terragrunt icon indicating copy to clipboard operation
terragrunt copied to clipboard

Published 20 hours ago verified publisher icon gruntwork-io

Warning of S3 state encryption when skip_bucket_ssencryption is set to true

Open guidodobboletta opened this issue 1 year ago • 2 comments

I'm getting this warning on my CLI

WARN[0000] Encryption is not enabled on the S3 remote state bucket REDACTED. Terraform state files may contain secrets, so we STRONGLY recommend enabling encryption!

I have these settings in my remote backend block

remote_state {
  backend = "s3"
  config = {
    bucket                   = "redacted"
    key                      = "tfstate"
    region                   = "redacted"
    encrypt                  = false
    skip_bucket_ssencryption = true
    skip_bucket_root_access  = true
    skip_bucket_enforced_tls = true
  }
}

versions:

terragrunt version v0.38.6
Terraform v1.2.6 on linux_amd64

Is there any other way to disable this warning for every terragrunt command I run?

guidodobboletta avatar Aug 04 '22 20:08 guidodobboletta

Hi, looks like the message is set to be printed if encryption is not enabled: https://github.com/gruntwork-io/terragrunt/blob/master/remote/remote_state_s3.go#L361

denis256 avatar Aug 05 '22 08:08 denis256

Yes I saw that but can we add a way to remove the warning? If I'm purposely enabling skip_bucket_ssencryption I shouldn't get a warning message anyway

guidodobboletta avatar Aug 05 '22 17:08 guidodobboletta

@denis256 there is an open PR to address this, may you please review?

kaden-l-nelson avatar Apr 02 '24 18:04 kaden-l-nelson

Fix released in https://github.com/gruntwork-io/terragrunt/releases/tag/v0.56.2

denis256 avatar Apr 04 '24 18:04 denis256