Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_securitylake_aws_log_source source version is optional, but returns error #37133

Open
gdavison opened this issue Apr 26, 2024 · 3 comments
Open

[Bug]: aws_securitylake_aws_log_source source version is optional, but returns error #37133

gdavison opened this issue Apr 26, 2024 · 3 comments
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/securitylake Issues and PRs that pertain to the securitylake service.

Comments

@gdavison
Copy link
Contributor

Terraform Core Version

N/A

AWS Provider Version

5.47.0

Affected Resource(s)

aws_securitylake_aws_log_source

Expected Behavior

When using a default source_version, creating the aws_securitylake_aws_log_source should succeed.

Actual Behavior

Applying the configuration returns the error

Error: Provider returned invalid result object after apply

    After the apply operation, the provider still indicated an unknown value for
    aws_securitylake_aws_log_source.test.source[0].source_version. All values
    must be known after apply, so this is always a bug in the provider and should
    be reported in the provider's own repository. Terraform will still save the
    other known object values in the state.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

N/A

Steps to Reproduce

N/A

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@gdavison gdavison added the bug Addresses a defect in current functionality. label Apr 26, 2024
@gdavison gdavison self-assigned this Apr 26, 2024
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Apr 26, 2024
@gdavison gdavison removed their assignment May 27, 2024
@gdavison gdavison added the service/securitylake Issues and PRs that pertain to the securitylake service. label May 27, 2024
@rl-gr24
Copy link

rl-gr24 commented Dec 19, 2024
edited
Loading

Facing a similar issue with log source. got it to work under specific circumstances/parameters. A few observations below:

Observation 1: [ERROR] ran the following through the delegated securitylake admin account and got the same error as the issue description. But when i check the console, the logs are indeed enabled in all accounts in the org. This org has accounts that are currently in suspended state.

resource "aws_securitylake_aws_log_source" "route53" {
    source {
        regions     = ["eu-west-1"]   ###includes suspended and active accounts in the organization ####
        source_name = "ROUTE53"
    }
   depends_on = [aws_securitylake_data_lake.securitylake]
}

Observation 2: [ERROR] Destroyed previous run w/ TF and ran the following through the delegated securitylake admin account and got the same error again. The only difference is that I added source_version = "2.0"

resource "aws_securitylake_aws_log_source" "route53" {
    source {
        regions     = ["eu-west-1"]   ###includes suspended and active accounts in the organization ####
        source_name = "ROUTE53"
     **source_version = "2.0"  ###Added source versioning here###**
    }
  
    depends_on = [aws_securitylake_data_lake.securitylake]
}

Observation 3: [SUCCESSFUL]
Destroyed the previous log sources and then ran the following through the delegatedadmin account again with two additions below and was SUCCESSFUL

resource "aws_securitylake_aws_log_source" "route53" {
    source {
     **account    = ["active_account_ID1", "active_account_ID2", "..." ] ##Ensured no suspended account IDs were included##**
        regions     = ["eu-west-1"]
        source_name = "ROUTE53"
     **source_version = "2.0"  ###Added source versioning here###**
    }
    depends_on = [aws_securitylake_data_lake.securitylake]
}

@rl-gr24
Copy link

rl-gr24 commented Dec 19, 2024
edited
Loading

Obviously, hardcoding active account IDs is not ideal, especially in a large and growing AWS organization with many accounts. I'm assuming at this point that the suspended accounts in an organization are causing this error along with not specifying the actual source_version parameter.
So the ask would be to have the resource creation skip over the suspended account as well so we can have a TF run that will create log sources in all the active accounts without having to manually hard code the account IDs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. service/securitylake Issues and PRs that pertain to the securitylake service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gdavison @rl-gr24