Cannot create S3 buckets in multiple regions

[ryaninvents]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.0
+ provider.aws v2.13.0

Affected Resource(s)

• aws_s3_bucket

Terraform Configuration Files

provider {
  aws {
    region = "us-east-2"
  }
}

resource "aws_s3_bucket" "public" {
  bucket = "example-static-assets"
  region = "us-east-1"

  website {
    index_document = "index.html"
  }
}

resource "aws_s3_bucket" "secrets" {
  bucket = "secrets.example.com"
  region = "us-east-2"

  versioning {
    enabled = true
  }
}

Debug Output

https://gist.github.com/ryaninvents/978df245050a0726580a4a4ae59f16f3

Panic Output

No panic encountered.

Expected Behavior

Terraform should have used the region field to correctly create one bucket in each of two regions. The s3_bucket documentation states:

• region - (Optional) If specified, the AWS region this bucket should reside in. Otherwise, the region used by the callee.

This implies that it is possible to choose a region other than the one chosen by the provider. Unfortunately I am importing existing buckets which is why I am not free to place them both in the same region.

Actual Behavior

Error: error reading S3 Bucket (example-static-assets): BucketRegionError: incorrect region, the bucket is not in 'us-east-2' region at endpoint ''
        status code: 301, request id: , host id: 

Steps to Reproduce

1. terraform init
2. terraform apply

References

• This is related to Unable to create/manage two S3 buckets in separate regions from the same .tf file #5999, however due to the presence of the region attribute in the s3_bucket resource, I think it is a bug in the provider to require separate providers for each region.

[tmccombs]

Needing multiple providers is especially a pain when your provider configuration is non-trivial, because there isn't a way to inherit provider configuration, so you have to copy-paste all of your provider configuration for each region, and then make changes to each region instead of just one place.

[tmccombs]

I just ran into a case where this causes quite a bit of pain for me.

I have a module where I want to optionally create a backup s3 bucket in another region. Something like this:

My first attempt was just to use the region attribute, but then I discovered I can't use a single provider for multiple regions. Next I tried something like this:

resource "aws_s3_bucket" "backup" {
   count = var.has_backup ? 1 : 0
   provider = var.has_backup ? "aws.backup" : "aws"
   bucket = "${var.bucket_name}-backup"
   versioning { 
     enabled = true
   }
}

but then it complains that the provider configuration reference is invalid:

The provider argument requires a provider type name, optionally followed by a
period and then a configuration alias.

So I tried changing the provider to "aws.backup" all the time, but then I need to provide the aws.backup provider to the module, even if I don't create the bucket (count is zero). Otherwise I get an error that the provider configuration is not present for aws.backupj.

If I could just specify a region from a module variable this would be a lot simpler.

See https://stackoverflow.com/questions/57577536/terraform-optional-provider-for-optional-resource

[opub]

I just ran into this but there were no errors reported. I had initially created 4 S3 buckets without specifying the region so they were all created in us-east-1. My requirements changed so they each had to go into separate regions (us-east-1, us-east-2, us-west-1, us-west-2). I changed the templates to include the region value. Terraform correctly reported that 3 of 4 would have their region changed and that they would be updated in-place (which surprised me). It then looked like the changes were applied successfully (no errors). However when I output the bucket regions they were unchanged. Repeated runs resulted in the same proposed changes and results.

Terraform v0.12.25
+ provider.aws v2.60.0

This is made particularly difficult since provider doesn't support count. So if you have N buckets each in its own region then you would have to hardcode all N providers. See hashicorp/terraform#9448

[joshmears169]

I'm having a similar issue here I think..

I want to create a Config rule involving CloudFront that is only available in us-east-1 (CloudFront is a global service). The rest of my resources are in eu-west-1 and are part of the same module.

I need a way of specifying the region for a particular resource without having to replicate the provider block for all resources in the module.

[habbes]

I'm also facing a similar issue. I have multiple regions I'd like to create buckets in. Ideally I would like to use for_each to create a bucket for each reason. I wish I could pass the region argument to the bucket config instead of the provider.

[ewbankkit]

Please see #27758 (comment) for the proposed solution to this issue.