09/05/2023, 3:45 PM
Hello all! I'm trying to use the Infracost Terraform module to enable Actual Costs. The issue I'm having is that when I create the resources for my environment, they are being created using my default provider which is in
and not the provider I created for the Infracost module. It seems that the provider variable for the module isn't working properly. I'm following this documentation: and here is my code:
Copy code
# Do not change this, this is the only region that the AWS CUR API supports, this should not matter for
# you as your bucket can live in another region (described above).
provider "aws" {
  alias  = "us_east_1"
  region = "us-east-1"

module "infracost" {
  source = "<|>"
  infracost_external_id = "INFRACOST_ORGANIZATION_ID"
  # add a provider for region `us-east-1` and pass this in using aws.us_east_1 alias.
  providers = {
    aws.us_east_1 = aws.us_east_1

output "infracost_cross_account_role_arn" {
  value = module.infracost.role_arn

output "infracost_cur_bucket_arn" {
  value = module.infracost.bucket_arn
But these are the outputs I'm getting from Terraform (I've replaced the account number with XXX):
Copy code
Terraform will perform the following actions:

  # module.infracost.aws_cur_report_definition.costand_usage_report will be created
  + resource "aws_cur_report_definition" "costand_usage_report" {
      + additional_schema_elements = [
          + "RESOURCES",
      + arn                        = (known after apply)
      + compression                = "GZIP"
      + format                     = "textORcsv"
      + id                         = (known after apply)
      + refresh_closed_reports     = true
      + report_name                = "InfracostReportXXXXXXXXXXXXXX"
      + report_versioning          = "OVERWRITE_REPORT"
      + s3_bucket                  = "infracost-cur-XXXXXXXXXXXXXXXXX"
      + s3_prefix                  = "daily-v1"
      + s3_region                  = "us-east-2"
      + time_unit                  = "DAILY"

  # module.infracost.aws_s3_bucket_notification.sns_topic will be created
  + resource "aws_s3_bucket_notification" "sns_topic" {
      + bucket      = "infracost-cur-XXXXXXXXXXXXXXXXXX"
      + eventbridge = false
      + id          = (known after apply)

      + topic {
          + events        = [
              + "s3:ObjectCreated:*",
          + filter_suffix = "Manifest.json"
          + id            = (known after apply)
          + topic_arn     = "arn:aws:sns:us-east-2:XXXXXXXXXXX:cur-uploaded"
Any help is appreciated! Thank you!


09/05/2023, 4:01 PM
Hi Shaq, let me take a look
So you’re surprised to see the s3 bucket created in
even though you’re passing the
alias to the module right? I think this is actually ok. The
needs to be created in us-east-1, but the s3 bucket itself can be in another region.


09/05/2023, 4:29 PM
Thanks for the reply Tim! If that's not the issue then I'll keep digging to figure out where the issue is on my end.


09/05/2023, 4:30 PM
What’s the problem you’re running into? Are the CUR reports being created?


09/05/2023, 4:35 PM
It previously was this error:
Copy code
│ Error: putting S3 Bucket Notification Configuration: InvalidArgument: Unable to validate the following destination configurations
│       status code: 400, request id: 2NMDPPYZ8YECJJ2V, host id: b51xW0qHu8EqBYC8vZYk7VZmT1cGaAt275S5bWpGAWCl1haHMclb5lsiTWLlTgAK9CXGzuXTjt4=
│   with module.infracost.aws_s3_bucket_notification.sns_topic,
│   on .terraform/modules/infracost/ line 356, in resource "aws_s3_bucket_notification" "sns_topic":
│  356: resource "aws_s3_bucket_notification" "sns_topic" {
│ Error: creating Cost And Usage Report Definition (InfracostReportXXXXXXXXXXXXX): ValidationException: Failed to verify customer bucket permission. accountId= XXXXXXXX, bucket name: infracost-cur-XXXXXXXXXXXX, bucket region: us-east-2
│   with module.infracost.aws_cur_report_definition.costand_usage_report,
│   on .terraform/modules/infracost/ line 418, in resource "aws_cur_report_definition" "costand_usage_report":
│  418: resource "aws_cur_report_definition" "costand_usage_report" {
Which I thought may have been correlated with the regions for Infracost, but now I see it may have been because my default provider uses a
variable to separate my AWS creds for CLI. And it was using my default credentials instead of the
credentials. After adding my
to the
for Infracost, I'm getting a better error that's permissions related.