I'm using a module from a 3rd party vendor. The source is a public S3 bucket, used as a HTTP repository.
The module is public: testing with curl and wget I can download it without credentials.
But using Terragrunt, I see the URL is resolved using the s3::https protocol, so it's failing asking for the credentials.
Here the code:
terraform {
source = "https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip"
}
inputs = {
integration_type = <redacted_value>
cloudtrail_bucket_arn = <redacted_value>
cloudtrail_kms_arn = <redacted_value>
wiz_access_role_arn = <redacted_value>
}
When running the plan, I get:
INFO[0000] Downloading Terraform configurations from s3::https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip into /Users/marco/.terragrunt-cache/bj1DtPSzfD2L7xtoscLsClD9TJ4/J5rSBBFtvLMrstC7CVu_4ibhzvo
ERRO[0005] downloading source url s3::https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip
1 error occurred:
* NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
SharedCredsAccessKey: shared credentials ... in /Users/marco/.aws/credentials did not contain aws_access_key_id
EC2RoleRequestError: no EC2 instance role found
caused by: RequestError: send request failed
I'm expecting that Terragrunt download the module using the HTTPS protocol, instead of "redirecting" to s3::https protocol. But, as you can see, Terragrunt downloads the module using s3::https protocol.
Generic info:
To apply the changes in AWS, I'm using the AWS SSO and the CLI profile, so I don't have neither the AWS_ACCESS_KEY_ID/AWS_ACCESS_KEY exported, nor the credentials file in ~/.aws/credentials
It was a bug.
Resolved upgrading to Terragrunt v0.58.8