, ~/.aws/credentials will be used.

profile - (Optional) This is the AWS profile name as set in the shared credentials file.

Can you try one of the below options and see if it picks up your region and keys from the creds file?

1.) Set the provider explicitly and defined shared_credentials_file and profile (requires adding the aws provider to a .tf file).

provider "aws" {
  shared_credentials_file = "/Users/tf_user/.aws/creds" 
  profile = "customprofile"  
}

2.) Set the AWS_SHARED_CREDENTIALS_FILE and AWS_PROFILE env vars.

Docs for methods I referenced below.

Answer 4 · 2018-09-04T03:35:27.000Z

Closing this issue as it should be resolved using any of the above methods to provide creds to the AWS provider.