CodeBuild project aws-sce-tf-community-ue1-dependency-builder fails during first terraform apply

[atheiman]

CodeBuild project aws-sce-tf-community-ue1-dependency-builder fails during first terraform apply. I am calling the module in us-east-1 with no arguments:

module "svc_ctlg_engine" {
  source = "github.com/aws-ia/terraform-aws-sce-tf-community?ref=40cb97f14591c58d0182385be237b19d5b49f923"
}

CodeBuild failure:

[Container] 2024/11/25 04:13:04.768106 Running command aws s3 cp s3://aws-sce-tf-community-ue1-<acctid>-tf-state/build/src/terraform-parameter-parser.zip .
40 | fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden
41 |  
42 | [Container] 2024/11/25 04:13:14.144218 Command did not exit successfully aws s3 cp s3://aws-sce-tf-community-ue1-<acctid>-tf-state/build/src/terraform-parameter-parser.zip . exit status 1
43 | [Container] 2024/11/25 04:13:14.148430 Phase complete: INSTALL State: FAILED
44

What is supposed to upload object s3://aws-sce-tf-community-ue1-<acctid>-tf-state/build/src/terraform-parameter-parser.zip before this CodeBuild project consumes it?

[henriquelucasdf]

Hey @wellsiau-aws,

I'm facing the same issue here. It seems that this error is caused by the use of terraform'spath.module in the "archive_path" local variable.

Terraform does not recommend using it in write operations, as documented here.

Would it be alright if I open a PR to address this?

[wellsiau-aws]

@henriquelucasdf , thanks for investigating, yes we are open for PR , cc @albsilv-aws

[atheiman]

@henriquelucasdf after running into this issue, I created this project that works cleanly with a very similar architecture

github.com/atheiman/service-catalog-demo - Terraform External Provisioning Engine

Take a look and see if it handles your use case

The module to deploy the engine is here modules/tf-svc-ctlg-engine and an example of deploying the module is here service_catalog.tf

Edit - linked the wrong project 🤦