Getting below error while performing termination of the ec2 instance. We are using terraform in the backend.
Error: error deleting S3 Bucket (gvbgeomatics) Object (d07e597f9dc0a2a358/): error deleting at least one object version, last error: InvalidArgument: x-amz-bypass-governance-retention is only applicable to Object Lock enabled buckets.
status code: 400, request id: FWNEKDNZE1RWVCV3, host id: F88MB+5zHlazChy4UnG+LZJtPMJe7gKsrP+OFTsLlXufr74+RAcp4bPordUhquJoDIeHmFx3Rm8=
We suspended the versioning on the given bucket but still we are getting the same error. Due to above, all termination commands are failing.
Attached below the terraform script for your information:
ubuntu@ip-172-31-14-192:~/apps/nebula/current/terraform/1764$ cat main.tf
provider “aws” {
access_key = “XXXXX”
secret_key = “XXXXX”
region = “ap-south-1”
}
resource "aws_eip" "default" {
instance = aws_instance.wb.id
vpc = true
}
resource "aws_instance" "wb" {
ami = "ami-0f73962272cf4f0c8"
availability_zone = "ap-south-1b"
instance_type = "t3.large"
key_name = "nebula"
user_data = <<EOF
EOF
associate_public_ip_address = true
get_password_data = true
source_dest_check = false
root_block_device {
volume_type = "gp2"
volume_size = "100"
delete_on_termination = true
}
tags = {
Name = "webserver-603e3bb298a2438166"
}
}
provider "aws" {
access_key = "XXXXXX"
secret_key = "XXXXXX"
alias = "south"
region = "ap-south-1"
}
resource "aws_s3_bucket_object" "nebfolder" {
provider = aws.south
bucket = "gvbgeomatics"
acl = "private"
key = "603e3bb298a2438166/"
source = "/dev/null"
force_destroy = true
}
resource "aws_s3_bucket_public_access_block" "nebfolder" {
provider = aws.south
bucket = "gvbgeomatics"
block_public_acls = true
block_public_policy = true
}
resource "aws_iam_role" "role" {
provider = aws.south
name = "neb-role-603e3bb298a2438166"
assume_role_policy = <<EOF
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Principal”: {
“Service”: "storagegateway.amazonaws.com "
},
“Action”: “sts:AssumeRole”
}
]
}
EOF
}
resource “aws_iam_policy” “policy” {
name = “neb-pol-603e3bb298a2438166”
description = “A test policy”
policy = <<EOF
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [
“s3:GetAccelerateConfiguration”,
“s3:GetBucketLocation”,
“s3:GetBucketVersioning”,
“s3:ListBucket”,
“s3:ListBucketVersions”,
“s3:ListBucketMultipartUploads”
],
“Resource”: “arn:aws:s3:::gvbgeomatics/603e3bb298a2438166”,
“Effect”: “Allow”
},
{
“Action”: [
“s3:AbortMultipartUpload”,
“s3:DeleteObject”,
“s3:DeleteObjectVersion”,
“s3:GetObject”,
“s3:GetObjectAcl”,
“s3:GetObjectVersion”,
“s3:ListMultipartUploadParts”,
“s3:PutObject”,
“s3:PutObjectAcl”
],
“Resource”: “arn:aws:s3:::gvbgeomatics/603e3bb298a2438166/*”,
“Effect”: “Allow”
}
]
}
EOF
}
resource “aws_iam_role_policy_attachment” “test-attach” {
role = aws_iam_role.role.name
policy_arn = aws_iam_policy.policy.arn
}
output "instance_id" {
value = aws_instance.wb.id
}
output "public_ip" {
value = aws_eip.default.public_ip
}
output "password" {
value = rsadecrypt(aws_instance.wb.password_data, file("~/apps/nebula/shared//aws_pem/Asia Pacific (Mumbai)/nebula.pem"))
}
ubuntu@ip-172-31-14-192:~/apps/nebula/current/terraform/1764$
Also attached terraform state log for your information:
ubuntu@ip-172-31-14-192:~/apps/nebula/current/terraform/1765$ cat terraform.tfstate
{
“version”: 4,
“terraform_version”: “0.12.7”,
“serial”: 15,
“lineage”: “83d35af2-af27-aa24-6827-fa552430292a”,
“outputs”: {},
“resources”: [
{
“mode”: “managed”,
“type”: “aws_s3_bucket_object”,
“name”: “nebfolder”,
“provider”: “provider.aws .south”,
“instances”: [
{
“schema_version”: 0,
“attributes”: {
“acl”: “private”,
“bucket”: “gvbgeomatics”,
“bucket_key_enabled”: false,
“cache_control”: “”,
“content”: null,
“content_base64”: null,
“content_disposition”: “”,
“content_encoding”: “”,
“content_language”: “”,
“content_type”: “binary/octet-stream”,
“etag”: “d41d8cd98f00b204e9800998ecf8427e”,
“force_destroy”: true,
“id”: “5bda59e59d234f0bb3/”,
“key”: “5bda59e59d234f0bb3/”,
“kms_key_id”: null,
“metadata”: {},
“object_lock_legal_hold_status”: “”,
“object_lock_mode”: “”,
“object_lock_retain_until_date”: “”,
“server_side_encryption”: “”,
“source”: “/dev/null”,
“storage_class”: “STANDARD”,
“tags”: {},
“version_id”: “null”,
“website_redirect”: “”
}
}
]
}
]
}
ubuntu@ip-172-31-14-
Kindly do the needful.