S3 backend not being configured

[sakibstark11]

Hi all, I seem to be having issues with remote backend with tflocal. My setup

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }

  backend "s3" {}
}

and I run tflocal init with -backend-config flags and it tries to communicate with actual aws again and I get the following error:

│ Error: No valid credential sources found
│ 
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│ 
│ Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded

I also noticed that the generated override file does not include any backend config. When I remove the backend block everything works as expected albeit the config doesn't use any remote state.

I have the right perms set for the bucket too. Any help would be greatly appreciated.

[lakkeger]

Hi @sakibstark11,
Thanks for reporting this issue, unfortunately tflocal is not supporting command line backend arguments as it's not parsing the commands handed to it, only proxying them. Without the parsing the necessary endpoint modifications and infrastructure is not created in LocalStack so even if you'd pass the necessary arguments manually you must create the necessary infrastructure too.

As part of a future iteration of tflocal we can add the parsing as a feature, but until that please explicitly define the desired backend in your terraform project.

Sorry for the inconvenience, please let us know if you have any further questions.

[sakibstark11]

Hi @sakibstark11, Thanks for reporting this issue, unfortunately tflocal is not supporting command line backend arguments as it's not parsing the commands handed to it, only proxying them. Without the parsing the necessary endpoint modifications and infrastructure is not created in LocalStack so even if you'd pass the necessary arguments manually you must create the necessary infrastructure too.

As part of a future iteration of tflocal we can add the parsing as a feature, but until that please explicitly define the desired backend in your terraform project.

Sorry for the inconvenience, please let us know if you have any further questions.

Thanks for letting us know. I am trying to get around it by having a backend block declared.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
  backend "s3" {
    bucket                      = "localstack"
    key                         = "localstack"
    region                      = "eu-west-1"
    use_path_style              = true
    skip_metadata_api_check     = false
    skip_credentials_validation = true
    iam_endpoint                = "http://localhost:4566"
    sts_endpoint                = "http://localhost:4566"
    endpoints = {
      s3 = "http://s3.localhost.localstack.cloud:4566"
    }
  }
}

It seems to try to connect to imds. Given the error I get is

│ Error: No valid credential sources found
│ 
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│ 
│ Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, exceeded maximum number of
│ attempts, 3, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp
│ 169.254.169.254:80: i/o timeout
│ 

But when I try to disable skip_metadata_api_check I get

│ Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, access disabled to EC2
│ IMDS via client option, or "AWS_EC2_METADATA_DISABLED" environment variable

Kinda stuck with this now. Any help would be much appreciated.

[lakkeger]

Hi @sakibstark11,
There are a couple of solutions for your setup.

1. do not define any of the endpoints, tflocal will take care of it
2. define all the endpoints in the block as currently the merging behavior seems to be buggy, I must fix it later

Either of the above ones worked for me with your sample. Let me know your result.
(Legacy endpoint options (sts_endpoint,endpoint) only available if terraform version is <=1.5 otherwise ignored and using default values.)

[sakibstark11]

Hi @sakibstark11, There are a couple of solutions for your setup.

1. do not define any of the endpoints, tflocal will take care of it
2. define all the endpoints in the block as currently the merging behavior seems to be buggy, I must fix it later

Either of the above ones worked for me with your sample. Let me know your result. (Legacy endpoint options (sts_endpoint,endpoint) only available if terraform version is <=1.5 otherwise ignored and using default values.)

i tried without defining any endpoints and that produces the IMDS error. Defining them doesn't work either. The only way I was able to get it to work was by having separate files for localstack and regular aws deployment. :(

Haven't tried defining all the endpoints though. When you say all, do you mean I should declare the provider myself?
Happy to share examples if you want.

[lakkeger]

The fix for the backend endpoints merging problem is implemented in #50
It has been released. I close this ticket and keep the command line parsing in our backlog.