Giters

terraform-aws-modules / terraform-aws-s3-bucket

Terraform module to create AWS S3 resources 🇺🇦

Home Page:https://registry.terraform.io/modules/terraform-aws-modules/s3-bucket/aws

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Tags are not applying correctly.

mmclane opened this issue · comments

commented

Description

I am trying to write a terraform module that calls the terraform-asws-modules/s3-bucket/aws module v3.15.1. If I specify a map for tags they will be shown in the plan as being needed to be added but when I run terraform apply, they won't actually get applied even though the terraform apply command runs successfully.

> terraform plan
...
 # module.s3_bucket["dn-rundeck-logs"].aws_s3_bucket.this[0] will be updated in-place
  ~ resource "aws_s3_bucket" "this" {
        id                          = "dn-rundeck-logs"
      ~ tags                        = {
          + "Attribution"         = "rnd"
          + "GitRepo"             = "infra-configs"
          + "Layer"               = "--"
          + "ManagedBy"           = "terraform"
          + "Product_Feature"     = "--"
          + "Project"             = "-"
          + "Stack"               = ""
          + "env0_environment_id" = ""
          + "env0_project_id"     = ""
        }
      ~ tags_all                    = {} -> (known after apply)
        # (9 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

I have gotten the tags to apply by specifying them in the aws provider (something I didn't know you could do until yesterday) but that isn't working consistently either. When I do this the tags are specified under tags_all and they will get applied but later they will get wiped out for some reason.

In the past we have used version 2.11.1 of this module and we didn't have these issues.

  • ✋ I have searched the open/closed issues and my issue is not listed.

I have seen similar issues but they are closed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]: 3.15.1

  • Terraform version: 1.5.5

  • Provider version(s): 5.31.0

Reproduction Code [Required]

Steps to reproduce the behavior:

I am using a workspace.
I have cleared the local cache

Steps to repro the issue:

  • specify tags
  • run terraform plan/apply and see that the tags need to be updated
  • run terraform apply successfully
  • run terraform plan again to see that the tags still need to be applied.

The following is how I am calling the module:

module "s3_bucket" {
  for_each                 = toset(var.buckets)
  source                   = "terraform-aws-modules/s3-bucket/aws"
  version                  = "3.15.1"
  force_destroy            = var.force_destroy
  bucket                   = each.value

  # Block public access
  block_public_policy      = var.includes_customer_data || var.block_public ? true : var.block_public

  # encryption stuff.
  allowed_kms_key_arn                    = var.includes_customer_data || var.enable_encryption ? var.kms_key_arn : ""
  server_side_encryption_configuration   = var.includes_customer_data || var.enable_encryption ? local.server_side_encryption_config : {}

  versioning = {
    enabled = var.versioning
  }

  tags = module.common-config.common_tags
}

Expected behavior

Tags are applied correctly.

Actual behavior

Tags are not applied even though the terraform apply says it was successful

Terminal Output Screenshot(s)

See above

Additional context

commented

I am doing some further testing.

If I set tags to the following:

tags = {test1 = "test1", test2= "test2"}

Everything works as expected. I normally pull my tags from a component module that builds a standard set of common tags for all of our resources. If I output those tags I get a valid map of tags. Everything seems like it will apply correctly but it doesn't. The weirdest part is that I have done this technique MANY times including with an older version of this module.

The following is what my common-config module tries to set for the tags.

 ~ resource "aws_s3_bucket" "this" {
        id                          = "dn-rundeck-logs"
      ~ tags                        = {
          + "Attribution"         = "rnd"
          + "GitRepo"             = "infra-configs"
          + "Layer"               = "--"
          + "ManagedBy"           = "terraform"
          + "Product_Feature"     = "--"
          + "Project"             = "-"
          + "Stack"               = ""
          + "env0_environment_id" = ""
          + "env0_project_id"     = ""
        }
      ~ tags_all                    = {} -> (known after apply)
        # (9 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }
commented

If I remove values with empty values It seems to apply correctly.

I removed those values by setting a local as follows and then setting tags=local.tags

 tags = {
    for tag, value in module.common-config.common_tags:
    tag => value if value != ""
  }