Stephen Nelson
04/07/2022, 7:11 PMError refreshing state: AccessDenied: Access Denied
status code: 403, request id: 4739C470TC1FJYWN, host id: <snip>
This is my first time using terraform, so I am probably missing something… any suggestions?Linda Zhou
04/07/2022, 7:36 PMStephen Nelson
04/07/2022, 7:50 PMLinda Zhou
04/07/2022, 7:52 PMStephen Nelson
04/07/2022, 7:53 PMBenjamin Edwards
04/07/2022, 7:53 PMAWS_PROFILE=foo terraform init
Stephen Nelson
04/07/2022, 7:56 PM---[ REQUEST POST-SIGN ]-----------------------------
GET /fleet/ HTTP/1.1
Host: <http://fleet-terraform-remote-state.s3.us-east-2.amazonaws.com|fleet-terraform-remote-state.s3.us-east-2.amazonaws.com>
User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.1.7 aws-sdk-go/1.42.35 (go1.17.6; darwin; amd64)
Authorization: AWS4-HMAC-SHA256 Credential=<my admin credential>, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<snip>
X-Amz-Content-Sha256: <snip>
X-Amz-Date: 20220407T195935Z
Accept-Encoding: gzip
-----------------------------------------------------
2022-04-07T12:59:36.110-0700 [DEBUG] [aws-sdk-go] DEBUG: Response s3/GetObject Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 403 Forbidden
Connection: close
Transfer-Encoding: chunked
Content-Type: application/xml
Date: Thu, 07 Apr 2022 19:59:36 GMT
Server: AmazonS3
X-Amz-Id-2: <snip>
X-Amz-Request-Id: <snip>
Benjamin Edwards
04/07/2022, 8:18 PMLinda Zhou
04/07/2022, 9:07 PMStephen Nelson
04/07/2022, 9:09 PM{"ConsistentRead":true,"Key":{"LockID":{"S":"magritte-fleet-terraform-remote-state/env:/prod/fleet"}},"ProjectionExpression":"LockID, Info","TableName":"magritte-fleet-terraform-state-lock"}
-----------------------------------------------------
2022-04-07T14:27:39.904-0700 [DEBUG] [aws-sdk-go] DEBUG: Response dynamodb/GetItem Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 400 Bad Request
Connection: close
Content-Length: 112
Content-Type: application/x-amz-json-1.0
Date: Thu, 07 Apr 2022 21:27:39 GMT
Server: Server
X-Amz-Crc32: 3737639027
X-Amzn-Requestid: CAPT9R5M63GSE6GVOBM0UHSPFJVV4KQNSO5AEMVJF66Q9ASUAAJG
-----------------------------------------------------
2022-04-07T14:27:39.904-0700 [DEBUG] [aws-sdk-go] {"__type":"com.amazonaws.dynamodb.v20120810#ResourceNotFoundException","message":"Requested resource not found"}
2022-04-07T14:27:39.904-0700 [DEBUG] [aws-sdk-go] DEBUG: Validate Response dynamodb/GetItem failed, attempt 0/5, error ResourceNotFoundException: Requested resource not found
failed to lock s3 state: 2 errors occurred:
* ResourceNotFoundException: Requested resource not found
* ResourceNotFoundException: Requested resource not found
Benjamin Edwards
04/07/2022, 9:42 PMStephen Nelson
04/07/2022, 9:45 PMBenjamin Edwards
04/07/2022, 9:46 PMStephen Nelson
04/07/2022, 9:52 PM│ Error: Value for unconfigurable attribute
│
│ with aws_s3_bucket.osquery-results,
│ on <http://firehose.tf|firehose.tf> line 7, in resource "aws_s3_bucket" "osquery-results":
│ 7: resource "aws_s3_bucket" "osquery-results" { #tfsec:ignore:aws-s3-encryption-customer-key:exp:2022-07-01 #tfsec:ignore:aws-s3-enable-versioning #tfsec:ignore:aws-s3-enable-bucket-logging:exp:2022-06-15
│
│ Can't configure a value for "server_side_encryption_configuration": its value will be decided automatically based on the result of applying this configuration.
╵
Benjamin Edwards
04/07/2022, 11:56 PMLinda Zhou
04/08/2022, 12:42 AMStephen Nelson
04/08/2022, 3:09 AM