Terraform & Gitlab Error: error configuring S3 Backend: no valid credential sources for S3 Backend found
I try to configure Terraform with Gitlab CI/CD, this .gitlab-ci:
include:
- template: Terraform/Base.gitlab-ci.yml
- template: Jobs/SAST-IaC.gitlab-ci.yml
stages:
- validate
- test
- build
- deploy
- cleanup
validate:
extends: .terraform:validate
needs: []
build:
extends: .terraform:build
environment:
name: $TF_STATE_NAME
action: prepare
deploy:
extends: .terraform:deploy
dependencies:
- build
environment:
name: $TF_STATE_NAME
action: start
cleanup:
extends: .terraform:destroy
environment:
name: $TF_STATE_NAME
action: access
variables:
TF_STATE_NAME: default
TF_CACHE_KEY: default
works without any error in the develop(default, protected) branch, but on other branches for example feature/test it gives me this error:
$ cd "${TF_ROOT}"
$ gitlab-terraform plan
Initializing the backend...
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
│
I put the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY on GitLab variables like this (which I think is enough for my configuration):
Any idea about the issue and how can I solve it, please? Is there any additional configuration I should add to my script?
Provider
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.54.0"
}
}
backend "s3" {
bucket = "my-remote-state-bucket"
key = "terraform.tfstate"
region = "eu-west-1"
}
}
# Configure the AWS Provider
provider "aws" {
region = "eu-west-1"
}
and I have a simple resource in the main.tf:
resource "aws_s3_bucket" "test" {
bucket = "my-bucket-test-2023-00001"
}
From the screenshot of your GitLab CICD variables we can see that your AWS creds are "protected" which means they'll only be avaiable for "protected" branches.
You decide which branches are protected so you could mark your feature branches as protected or more simply remove the protection from these two variables.
- AWS ElasticBeanstalk EC2 Termination Protection
- Install pgAgent on AWS RDS for Postgres
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- List all parameters in AWS SSM Parameter Store
- AWS push_down_predicate not working with DynamoDb
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- AWS ECS agent won't start
- AWS VPC (Virtual Private Cloud), rapidly increasing expenses
- SemaphoreCI OIDC AWS connection
- Can't delete AWS internet Gateway
- How to provide multiple StringNotEquals conditions in AWS policy?
- Not able to get ECS fargate metrics on Datadog
- 502 "Internal Server Error" with API Gateway + Lambda when deploying
- Java Springboot application not able to connect to AWS Elasticache Valkey Cache (Serverless)
- Splitting PDF with PyPDF2 in Lambda function
- "libdbus-glib-1.so.2: cannot open shared object file: No such file or directory"
- Partial credentials found in env, missing: AWS_SECRET_ACCESS_KEY
- Best way to store Firebase admin private key file for AWS lambda
- AWS Elastic Beanstalk and Secret Manager
- Unable to upload data using sagemaker_session.upload_data in s3 bucket that I created, it is getting stored in default s3 bucket
- Parse Aws IoT message in python
- How to temporarily switch profiles for AWS CLI?
- Python Sqlalchemy insert data into AWS Redshift
- Using AWS Bedrock Prompt Management with InvokeCommand
- How to skip IAM change confirmation during a cdk deploy?
- Restarting AWS lambda function to clear cache
- How to send data to API Post to be used by Lambda Function
- Why is postman showing error message but react app not showing it?
- Terraform shows `InvalidGroup.NotFound` while creating an EC2 instance
- How to delete keys matching pattern in AWS Elasticache Valkey