terraform-github-actions
terraform-github-actions copied to clipboard
dflook
Lack of S3 Credentials when using Plan action, cannot replicate locally on the same EC2 instance.
Problem description
When running the plan action, as of Dec 1st, w/ no changes to either our IAM role permissions or the workflow file, our Plan action has started failing w/
Initializing the backend...
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
When trying to run the same actions locally we run into no errors, and instead are given the correct plan output.
We've tried to copy up config files into the .aws directory, as well as double checking all IAM roles to ensure access should completely fine, and still the error persists.
This is run on a self-hosted Amazon Linux 2 EC2 instance through Github Actions.
Terraform version
1.3.6
Backend
No response
Workflow YAML
terraform_plan:
environment: Github Actions
name: Terraform Plan QA
runs-on: QARunner
needs: terraform_format
strategy:
fail-fast: false
matrix:
region: [ "us-east-1", "eu-west-1", "ap-southeast-2", "ca-central-1", "ap-northeast-1", "global" ]
steps:
- uses: actions/checkout@v3
name: Checkout Repo
- name: terraform plan
uses: dflook/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.KS_ACCESS_TOKEN }}
TERRAFORM_PRE_RUN: |
echo ${{ secrets.KSM_CONFIG }} > config.txt
base64 -d config.txt > .terraform.config.json
mv .terraform.config.json ~/.terraform.config.json
with:
path: ./terraform/environments/commercial/${{ matrix.region }}/qa
Workflow log
Initializing the backend...
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Please set the ACTIONS_STEP_DEBUG secret to true and run the job again.
When was the last time this worked and what version of the action were you using? How are you providing the aws credentials to your runner?
I will rerun with debug true in about 8 hours.
It last worked on Nov 30th, and we are using latest. We did see you pushed an update on the first but we also tried using the pinned 1.3.0 version. We normally have it marked as v1 to use your latest patch.
We provide aws credentials via IAM roles and a config file located in .aws/config that demotes profiles to use
##[debug] TF_WORKSPACE=default terraform init -input=false $INIT_ARGS
Initializing modules...
Initializing the backend...
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
│
│
│
╵
Basically the same logging output. I've taken out the individual terraform directories that successfully initialized