Invalid AWS Region

[scalp42]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.13
+ provider.aws v2.2.0

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
  alias = "bridge"
  version = "~> 2.2.0"
}

data "aws_caller_identity" "bridge" {
  provider = "aws.bridge"
}

data "aws_iam_policy_document" "s3_changeme_terraform" {
  statement {
    #sid = "1"

    actions = [
      "s3:GetBucketLocation",
      "s3:GetBucketVersioning",
      "s3:GetObject",
      "s3:GetObjectVersion",
      "s3:ListBucket",
    ]

    effect = "Allow"

    resources = [
      "arn:aws:s3:::changeme-terraform",
    ]

    principals {
      type = "AWS"
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.bridge.account_id}:root",
      ]
    }
  }
}

Debug Output

Plan: https://gist.github.com/scalp42/c847168667233b4bf5b89e79dbaa7c0c

Apply: https://gist.github.com/scalp42/cd7644708890dfed55080c6d870a8b1f

Expected Behavior

• it should not ask for the region
• it should pick up the region from the provider

Actual Behavior

• will ask for AWS region
• will not create any resource mentioning an invalid AWS region

Steps to Reproduce

1. terraform plan -out terraform
2. terraform plan apply terraform

References

This issue relates to the region being asked: hashicorp/terraform#20599

[scalp42]

It works if I force the region through env variable:

AWS_REGION=us-west-2 terraform xxx

But I don't think it's expected behavior as the region is specified in the provider.

[squidfunk]

Still happening for me on terraform-0.12.1 and terraform-provider-aws-2.13.0

[BovineEnthusiast]

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

[techiechap]

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

Same issue, i had used underscore instead of -, thanks

[DrStrangepork]

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

Underscores and dashes in what? AWS_REGION is the correct format with underscores.

[BovineEnthusiast]

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

Underscores and dashes in what? AWS_REGION is the correct format with underscores.

If I recall correctly I did us_west_2 instead of us-west-2.

[scalp42]

I think there's a new issue now: #9617

[rehevkor5]

I had the same problem when using terraform import with a -var-file and aws provider like:

provider "aws" {
  region = var.region
}

Error output:

Error: Invalid AWS Region: 

  on ../terraform/modules/cluster/main.tf line 1, in provider "aws":
   1: provider "aws" {

I had to replace the variable with a hard-coded region in order to get it to work.

The annoying thing about it is that it appears (far as I can tell) to work just fine when doing plan/apply, and then surprises you with problems if you ever happen to use import.

[mikhailadvani]

faced the same issue during import of resources with terraform v0.12.8 and AWS provider v2.26.0 and v2.27.0

[kartvep]

Same issue with provider.aws v2.29.0

[kartvep]

Looks like for import context is initialized with some short circuit.
If variable used for region doesn't have default value, import fails with Error: Invalid AWS Region: as described above.
But if default value added for this variable, import operation uses this value instead of given to module's parameter.

main.tf:

module "tst" {
  source = "./tst"
  region = "aws-ie"
}

tst/main.tf:

variable "region" {
   default = "WAT?"
}

local {
   regions = { "aws-ie" = "eu-west-1" }
}

provider "aws" {
  region = local.regions[var.region]
}
...

terraform import module.tst.resource resource_id fails like this:

Error: Invalid index

  on tst/main.tf line 2, in provider "aws":
   2:   region = local.regions[var.region]
    |----------------
    | local.regions is object with 10 attributes
    | var.region is "WAT?"

The given key does not identify an element in this collection value.

Terraform v0.12.7
+ provider.aws v2.29.0

UPD: same error with Terraform v0.12.9

[fernanen]

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

I was passing an undeclared and uninitialized Linux variable when running an Apply like so:
TF_VAR_aws_region=$AWS_REGION Terraform apply

After setting my variable AWS_REGION with the right region - I was able to proceed with the build.

[vianel]

faced the same issue terraform = 0.12.20
"aws" version = "~> 2.45.0"

this works for me 👇

I had to replace the variable with a hard-coded region in order to get it to work.

[jessesanford]

Same here with "aws" version 2.40.0

[vazhnov]

The same problem with "profile" too, not only "region". I couldn't do import until hardcoded profile name.

Error message:

Error: No valid credential sources found for AWS Provider.
	Please see https://terraform.io/docs/providers/aws/index.html for more information on
	providing credentials for the AWS Provider

terraform = 0.12.20, through tfenv.
provider.aws 2.49

[llamahunter]

This seems to be a deep terraform bug in the way import runs vs plan or apply . hashicorp/terraform#13018

[amitcloudworld]

Region name must be like this other wise you will get error for region ok region= "us-west-1a" you need to remove a this is the right way to keep your regino name region = "us-west-1"

happy

[sosimon]

I have run into this a few times now - I end up manually editing all the providers in all my modules inside .terraform from

provider "aws" {
  region = var.region
}

to

provider "aws" {
  region = "us-east-1"
}

and then tf import again.

[dyegoe]

I don't know if it is related, but the error is the same, at least. Still happen on v0.15.0 + AWS v3.37.0

Terraform v0.15.0
+ provider registry.terraform.io/hashicorp/aws v3.37.0

#########################
locals {
  region               = "eu-north-1"
  resource_name_prefix = "elastic-lab"
  common_tags = {
    project     = "elastic-lab"
    workspace   = "elastic-lab"
    environment = "lab"
    region      = "${local.region}"
    terraform   = "true"
  }
}

#########################
provider "aws" {
  region = local.region
}

If I plan, it goes well

% terraform plan -out deploy.plan
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-04059f72fbd29c65a]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-048d25053a9462e08]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-06e137f834aafb643]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-05292f8ea1a41e5d2]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-03f14abf8d3dbcff3]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04ef51cea1a9b3432]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-03f14abf8d3dbcff31080289494]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-04433f9202cebccf9]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0c75e1cf254ec8112]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-096033c5f5206f58e]

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your configuration and the remote system(s). As a result, there are no actions to take.

But if I try to destroy

% terraform destroy              
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-04059f72fbd29c65a]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04ef51cea1a9b3432]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-03f14abf8d3dbcff3]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-06e137f834aafb643]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-048d25053a9462e08]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-05292f8ea1a41e5d2]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-03f14abf8d3dbcff31080289494]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0c75e1cf254ec8112]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-04433f9202cebccf9]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-096033c5f5206f58e]
╷
│ Error: Invalid AWS Region: 
│ 
│   on main.tf line 19, in provider "aws":
│   19: provider "aws" {
│ 

[thinkspill]

I'm also seeing this for the first time today, on 0.15.0.

[freakinhippie]

I am seeing this issue too, using terraform v0.15.0, and aws v3.37.0.

[bflad]

It looks like this is a bug upstream in Terraform CLI version 0.15.0 (hashicorp/terraform#28428 / hashicorp/terraform#28444), which could be addressed next Terraform CLI release.

[saivarunr]

Works fine when apply, destroy does not work.

╷
│ Error: Invalid AWS Region:
│
│ on .terraform/modules/deploy-eks/main.tf line 24, in provider "aws":
│ 24: provider "aws" {
│
╵

However, had to edit the file deploy-eks/main.tf inside .terraform directory to make destroy work.

[saivarunr]

We could circumvent this by configuring the aws provider in the parent module, passing it to deploy-eks module as provider.

[pschulten]

I just build the CLI from main, and it fixes it

[brikis98]

Seeing the same issue. apply works fine, but on destroy, any nested provider block with region set to a variable gives an "Invalid AWS Region" error.

[brikis98]

BTW, this worked fine with Terraform 0.14.x, but is newly broken with Terraform 0.15.x.

[antondemidov]

seems it was fixed in 0.15.1

[mhvelplund]

seems it was fixed in 0.15.1

I tried with 0.15.4 and it workd. So; with 0.15.0 I can init and plan, but not destroy. Bug seems fixed in the subsequent patch 🤷‍♀️

[breathingdust]

Closing this as this appears to have been resolved in an upstream Terraform patch landing in 0.15.1. If I have closed this in error, do let me know and I will reopen.

[markhuge]

seems to have resurfaced in 1.1.7 with aws provider 4.4.0.

terraform plan fails when the region is set from the provider config, but will proceed if I set an env var:

provider "aws" {
  region = "us-west-2"
  alias = "west"
}

Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, failed to resolve service endpoint, an AWS region is required, but was not found

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.