Upgrading Terraform image to v1.7.1 from v1.5.7

[snippzzy]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Question

I am currently upgrading my Terraform version but I am having issues with the upgrade as it seems to be trying to authenticate to AWS S3 bucket, despite the fact that I'm referring to IBM COS Bucket as my Statefile storage backend (s3). Can I no longer use COS Bucket to store my Terraform backend, or how do I proceed to continue to store use COS Bucket for my backend? In the case that this is not feasible, what other options do I have for storing my Statefiles in IBM cloud and how do I configure this? Thanks

New or Affected Resource(s) or Datasource(s)

• ibm_cos_bucket

Potential Terraform Configuration

Here is my terraform provider code base:

provider "ibm" {
  ibmcloud_api_key = var.api_key
  region = var.REGION
}

terraform {
  backend "s3" {
    bucket                      = "terraform-state-ibm"
    key                         = "XXXXX"
    region                      = "eu-gb"
    skip_region_validation      = true
    skip_credentials_validation = true
    skip_metadata_api_check     = true
    encrypt                     = true
    endpoint                    = "https://s3.private.eu-gb.cloud-object-storage.appdomain.cloud"
    access_key                  = "insert_first_key"
    secret_key                  = "insert_second_key"
  }
  required_version = ">=1.5.7"
  required_providers {
    ibm = {
      source = "IBM-Cloud/ibm"
      version = ">=1.58.1"
    }
  }
}

References

I get this error:

│ Warning: Deprecated Parameter
│
│ on provider.tf line 15, in terraform:
│ 15: endpoint = "https://s3.private.eu-gb.cloud-object-storage.appdomain.cloud/"
│
│ The parameter "endpoint" is deprecated. Use parameter "endpoints.s3"
│ instead.
╵
╷
│ Error: Retrieving AWS account details: AWS account ID not previously found and failed retrieving via all available methods.
│
│ See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications.
│ Errors: 2 errors occurred:
│ * retrieving caller identity from STS: operation error STS: GetCallerIdentity, exceeded maximum number of attempts, 5, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts.eu-gb.amazonaws.com/": Service Unavailable
│ * retrieving account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: dd47c937-3a37-421b-9332-33d6b987b642, api error InvalidClientTokenId: The security token included in the request is invalid.
│
│
│
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: command terminated with exit code 1

• #0000

[IBM-diksha]

We are looking into this one @snippzzy we will get back to you on this.
Thank you.

[IBM-diksha]

Hi @snippzzy the code that you shared is to use s3 bucket as a terraform backend -
https://developer.hashicorp.com/terraform/language/backend/s3
Please follow the above syntax and the credentials accordingly to use s3 bucket as a backend.
In case you intend to use a cos bucket to use as a backend please following the documentation here -
https://developer.hashicorp.com/terraform/language/backend/cos.

eg :

terraform {
  backend "cos" {
    region = "us-south"
    bucket = "bucket-name"
    prefix = "terraform/state"
  }
}

Let us know if this resolves the issue.
Thank you

[snippzzy]

This didn't solve my problem as I currently use IBM cloud provider. The information provided was for AWS S3 Bucket and Tencent COS Bucket, I need assistance for IBM cloud object storage.

Thanks

[IBM-diksha]

Hi @snippzzy this is the code snippet that tried and it worked for me even with the latest IBM COS terraform provider -

 backend "s3" {
    bucket                      = "COS-bucket-name"
    key                         = "key-name"
    region                      = "us-south"
    endpoint                    = "s3.us-south.cloud-object-storage.appdomain.cloud"
    access_key =  "cos-access-key"
    secret_key = "cos-secret-key"
    skip_region_validation = true
    skip_credentials_validation = true
  }

There were no changes made related to this and one can still use COS as backend indirectly by using s3 api.
Please make sure that the credentials are for COS and are still valid.
Also I see that you are using private endpoint , is that a requirement if yes are you using the IBM private network to connect to cos?
Thank you.