Search code examples
amazon-web-servicesterraformterraform-provider-aws

Terraform AWS - Unable to update Transfer Server with incomplete error message

I am trying to update a test AWS Transfer Server because I was unable to connect to it via SFTP

Now trying to use the FTP / FTPS protocols, I have used the same layout as the example here

This is the example in the docs

resource "aws_transfer_server" "example" {
  endpoint_type = "VPC"

  endpoint_details {
    subnet_ids = [aws_subnet.example.id]
    vpc_id     = aws_vpc.example.id
  }

  protocols   = ["FTP", "FTPS"]
  certificate = aws_acm_certificate.example.arn

  identity_provider_type = "API_GATEWAY"
  url                    = "${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}"
}

And here is my code

resource "aws_transfer_server" "transfer_x3" {
  tags = {
    Name = "${var.app}-${var.env}-transfer-x3-server"
  }

  endpoint_type = "VPC"
  endpoint_details {
    vpc_id             = data.aws_vpc.vpc_global.id
    subnet_ids         = [data.aws_subnet.vpc_subnet_pri_commande_a.id, data.aws_subnet.vpc_subnet_pri_commande_b.id]
  }

  protocols   = ["FTP", "FTPS"]
  certificate = var.certificate_arn

  identity_provider_type = "API_GATEWAY"
  url = "https://${aws_api_gateway_rest_api.Api.id}.execute-api.${var.region}.amazonaws.com/latest/servers/{serverId}/users/{username}/config"

  invocation_role = data.aws_iam_role.terraform-commande.arn
}

And here is the error message

╷
│ Error: error creating Transfer Server: InvalidRequestException: Bad value in IdentityProviderDetails
│ 
│   with aws_transfer_server.transfer_x3,
│   on transfer-x3.tf line 1, in resource "aws_transfer_server" "transfer_x3":
│    1: resource "aws_transfer_server" "transfer_x3" {
│ 
╵

My guess is, it doesn't like the value in the url parameter

I have tried using the same form as one provided in the example: url = "${aws_api_gateway_deployment.ApiDeployment.invoke_url}${aws_api_gateway_resource.ApiResourceServerIdUserUsernameConfig.path}", but encountered the same error message

I have tried ordering the parameters around if it was that, but I had the same error over and over when I use the command terraform apply

The commands terraform validate and terraform plan didn't show the error message at all

What value could the url parameter need? Or is there a parameter missing in my resource declaration?

Solution

  • As per the documentation (CloudFormation in this case) [1], the examples say the only thing needed is the invoke URL of the API Gateway:

    .
.
.
"IdentityProviderDetails": {
    "InvocationRole": "Invocation-Role-ARN",
    "Url": "API_GATEWAY-Invocation-URL"
},
"IdentityProviderType": "API_GATEWAY",
.
.
.

    Comparing that to the attributes provided by the API Gateway stage resource in terraform, the only thing that is needed is the invoke_url attribute [2].

    [1] https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-transfer-server.html#aws-resource-transfer-server--examples

    [2] https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_stage#invoke_url