Error message
Error: listing tags for S3 Control Access Point (arn:aws:s3-outposts:ap-southeast-1:xxxxxxx:outpost/xxxxxx/accesspoint/xxxxx): operation error S3 Control: ListTagsForResource, https response error StatusCode: 400, RequestID: 61ZZTQffee8TW3, HostID: rR2h26NA6m1bE0+EUxZp70cscscBjV0WTDwu4ZZ2fjSaEZpPhQTXUX08i3Kd/oBycscsG5BPV9/wL+aGKcS9o+CR5E=, api error InvalidURI: Couldn't parse the specified URI.
with module.fallback_sit.aws_s3_access_point.abc_s3_access_point[0], │ on ../../../main/s3-abc.tf line 9, in resource "aws_s3_access_point" "abc_s3_access_point": │ 9: resource "aws_s3_access_point" "abc_s3_access_point" {
My Terraform version
Terraform v1.11.4 on darwin_arm64 + provider registry.terraform.io/hashicorp/aws v6.22.1 + provider registry.terraform.io/hashicorp/local v2.6.1 + provider registry.terraform.io/hashicorp/random v3.7.2 + provider registry.terraform.io/hashicorp/tls v4.1.0 Issue started happening after I deleted my tf lock files and .terraform folder. Below is the provider details when it was last working
Terraform v1.11.4 on darwin_arm64 + provider registry.terraform.io/hashicorp/aws v6.3.0 + provider registry.terraform.io/hashicorp/local v2.5.3 + provider registry.terraform.io/hashicorp/random v3.7.2 + provider registry.terraform.io/hashicorp/tls v4.1.0 I have tried to downgrade my provider to use version 6.3.0. However, due to urgency I had to target apply using a newer version. Therefore specifying version 6.3.0 resolves the initial issue but comes with a new one.
Error: Resource instance managed by newer provider version. The current state of module.fallback_sit.module.bcd_asg.aws_launch_template.this[0] was created by a newer provider version than is currently selected. Upgrade the aws provider to work with this state.
TF Module
# S3 Bucket Resource resource "aws_s3control_bucket" "abc_s3_bucket" { count = var.s3_abc.create ? 1 : 0 bucket = "${var.env}-abc-bucket" outpost_id = var.outpost_id } # S3 Access Point Resource ------- >> block which throws the error resource "aws_s3_access_point" "abc_s3_access_point" { count = var.s3_abc.create ? 1 : 0 bucket = aws_s3control_bucket.abc_s3_bucket[0].arn name = "${var.env}-abc-access-point" vpc_configuration { vpc_id = var.outpost_vpc_id } } # IAM Policy Document for EC2 instance access to S3 bucket data "aws_iam_policy_document" "abc_s3" { count = var.s3_abc.create ? 1 : 0 statement { sid = "AllowUserToAccessabcBucket" actions = [ "s3-outposts:*" ] resources = flatten([ aws_s3control_bucket.abc_s3_bucket[0].arn, "${aws_s3control_bucket.abc_s3_bucket[0].arn}/*", aws_s3_access_point.abc_s3_access_point[0].arn, "${aws_s3_access_point.abc_s3_access_point[0].arn}/*" ]) } } # IAM Policy Resource for EC2 access resource "aws_iam_policy" "abc_s3" { count = var.s3_abc.create ? 1 : 0 name = "${var.env}-abc-s3-policy" description = "${var.env} abc S3 bucket access" policy = data.aws_iam_policy_document.abc_s3[0].json } # Policy for S3 Bucket resource "aws_s3control_bucket_policy" "abc_s3_bucket_policy" { count = var.s3_abc.create ? 1 : 0 bucket = aws_s3control_bucket.abc_s3_bucket[0].arn policy = jsonencode({ "Id" : "AllowSSLRequestsOnly", "Version" : "2012-10-17", "Statement" : [ { "Sid" : "AllowSSLRequestsOnly", "Effect" : "Deny", "Principal" : "*", "Action" : "s3-outposts:*", "Resource" : [ "${aws_s3control_bucket.abc_s3_bucket[0].arn}" ], "Condition" : { "Bool" : { "aws:SecureTransport" : "false" } } } ] }) } # # Encryption for s3 bucket # resource "aws_s3_bucket_server_side_encryption_configuration" "abc_sse_kms" { # bucket = "${var.env}-abc-bucket" # depends_on = [aws_s3control_bucket.abc_s3_bucket] # rule { # apply_server_side_encryption_by_default { # sse_algorithm = "aws:kms" # } # } # } 
6.3.0is not an upgrade of the provider, it's a downgrade. The newer version would be something like6.30.x.