[Bug]: aws_inspector2_enabler breaks plans after being added to an AWS Organization #27639
Labels
bug
Addresses a defect in current functionality.
service/inspector2
Issues and PRs that pertain to the inspector2 service.
Milestone
Terraform Core Version
1.2.2
AWS Provider Version
4.37.0
Affected Resource(s)
aws_inspector2_enabler
Expected Behavior
After enabling Inspector v2 on an AWS account, and being added to a parent AWS Organization, plans should not error out.
Actual Behavior
When an AWS Organization is enforcing Inspector v2 usage, plans error out when the AWS provider attempts to POST to the AWS API's
disable
endpoint, which is used to determine whether or not Inspector v2 is enabled in the absence of adescribe
orlist
endpoint.Relevant code: https://github.com/hashicorp/terraform-provider-aws/pull/27505/files#diff-f2a05e84be3d8209f9d0b950b86986849f406e44b9dff33d5ea60c212aba7c81R260
Despite not actually trying to disable Inspector v2, the post to the
disable
endpoint is apparently being disallowed by policy in the AWS Organization.Relevant Error/Panic Output Snippet
Terraform Configuration Files
Steps to Reproduce
Add the account with Inspector v2 enabled to an AWS Organization on another account (for the purpose of aggregating Inspector findings).
Run a plan on the child account.
Debug Output
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
No
The text was updated successfully, but these errors were encountered: