terraform-aws-next-js icon indicating copy to clipboard operation
terraform-aws-next-js copied to clipboard

Published 20 hours ago verified publisher icon milliHQ

[0.13.2] S3 Put Authentication Error

Open Jake-RoundrockIO opened this issue 2 years ago • 5 comments

When attempting to deploy using v0.13.2, Everything seems to go well until module.tf_next.module.statics_deploy.null_resource.static_s3_upload, which fails with a 403.

│ Error: local-exec provisioner error │ │ with module.tf_next.module.statics_deploy.null_resource.static_s3_upload[0], │ on .terraform/modules/tf_next/modules/statics-deploy/main.tf line 275, in resource "null_resource" "static_s3_upload": │ 275: provisioner "local-exec" { │ │ Error running command './s3-put -r us-east-1 -T /home/<...>/.next-tf/static-website-files.zip │ /<bucket-name>/static-website-files.zip': exit status 22. Output:
│ % Total % Received % Xferd Average Speed Time Time Current Dload Upload Total Spent Left Speed │ 0 2867k 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 │ curl: (22) The requested URL returned error: 403

When running the script itself (s3-put) with the --debug flag it informs me:

The request signature we calculated does not match the signature you provided. Check your key and signing method.

I have verified that the correct AWS profile creds are exposed as environment variables and that the profile has the correct permissions to create objects in an S3 bucket, tested via the aws CLI.

Jake-RoundrockIO avatar Jun 20 '22 15:06 Jake-RoundrockIO

Okay, this seems odd. The S3 upload script really is the Achilles' heel of this module (That's why it is also removed in the upcoming v1.0.0 release) 🙈.

Have you checked your openssl version (it's used internally to calculate the signature)?

 openssl version

> LibreSSL 2.8.3

ofhouse avatar Jun 20 '22 16:06 ofhouse 

openssl version

> OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Jake-RoundrockIO avatar Jun 20 '22 16:06 Jake-RoundrockIO

Same bug here. Using v0.13.2 and openssl 3.0.2 on a fresh AWS account.

arnaudsm avatar Jun 22 '22 10:06 arnaudsm

Thanks for reporting! Can confirm that the problem is related to the OpenSSL 3.x release.

Will take a look into it. In the meantime downgrading to OpenSSL 2.x should work, or otherwise install the AWS CLI and set use_awscli_for_static_upload to use it for the upload:

module "tf_next" {
  source = "milliHQ/next-js/aws"

+ use_awscli_for_static_upload = true
  ...
}

ofhouse avatar Jun 22 '22 16:06 ofhouse

Thanks for the fix!

You're suggestion appears to solve my problem for the time being until the OpenSSL issue is worked out.

Jake-RoundrockIO avatar Jun 24 '22 20:06 Jake-RoundrockIO