0

My available resources are

OS - ubuntu 18.04 | Terraform cli - Terraform v0.12.9 | user - root login

My problem is - I want tfstate to store remotely backend by s3 so I created manually, a

s3 bucket - sellist-infra

for that I created backend.tf file and my terraform script in below , when I terraform init the error in below . What's wrong with the script ? 

provider "aws" {
    acces_key  = "**************"
    secret_key = "**************"
}

terraform {
    backend "s3" {
        bucket                      = "sellist-infra"
        key                         = "terraform/sellist/do/prod/terraform.tfstate
        endpoint                    = "nyc3.digitaloceanspaces.com"
        region                      = "us-east-1"
        profile                     = "sellist-do"
        skip_credentials_validation = true
        skip_get_ec2_platforms      = true
        skip_requesting_account_id  = true
        skip_metadata_api_check     = true
    }
} 


***OUTPUT*** 

Initializing the backend...

Warning: "skip_requesting_account_id": [DEPRECATED] The S3 Backend no longer automatically looks up the AWS Account ID and this attribute is no longer used.



Warning: "skip_get_ec2_platforms": [DEPRECATED] The S3 Backend does not require EC2 functionality and this attribute is no longer used.



Error: Failed to get existing workspaces: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors
soldier
  • 101
  • 1
  • 10
  • in my opinion is not a good idea to store the credentials in the file itself. I store them in a tfvars file that is not committed or uploaded. – Elzo Valugi Oct 08 '19 at 08:36

2 Answers2

0

The notices that you get happen because these 2 variables skip_requesting_account_id and skip_get_ec2_platforms are deprecated, see docs.

For the credentials error, move the credentials into ~/.aws/credentials and leave in the file just:

provider "aws" {}

This is a better practice in terms of security as well, as you do not store the credentials with the code. In your original code you also had a typo, is access_key not acces_key.

Elzo Valugi
  • 27,240
  • 15
  • 95
  • 114
0

The S3 state storage backend and the AWS provider are two separate components that need to be configured separately.

Usually we avoid directly configuring them both by using the standard AWS environment variables or credentials file, which will be read and used automatically by both the AWS provider and by the S3 backend.

For more complicated scenarios where you need to use separate credentials for the backend and the provider, the Terraform documentation section Multi-account AWS Architecture gives a reference architecture to work from that allows still using the standard AWS credentials mechanisms while having the AWS provider assume a special role to get the access it needs for a particular AWS account.

The access_key and secret_key configuration arguments on both the AWS provider and the S3 backend are there for very unusual situations where using the standard AWS credentials mechanisms is not appropriate. It should be very rare to use these, but if you do choose to use them then you will need to set them separately in both the provider "aws" block and in the backend "s3" block. I would suggest thinking of these arguments as a last resort, and using them only if you have tried all of the other options and concluded that they are inappropriate for your unusual case for some reason.

Martin Atkins
  • 62,420
  • 8
  • 120
  • 138