Terraform Plan Action failing on tf version 1.6.x showing S3 403 permission error
acollado2-cambridge opened this issue · comments
Problem description
Terraform plan is failing when using version 1.6 and above.
When switching back to 1.5.x, it is working.
S3 permission includes:
- s3:ListBucket
- s3:PutObject
- s3:GetObject
- s3:DeleteObject
Terraform version
1.6.0 to 1.6.2
Backend
s3
Workflow YAML
plan:
needs: [validate]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{env.AWS_IAM_ROLE}}
role-session-name: ${{env.AWS_STS_NAME}}
aws-region: ${{env.AWS_DEFAULT_REGION}}
- name: Terraform Plan
uses: dflook/terraform-plan@v1
id: plan
continue-on-error: true
with:
path: ${{env.WORKING_DIR}}Workflow log
Initializing Terraform
##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
Initializing the backend...
╷
│ Error: Failed to get existing workspaces: Unable to list objects in S3 bucket "somestatebucket.s3.org": operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: S2B9RSM5QG9B58N5, HostID: JBPEwp7h38zZqBhRXQiUd+cEWsnf/VlW3P/KICJhaXnISsR/M1QmxRdd8dG0acdgz0BTsDez3xQ=, api error AccessDenied: Access Denied
│
│
╵
##[debug]ls -la /github/workspace:total 28
##[debug]ls -la /github/workspace:drwxr-xr-x 5 1001 127 4096 Oct 26 09:02 .
##[debug]ls -la /github/workspace:drwxr-xr-x 6 root root 4096 Oct 26 09:02 ..
##[debug]ls -la /github/workspace:drwxr-xr-x 8 1001 127 4096 Oct 26 09:02 .git
##[debug]ls -la /github/workspace:drwxr-xr-x 3 1001 127 4096 Oct 26 09:02 .github
##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001 127 918 Oct 26 09:02 .gitignore
##[debug]ls -la /github/workspace:-rw-r--r-- 1 1001 127 67 Oct 26 09:02 README.md
##[debug]ls -la /github/workspace:drwxr-xr-x 11 1001 127 4096 Oct 26 09:02 newrelic
##[debug]ls -la /github/home:total 16
##[debug]ls -la /github/home:drwxr-xr-x 4 1001 127 4096 Oct 26 09:02 .
##[debug]ls -la /github/home:drwxr-xr-x 6 root root 4096 Oct 26 09:02 ..
##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Oct 26 09:02 .dflook-terraform-github-actions
##[debug]ls -la /github/home:-rw-r--r-- 1 1001 127 0 Oct 26 09:02 .netrc
##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Oct 26 09:02 .terraform.d
##[debug]ls -la /github/home:-rw-r--r-- 1 1001 127 0 Oct 26 09:02 .terraformrc
##[debug]ls -la /github/home/.dflook-terraform-github-actions:total 12
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 3 1001 127 4096 Oct 26 09:02 .
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 4 1001 127 4096 Oct 26 09:02 ..
##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 2 1001 127 4096 Oct 26 09:02 terraform-bin-dir
##[debug]ls -la /github/home/.terraform.d:total 12
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 3 1001 127 4096 Oct 26 09:02 .
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 4 1001 127 4096 Oct 26 09:02 ..
##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 2 1001 127 4096 Oct 26 09:02 plugin-cache
##[debug]Docker Action run completed with exit code 1
##[debug]Finishing: Terraform PlanHas debug logging been enabled?
- Yes, the
ACTIONS_STEP_DEBUGsecret was set totruewhen capturing the workflow log above.