33

就在今天,每当我运行时terraform apply,我都会看到类似这样的错误:Can't configure a value for "lifecycle_rule": its value will be decided automatically based on the result of applying this configuration.

昨天还在工作。

以下是我运行的命令:terraform init && terraform apply

以下是已初始化的提供程序插件列表:

- Finding latest version of hashicorp/archive...
- Finding latest version of hashicorp/aws...
- Finding latest version of hashicorp/null...
- Installing hashicorp/null v3.1.0...
- Installed hashicorp/null v3.1.0 (signed by HashiCorp)
- Installing hashicorp/archive v2.2.0...
- Installed hashicorp/archive v2.2.0 (signed by HashiCorp)
- Installing hashicorp/aws v4.0.0...
- Installed hashicorp/aws v4.0.0 (signed by HashiCorp)

以下是错误:

Acquiring state lock. This may take a few moments...
Releasing state lock. This may take a few moments...
╷
│ Error: Value for unconfigurable attribute
│ 
│   with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│    1: resource "aws_s3_bucket" "this" {
│ 
│ Can't configure a value for "lifecycle_rule": its value will be decided
│ automatically based on the result of applying this configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│ 
│   with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 1, in resource "aws_s3_bucket" "this":
│    1: resource "aws_s3_bucket" "this" {
│ 
│ Can't configure a value for "server_side_encryption_configuration": its
│ value will be decided automatically based on the result of applying this
│ configuration.
╵
╷
│ Error: Value for unconfigurable attribute
│ 
│   with module.ssm-parameter-store-backup.aws_s3_bucket.this,
│   on .terraform/modules/ssm-parameter-store-backup/s3_backup.tf line 3, in resource "aws_s3_bucket" "this":
│    3:   acl    = "private"
│ 
│ Can't configure a value for "acl": its value will be decided automatically
│ based on the result of applying this configuration.
╵
ERRO[0012] 1 error occurred:
        * exit status 1

我的代码如下:

resource "aws_s3_bucket" "this" {
  bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
  acl    = "private"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = data.aws_kms_key.s3.arn
        sse_algorithm     = "aws:kms"
      }
    }
  }

  lifecycle_rule {
    id      = "backups"
    enabled = true

    prefix = "backups/"

    transition {
      days          = 90
      storage_class = "GLACIER_IR"
    }

    transition {
      days          = 180
      storage_class = "DEEP_ARCHIVE"
    }

    expiration {
      days = 365
    }
  }

  tags = {
    Name        = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
    Environment = var.environment
  }
}
4

4 回答 4

31

Terraform AWS Provider 已升级到 2022 年 2 月 10 日发布的 4.0.0 版本。

该版本的主要变化包括:

  • AWS Provider 4.0.0 版对 aws_s3_bucket 资源进行了重大更改。
  • AWS Provider 的 4.0.0 版本将是支持 EC2-Classic 资源的最后一个主要版本,因为 AWS 计划完全停用 EC2-Classic Networking。有关更多详细信息,请参阅 AWS 新闻博客。
  • AWS Provider 的 4.0.0 和 4.xx 版本将是与 Terraform 0.12-0.15 兼容的最后一个版本。

Terraform 进行此更改的原因如下:为了帮助通过独立资源分发 S3 存储桶设置的管理,资源中的各种参数和属性aws_s3_bucket已变为只读。应更新依赖于这些参数的配置以使用相应的aws_s3_bucket_*资源。更新后,new aws_s3_bucket_*应将资源导入 Terraform 状态。

因此,我按照此处的指南相应地更新了我的代码:Terraform AWS Provider Version 4 Upgrade Guide | S3 存储桶重构

新的工作代码如下所示:

resource "aws_s3_bucket" "this" {
  bucket = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"

  tags = {
    Name        = "${var.project}-${var.environment}-ssm-parameter-store-backups-bucket"
    Environment = var.environment
  }
}

resource "aws_s3_bucket_acl" "this" {
  bucket = aws_s3_bucket.this.id
  acl    = "private"
}

resource "aws_s3_bucket_server_side_encryption_configuration" "this" {
  bucket = aws_s3_bucket.this.id

  rule {
    apply_server_side_encryption_by_default {
      kms_master_key_id = data.aws_kms_key.s3.arn
      sse_algorithm     = "aws:kms"
    }
  }
}

resource "aws_s3_bucket_lifecycle_configuration" "this" {
  bucket = aws_s3_bucket.this.id

  rule {
    id     = "backups"
    status = "Enabled"

    filter {
      prefix = "backups/"
    }

    transition {
      days          = 90
      storage_class = "GLACIER_IR"
    }

    transition {
      days          = 180
      storage_class = "DEEP_ARCHIVE"
    }

    expiration {
      days = 365
    }
  }
}

如果您不想将 Terraform AWS Provider 版本升级到 4.0.0,则可以通过在代码中明确指定来使用现有或更旧的版本,如下所示:

terraform {
  required_version = "~> 1.0.11"
  required_providers {
    aws  = "~> 3.73.0"
  }
}
于 2022-02-11T10:20:18.673 回答
16

由于 Terraform AWS Provider 已更新至 4.0.0 版,因此已损坏。

如果您无法升级您的版本,也许您可​​以像这样锁定您的 AWS 提供商版本:

terraform {

  required_version = "~> 0.12.31"

  required_providers {
    aws  = "~> 3.74.1"
  }
}
于 2022-02-11T15:54:49.243 回答
6

对于 Terragrunt / Terraform 用户

正如其他人所提到的,AWS Provider 升级到了 4.0。此处描述了重大更改(在 git 4.0 标签下)GitHub | terraform-provider-aws | v4.0.0

请注意对 s3 的重大更改。我在页面上找到了39 个参考文献。aws_s3_bucket现实情况是,我们中的一些人没有时间解决当前项目的所有重大变化。我发现 3.74.1 版本非常有效

要限制所有使用 Terragrunt 配置的 Terraform 项目,在 terragrunt 存储库的根terragrunt.hcl文件中,您可以指定以下内容:

generate "versions" {
    path      = "versions_override.tf"
    if_exists = "overwrite_terragrunt"
    contents  = <<EOF
    terraform {
        required_providers {
        aws = {
            version = "= 3.74.1"
            source = "hashicorp/aws"
        }
        }
    }
EOF
}

实际上,Terragrunt 将生成一个 versions_override.tf terraform 配置文件,该文件将定义 3.74.1 的显式版本

于 2022-02-12T12:06:48.930 回答
2

快速解决方案:按照 Terraform 在此处提供的升级指南: Terraform AWS Provider Version 4 Upgrade Guide,在您准备好迁移到版本 4 之前,将您的项目保持在版本 3 上。

为此,请冻结您的提供程序,如下所示:

terraform {
   required_providers {    
    aws = {
         source = "hashicorp/aws"
         version =  "~> 3.74.2"
    }
    consul = {
      source = "hashicorp/consul"
    }
  }
  required_version = ">= 0.13"
}
于 2022-02-14T18:01:10.587 回答