Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

An argument named "source_policy_documents" is not expected here. #80

Closed
bryantbiggs opened this issue Apr 9, 2021 · 4 comments
Closed

An argument named "source_policy_documents" is not expected here. #80

bryantbiggs opened this issue Apr 9, 2021 · 4 comments

Comments

@bryantbiggs
Copy link
Member

Description

Starting with v1.23 and #77, there is an issue with the secure transport policy as see below:

Error: Unsupported argument

  on .terraform/modules/dynamodb_backup.secondary_dynamodb_backup_bucket/main.tf line 247, in data "aws_iam_policy_document" "combined":
 247:   source_policy_documents = compact([

An argument named "source_policy_documents" is not expected here.

Versions

  • Terraform:
    0.14.9
  • Provider(s):
    3.36.0
  • Module:
    1.23/1.24

Reproduction

Steps to reproduce the behavior:

Code Snippet to Reproduce

data "aws_iam_policy_document" "service_reports_artifact_bucket" {
  statement {
    sid    = "DenyNonSecureTransport"
    effect = "Deny"
    actions = [
      "s3:*"
    ]

    resources = [
      module.service_reports_artifact_bucket.this_s3_bucket_arn,
      "${module.service_reports_artifact_bucket.this_s3_bucket_arn}/*",
    ]

    principals {
      type        = "AWS"
      identifiers = ["*"]
    }

    condition {
      test     = "Bool"
      variable = "aws:SecureTransport"
      values = [
        "false"
      ]
    }
  }
}

module "service_reports_artifact_bucket" {
  source  = "terraform-aws-modules/s3-bucket/aws"
  version = "~> 1.22"

  bucket = "service-reports-artifacts-something-random"

  attach_policy = true
  policy        = data.aws_iam_policy_document.service_reports_artifact_bucket.json

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true

  server_side_encryption_configuration = {
    rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }

  lifecycle_rule = [
    {
      id      = "all"
      enabled = true

      expiration = {
        days = 30
      }

      noncurrent_version_expiration = {
        days = 5
      }
    }
  ]

  tags = module.tags.tags
}

Expected behavior

  • bucket should be provisioned without issue

Actual behavior

  • see above
@antonbabenko
Copy link
Member

I see that source_policy_documents was added in v3.28.0 of Terraform AWS provider, so we need to update versions.tf in the module (I will make a PR now), but if you have 3.36.0 already it should not be a problem.

Could you double-check that you are not using a version older than 3.28.0?

@antonbabenko antonbabenko mentioned this issue Apr 10, 2021
Merged
@antonbabenko
Copy link
Member

v1.25.0 has been just released. Please give it a try.

@bryantbiggs
Copy link
Member Author

ah yes, this was my bad - one project is pinned to v3.20 and this was that one project. all good, thanks @antonbabenko !

@github-actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 29, 2022
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antonbabenko @bryantbiggs