terraformterragrunt

Terragrunt/Terraform issue with public S3 bucket HTTPS module source


I'm using a module from a 3rd party vendor. The source is a public S3 bucket, used as a HTTP repository. The module is public: testing with curl and wget I can download it without credentials. But using Terragrunt, I see the URL is resolved using the s3::https protocol, so it's failing asking for the credentials.

Here the code:

terraform {
  source = "https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip"
}

inputs = {
  integration_type      = <redacted_value>
  cloudtrail_bucket_arn = <redacted_value>
  cloudtrail_kms_arn    = <redacted_value>
  wiz_access_role_arn   = <redacted_value>
}

When running the plan, I get:

INFO[0000] Downloading Terraform configurations from s3::https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip into /Users/marco/.terragrunt-cache/bj1DtPSzfD2L7xtoscLsClD9TJ4/J5rSBBFtvLMrstC7CVu_4ibhzvo
ERRO[0005] downloading source url s3::https://s3-us-east-2.amazonaws.com/wizio-public/deployment-v2/aws/wiz-aws-cloud-events-terraform-module.zip
1 error occurred:
    * NoCredentialProviders: no valid providers in chain
caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment
SharedCredsAccessKey: shared credentials ... in /Users/marco/.aws/credentials did not contain aws_access_key_id
EC2RoleRequestError: no EC2 instance role found
caused by: RequestError: send request failed

I'm expecting that Terragrunt download the module using the HTTPS protocol, instead of "redirecting" to s3::https protocol. But, as you can see, Terragrunt downloads the module using s3::https protocol.

Generic info:

To apply the changes in AWS, I'm using the AWS SSO and the CLI profile, so I don't have neither the AWS_ACCESS_KEY_ID/AWS_ACCESS_KEY exported, nor the credentials file in ~/.aws/credentials


Solution

  • It was a bug.
    Resolved upgrading to Terragrunt v0.58.8