Hi,
I have refactored our Terraform setup to use an assumed_role for all resources. The plan appears to be executing OK and refreshes a huge number of resources, but then gives an error saying AccessDenied.
Trace output of the end is below - I can find no reference the RequestID specified in the error so I don’t know what request has failed. Any idea what is going on here? There doesn’t seem enough information to understand the problem.
2022-01-21T18:46:08.103Z [TRACE] LoadSchemas: retrieving schema for provider type “Terraform Registry”
2022-01-21T18:46:08.103Z [TRACE] LoadSchemas: retrieving schema for provider type “Terraform Registry”
2022-01-21T18:46:08.103Z [TRACE] LoadSchemas: retrieving schema for provider type “Terraform Registry”
2022-01-21T18:46:08.103Z [TRACE] LoadSchemas: retrieving schema for provider type “Terraform Registry”
2022-01-21T18:46:08.103Z [TRACE] LoadSchemas: retrieving schema for provider type “terraform.io/builtin/terraform”
2022-01-21T18:46:08.385Z [INFO] backend/local: plan operation completed
╷
│ Warning: Argument is deprecated
│
│ with module.aggregator.module.service.module.codebuild.aws_codebuild_project.codebuild_module[0],
│ on .terraform/modules/aggregator/tf_mod_aws_codebuild_instance/codebuild.tf line 58, in resource “aws_codebuild_project” “codebuild_module”:
│ 58: auth {
│
│ Use the aws_codebuild_source_credential resource instead
│
│ (and 20 more similar warnings elsewhere)
╵
╷
│ Error: AccessDenied: Access Denied
│ status code: 403, request id: G3CETY0EGG7H99WH, host id: hiz714pNNdJ2x5z9kqOYonXZhsGPa2695vMENEvONG/L5riOIocqCfvKIuAkq6H7ipWjOSUh6ps=
│
│
╵
2022-01-21T18:46:08.387Z [DEBUG] [aws-sdk-go] DEBUG: Request dynamodb/GetItem Details:
—[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: dynamodb.eu-west-1.amazonaws.com
User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.1.0 aws-sdk-go/1.40.25 (go1.17.2; linux; amd64)
Content-Length: 177
Accept-Encoding: identity
Authorization: AWS4-HMAC-SHA256
Content-Type: application/x-amz-json-1.0
X-Amz-Date: 20220121T184608Z
X-Amz-Security-Token:
X-Amz-Target: DynamoDB_20120810.GetItem
{“ConsistentRead”:true,“Key”:{“LockID”:{“S”:“web-prod-eu-west-1-tf-state/envname/prod.tfstate”}},“ProjectionExpression”:“LockID, Info”,“TableName”:“web-prod-eu-west-1-tf-state”}
2022-01-21T18:46:08.693Z [DEBUG] [aws-sdk-go] DEBUG: Response dynamodb/GetItem Details:
—[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Content-Length: 352
Content-Type: application/x-amz-json-1.0
Date: Fri, 21 Jan 2022 18:46:08 GMT
Server: Server
X-Amz-Crc32: 662840195
X-Amzn-Requestid: 4UJEMLNMHD28BCNLIP72F2E4MBVV4KQNSO5AEMVJF66Q9ASUAAJG
2022-01-21T18:46:08.693Z [DEBUG] [aws-sdk-go] {“Item”:{“LockID”:{“S”:“web-prod-eu-west-1-tf-state/envname/prod.tfstate”},“Info”:{“S”:"{“ID”:“0b2c0c5e-4515-ea66-4c55-68942259c959”,“Operation”:“OperationTypePlan”,“Info”:"",“Who”:“matt@Access-9FVN5G3”,“Version”:“1.1.0”,“Created”:“2022-01-21T18:45:06.6103117Z”,“Path”:“web-prod-eu-west-1-tf-state/envname/prod.tfstate”}"}}}
2022-01-21T18:46:08.694Z [DEBUG] [aws-sdk-go] DEBUG: Request dynamodb/DeleteItem Details:
—[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: dynamodb.eu-west-1.amazonaws.com
User-Agent: APN/1.0 HashiCorp/1.0 Terraform/1.1.0 aws-sdk-go/1.40.25 (go1.17.2; linux; amd64)
Content-Length: 117
Accept-Encoding: identity
Authorization: AWS4-HMAC-SHA256
Content-Type: application/x-amz-json-1.0
X-Amz-Date: 20220121T184608Z
X-Amz-Security-Token:
X-Amz-Target: DynamoDB_20120810.DeleteItem
{“Key”:{“LockID”:{“S”:“web-prod-eu-west-1-tf-state/envname/prod.tfstate”}},“TableName”:“web-prod-eu-west-1-tf-state”}
Releasing state lock. This may take a few moments…
2022-01-21T18:46:09.099Z [DEBUG] [aws-sdk-go] DEBUG: Response dynamodb/DeleteItem Details:
—[ RESPONSE ]--------------------------------------
HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Content-Type: application/x-amz-json-1.0
Date: Fri, 21 Jan 2022 18:46:08 GMT
Server: Server
X-Amz-Crc32: 2745614147
X-Amzn-Requestid: MLV0SPIMHIUG4SM2VFPHA3FFUVVV4KQNSO5AEMVJF66Q9ASUAAJG
2022-01-21T18:46:09.099Z [DEBUG] [aws-sdk-go] {}
2022-01-21T18:46:09.108Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err=“rpc error: code = Unavailable desc = transport is closing”
2022-01-21T18:46:09.108Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err=“rpc error: code = Unavailable desc = transport is closing”
2022-01-21T18:46:09.108Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err=“rpc error: code = Unavailable desc = transport is closing”
2022-01-21T18:46:09.108Z [DEBUG] provider.stdio: received EOF, stopping recv loop: err=“rpc error: code = Unavailable desc = transport is closing”