Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

failed getting S3 bucket policy: couldn't find resource #32453

Open
jorge-gonzalez-webbeds opened this issue Jul 11, 2023 · 6 comments
Open

failed getting S3 bucket policy: couldn't find resource #32453

jorge-gonzalez-webbeds opened this issue Jul 11, 2023 · 6 comments
Labels
service/s3 Issues and PRs that pertain to the s3 service.

Comments

@jorge-gonzalez-webbeds
Copy link

Description

I am trying to get the policy of a s3 bucket with this data:

resource "aws_s3_bucket" "this" {
  bucket = var.bucket_name
}

data "aws_s3_bucket_policy" "this" {
  bucket = aws_s3_bucket.this.id
}

To do this, I first import the bucket because that bucket already exists. The case may be that this bucket does not have any policy and when I try to get the policy I get the error that it could not get it. My idea was to take the policy with the resource of S3 and if it existed to make the data, but it jumps me that this attribute is deprecated. So I propose that in the case that the data of the policy of the s3 does not exist, it should return null and not to jump an error.

Error:
Planning failed. Terraform encountered an error while generating this plan.


│ Error: failed getting S3 bucket policy (BUCKET_NAME): couldn't find resource

│ with module.source_bucket["BUCKET_NAME"].data.aws_s3_bucket_policy.this,
│ on modules/s3-bucket-configuration/aws_s3.tf line 65, in data "aws_s3_bucket_policy" "this":
│ 65: data "aws_s3_bucket_policy" "this" {

References

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket_policy
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket#policy

Would you like to implement a fix?

None
@jorge-gonzalez-webbeds jorge-gonzalez-webbeds added the needs-triage Waiting for first response or review from a maintainer. label Jul 11, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/s3 Issues and PRs that pertain to the s3 service. label Jul 11, 2023
@justinretzolk
Copy link
Member

Hey @jorge-gonzalez-webbeds 👋 Can you give me a better idea of your use case? I'm not sure that I follow what you're attempting to accomplish with your use case.

@justinretzolk justinretzolk added waiting-response Maintainers are waiting on response from community or contributor. and removed needs-triage Waiting for first response or review from a maintainer. labels Jul 11, 2023
@github-actions github-actions bot removed the waiting-response Maintainers are waiting on response from community or contributor. label Jul 11, 2023
@jorge-gonzalez-webbeds
Copy link
Author

Hii! @justinretzolk What I have done is to create a module to configure a bucket as I want, this configuration tries to apply a policy to be able to access to that bucker and enable the bucket. But the problem is that there are buckets that already exist and I should not change the policy that already exists. So in that module, I add a statement to that policy that already exists to not change the initial configuration. In the case that it does not have only, I add the new one.

@justinretzolk
Copy link
Member

@jorge-gonzalez-webbeds Are you able to supply a sample Terraform configuration and steps to reproduce? I think that would help me to get a better idea of what you're attempting; unfortunately, I'm still not quite following, but would love to help.

@jorge-gonzalez-webbeds
Copy link
Author

jorge-gonzalez-webbeds commented Jul 13, 2023
edited
Loading

Hello @justinretzolk, the project it's so big. I give you a piece of the code.

resource "aws_s3_bucket" "this" {
  bucket = var.bucket_name
}

data "aws_s3_bucket_policy" "this" {
  count  = var.has_policy ? 1 : 0
  bucket = aws_s3_bucket.this.id
}

resource "aws_s3_bucket_policy" "this" {
  count = var.arn_iam_role_allow_access != "" ? 1 : 0

  bucket = aws_s3_bucket.this.id

  policy = jsonencode({
    "Version" : "2012-10-17",
    "Statement" : distinct(
      concat(
        can(data.aws_s3_bucket_policy.this[count.index].policy) ? jsondecode(
          data.aws_s3_bucket_policy.this[count.index].policy
        )["Statement"] : [],
        local.s3_bucket_policy["Statement"]
      )
    )
  })
}

Think about the case that you do not have the variable var.has_policy and you import an aws_s3_bucket with a policy. The data resource I run I get the error that it cannot find the resource. I didn't want to make use of the var.has_policy variable. So I suggested that this one, if not found, return null.

@el-chazmo
Copy link

This issue was meant to be resolved in v5.19 but I'm still facing this today.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
service/s3 Issues and PRs that pertain to the s3 service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@el-chazmo @justinretzolk @jorge-gonzalez-webbeds