An argument named "source_policy_documents" is not expected here.
bryantbiggs opened this issue · comments
Description
Starting with v1.23 and #77, there is an issue with the secure transport policy as see below:
Error: Unsupported argument
on .terraform/modules/dynamodb_backup.secondary_dynamodb_backup_bucket/main.tf line 247, in data "aws_iam_policy_document" "combined":
247: source_policy_documents = compact([
An argument named "source_policy_documents" is not expected here.
Versions
- Terraform:
0.14.9 - Provider(s):
3.36.0 - Module:
1.23/1.24
Reproduction
Steps to reproduce the behavior:
Code Snippet to Reproduce
data "aws_iam_policy_document" "service_reports_artifact_bucket" {
statement {
sid = "DenyNonSecureTransport"
effect = "Deny"
actions = [
"s3:*"
]
resources = [
module.service_reports_artifact_bucket.this_s3_bucket_arn,
"${module.service_reports_artifact_bucket.this_s3_bucket_arn}/*",
]
principals {
type = "AWS"
identifiers = ["*"]
}
condition {
test = "Bool"
variable = "aws:SecureTransport"
values = [
"false"
]
}
}
}
module "service_reports_artifact_bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "~> 1.22"
bucket = "service-reports-artifacts-something-random"
attach_policy = true
policy = data.aws_iam_policy_document.service_reports_artifact_bucket.json
block_public_acls = true
block_public_policy = true
ignore_public_acls = true
restrict_public_buckets = true
server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}
lifecycle_rule = [
{
id = "all"
enabled = true
expiration = {
days = 30
}
noncurrent_version_expiration = {
days = 5
}
}
]
tags = module.tags.tags
}
Expected behavior
- bucket should be provisioned without issue
Actual behavior
- see above
I see that source_policy_documents
was added in v3.28.0 of Terraform AWS provider, so we need to update versions.tf
in the module (I will make a PR now), but if you have 3.36.0 already it should not be a problem.
Could you double-check that you are not using a version older than 3.28.0?
v1.25.0 has been just released. Please give it a try.
ah yes, this was my bad - one project is pinned to v3.20 and this was that one project. all good, thanks @antonbabenko !
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.