dflook / terraform-github-actions

GitHub actions for terraform

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Terraform Plan Action failing on tf version 1.6.x showing S3 403 permission error

acollado2-cambridge opened this issue · comments

Problem description

Terraform plan is failing when using version 1.6 and above.

When switching back to 1.5.x, it is working.

S3 permission includes:

  • s3:ListBucket
  • s3:PutObject
  • s3:GetObject
  • s3:DeleteObject

Terraform version

1.6.0 to 1.6.2

Backend

s3

Workflow YAML

plan:
    needs: [validate]
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{env.AWS_IAM_ROLE}}
          role-session-name: ${{env.AWS_STS_NAME}}
          aws-region: ${{env.AWS_DEFAULT_REGION}}

      - name: Terraform Plan
        uses: dflook/terraform-plan@v1
        id: plan
        continue-on-error: true
        with:
          path: ${{env.WORKING_DIR}}

Workflow log

Initializing Terraform
  ##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
  
  Initializing the backend...
  ╷
  │ Error: Failed to get existing workspaces: Unable to list objects in S3 bucket "somestatebucket.s3.org": operation error S3: ListObjectsV2, https response error StatusCode: 403, RequestID: S2B9RSM5QG9B58N5, HostID: JBPEwp7h38zZqBhRXQiUd+cEWsnf/VlW3P/KICJhaXnISsR/M1QmxRdd8dG0acdgz0BTsDez3xQ=, api error AccessDenied: Access Denied
  │ 
  │ 
  ╵
  
  ##[debug]ls -la /github/workspace:total 28
  ##[debug]ls -la /github/workspace:drwxr-xr-x  5 1001  127 4096 Oct 26 09:02 .
  ##[debug]ls -la /github/workspace:drwxr-xr-x  6 root root 4096 Oct 26 09:02 ..
  ##[debug]ls -la /github/workspace:drwxr-xr-x  8 1001  127 4096 Oct 26 09:02 .git
  ##[debug]ls -la /github/workspace:drwxr-xr-x  3 1001  127 4096 Oct 26 09:02 .github
  ##[debug]ls -la /github/workspace:-rw-r--r--  1 1001  127  918 Oct 26 09:02 .gitignore
  ##[debug]ls -la /github/workspace:-rw-r--r--  1 1001  127   67 Oct 26 09:02 README.md
  ##[debug]ls -la /github/workspace:drwxr-xr-x 11 1001  127 4096 Oct 26 09:02 newrelic
  ##[debug]ls -la /github/home:total 16
  ##[debug]ls -la /github/home:drwxr-xr-x 4 1001  127 4096 Oct 26 09:02 .
  ##[debug]ls -la /github/home:drwxr-xr-x 6 root root 4096 Oct 26 09:02 ..
  ##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Oct 26 09:02 .dflook-terraform-github-actions
  ##[debug]ls -la /github/home:-rw-r--r-- 1 1001  127    0 Oct 26 09:02 .netrc
  ##[debug]ls -la /github/home:drwxr-xr-x 3 root root 4096 Oct 26 09:02 .terraform.d
  ##[debug]ls -la /github/home:-rw-r--r-- 1 1001  127    0 Oct 26 09:02 .terraformrc
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:total 12
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 3 1001 127 4096 Oct 26 09:02 .
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 4 1001 127 4096 Oct 26 09:02 ..
  ##[debug]ls -la /github/home/.dflook-terraform-github-actions:drwxr-xr-x 2 1001 127 4096 Oct 26 09:02 terraform-bin-dir
  ##[debug]ls -la /github/home/.terraform.d:total 12
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 3 1001 127 4096 Oct 26 09:02 .
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 4 1001 127 4096 Oct 26 09:02 ..
  ##[debug]ls -la /github/home/.terraform.d:drwxr-xr-x 2 1001 127 4096 Oct 26 09:02 plugin-cache
  ##[debug]Docker Action run completed with exit code 1
  ##[debug]Finishing: Terraform Plan

Has debug logging been enabled?

  • Yes, the ACTIONS_STEP_DEBUG secret was set to true when capturing the workflow log above.