[Bug]: Parameter "destination_file_location" is not getting identified for COPY step in AWS resource "aws_transfer_workflow" #33126
Open
Description
Terraform Core Version
Terraform v1.5.5
AWS Provider Version
~> 4.46.0
Affected Resource(s)
I am trying to create AWS Transfer Workflow for "COPY" step through terraform. I am following arguments mentioned on Terraform official documentation page, as below :
resource "aws_transfer_workflow" "copy_step_workflow" {
steps {
copy_step_details {
name = "copying_step_workflow_test"
destination_file_location = "^aws-transfer-dest-bucket02$"
source_file_location = "$${original.file}"
}
type = "COPY"
}
}However, it gives me error as :
Error: Unsupported argument
│
│ on main.tf line 342, in resource "aws_transfer_workflow" "copy_step_workflow":
│ 342: destination_file_location = "^aws-transfer-dest-bucket02$"
│
│ An argument named "destination_file_location" is not expected here.I am wondering how it could be unsupported while I am writing as it is mentioned here :
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/transfer_workflow
Could you please guide what should I write as destination location for copying files, and I would really appreciate if you could assist me with some example also.
Thanks in advance.
Expected Behavior
COPY step would copy to files uploaded in source S# location of AWS SFTP server to destination bucket mentioned here in parameter "destination_file_location".
Actual Behavior
Parameter " destination_file_location " is not getting identified and giving error as "Unsupported Argument".
Error: Unsupported argument
│
│ on main.tf line 342, in resource "aws_transfer_workflow" "copy_step_workflow":
│ 342: destination_file_location = "^aws-transfer-dest-bucket02$"
│
│ An argument named "destination_file_location" is not expected here.Relevant Error/Panic Output Snippet
No response
Terraform Configuration Files
terraform {
required_providers {
aws = "~> 4.46.0"
}
}
provider "aws" {
region = "me-central-1"
default_tags {
tags = {
"environment" = "me-central-1" # Environment value is taken from the tag_env variable
"Owner" = "SRE Team"
"Terraform" = "true"
"Component" : "BCATS-STAGE"
}
}
}
# Creating Network
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "2.70.0"
name = "test-aws-transfer"
cidr = "10.70.0.0/18"
azs =[
"me-central-1a",
"me-central-1b",
"me-central-1c"
]
private_subnets = ["10.70.0.0/20","10.70.16.0/20","10.70.32.0/20"]
public_subnets = ["10.70.48.0/20"]
single_nat_gateway = false
enable_dns_hostnames = true
create_igw = true
enable_nat_gateway = true
enable_vpn_gateway = true
}
output "vpc_id" {
description = "The ID of the VPC"
value = module.vpc.vpc_id
}
# Egress Rule for VPC
resource "aws_default_security_group" "test-aws-transfer-rule" {
vpc_id = module.vpc.vpc_id
egress = [
{
description = "Default"
ipv6_cidr_blocks = null
prefix_list_ids = null
security_groups = null
self = null
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
]
}
# Creating Bucket for SFTP Server
resource "aws_s3_bucket" "sftp-bucket" {
bucket = "aws-transfer-bucket01"
# region = "me-central-1"
acl = "private"
versioning {
enabled = true
}
}
resource "aws_s3_bucket_object" "original_file" {
bucket = aws_s3_bucket.sftp-bucket.id
key = "s3://aws-transfer-bucket01/test1.txt"
}
resource "aws_s3_bucket" "sftp-bucket-dest" {
bucket = "aws-transfer-dest-bucket02"
# region = "me-central-1"
acl = "private"
versioning {
enabled = true
}
}
/*
resource "aws_s3_bucket_acl" "sftp-bucket-acl" {
bucket = aws_s3_bucket.sftp-bucket.id
acl = "private"
}
*/
# Creating IAM Role for SFTP Logging
resource "aws_iam_role" "transfer-logging-role" {
name = "aws-transfer-bcats-stage-logging"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "sftp-iam-role-policy" {
name = "aws-transfer-bcats-stage-iam-policy-logging"
role = aws_iam_role.transfer-logging-role.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowFullAccesstoCloudWatchLogs",
"Effect": "Allow",
"Action": [
"logs:*"
],
"Resource": "*"
}
]
}
POLICY
}
# SFTP Server Transfer Security Group
resource "aws_security_group" "transfer_security_group" {
name = "aws-transfer-bcats-stage-sg"
description = "Transfer Server security group"
vpc_id = module.vpc.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["10.70.0.0/18"]
description = "Allow connections from vpc cidr on port 22"
}
egress {
from_port = 1024
to_port = 65535
protocol = "tcp"
cidr_blocks = ["10.70.0.0/18"]
description = "Allow outbound connections"
}
}
# Creating VPC Endpoint for SFTP Server
resource "aws_vpc_endpoint" "sftp-transfer-endpoint" {
vpc_id = module.vpc.vpc_id
service_name = "com.amazonaws.me-central-1.transfer"
vpc_endpoint_type = "Interface"
subnet_ids = module.vpc.private_subnets
security_group_ids = [
aws_security_group.transfer_security_group.id
]
}
# SFTP Server
resource "aws_transfer_server" "transfer-server" {
identity_provider_type = "SERVICE_MANAGED"
protocols = ["SFTP"]
logging_role = aws_iam_role.transfer-logging-role.arn
#endpoint_type = "VPC"
security_policy_name = "TransferSecurityPolicy-2020-06"
/*
endpoint_details {
vpc_id = module.vpc.vpc_id
subnet_ids = module.vpc.private_subnets
security_group_ids = [aws_security_group.transfer_security_group.id]
}
*/
}
# SFTP Transfer IAM Role for USER
resource "aws_iam_role" "user-role" {
name = "stage-testuser-transfer-user-iam-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "transfer.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
# SFTP-User IAM Policy
resource "aws_iam_role_policy" "access-role-policy" {
name = "stage-testuser-transfer-user-iam-policy"
role = aws_iam_role.user-role.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::aws-transfer-bucket01"
]
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::aws-transfer-bucket*/*"
]
}
]
}
POLICY
}
# SFTP User
resource "aws_transfer_user" "transfer-user" {
server_id = aws_transfer_server.transfer-server.id
user_name = "testuser"
home_directory = "/aws-transfer-bucket01/root"
role = aws_iam_role.user-role.arn
}
# Generating SSH Public Key for SFTP User
resource "aws_transfer_ssh_key" "this" {
server_id = aws_transfer_server.transfer-server.id
user_name = "testuser"
body = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcQqrBmuavxAHsIjPm7lLvIpsC63DhN4zFDZkKY5uOLMxlEEcWz1tvGh9ylcnEXWf6fOFLxNKACNLEcWo02t45MAkn9mbpzadUQEC2KmN6h9UnyATwmP1IarC1PxvzfROvRP73EMDDC4uBt6exarBRGT9IjQX+P8flm/zxsrqbZ3iT0rxZw3cHHUJzYBaJYK6OauUrWKHGPw0P09NahZUL1m9/sPrVJz+EF8mxWCzkbjjH3SvnFOlwJgnqyB3bImLi82weyEg8Dr0FqC3hZM9FjZbNXFsYR0OqBR65f5douAKa6Wv/MLMRfQPE+NAyWGkVy4cbWnKdMfBrzpyia/OiiFolIGDGptl3Uu4TzEb4n1Nidss3Y+3hDgj44Ht/K+8Gptv9dHqF0TBYiVV7Oi5CtbDOoeH4ATF5QeIJv+CmDmBRhdPlT2iUEPrli+yFiczFnbJh6daGilfexeDP1syhZGNLsjG3ai6oDMUab2iKCzs8sYS/TwxnZ8+bYza7Oyc= pmehta@EC2AMAZ-P8GQPTE"
depends_on = [aws_transfer_user.transfer-user]
}
# Stroing SSH Private Key in AWS Secrets Manager for SFTP User
resource "aws_secretsmanager_secret" "ssh_private_key" {
name = "my-ssh-private-key"
}
resource "aws_secretsmanager_secret_version" "ssh_private_key_version" {
secret_id = aws_secretsmanager_secret.ssh_private_key.id
secret_string = file("~/.ssh/id_rsa") # Update with the path to your private key file
}
resource "aws_transfer_workflow" "copy_step_workflow" {
steps {
copy_step_details {
name = "copying_step_workflow_test"
destination_file_location = "^aws-transfer-dest-bucket02$"
source_file_location = "$${original.file}"
}
type = "COPY"
}
}Steps to Reproduce
terraform init
terraform plan
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None