numerous-plastic-31859
11/02/2022, 3:40 PM│ Error: error creating Cost And Usage Report Definition (InfracostReport1b781fbc-674a-43d6-b7b3-e0d28400be6c): ValidationException: Failed to verify customer bucket permission. accountId= xxxxxxxxxxxx, bucket name: infracost-cur-1b781fbc-674a-43d6-b7b3-e0d28400be6c, bucket region: eu-central-1
│
│ with module.aws.module.aws_euc1.module.infrastructure.module.infracost_cost_and_usage_report.aws_cur_report_definition.costand_usage_report,
│ on .terraform/modules/aws.aws_euc1.infrastructure.infracost_cost_and_usage_report/main.tf line 413, in resource "aws_cur_report_definition" "costand_usage_report":
│ 413: resource "aws_cur_report_definition" "costand_usage_report" {
white-airport-8778
11/02/2022, 3:42 PMmysterious-teacher-68276
11/02/2022, 3:43 PMnumerous-plastic-31859
11/02/2022, 3:43 PMmysterious-teacher-68276
11/02/2022, 3:44 PMAWS_PROFILE
to run with?numerous-plastic-31859
11/02/2022, 3:45 PMAWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
to terraformmysterious-teacher-68276
11/02/2022, 3:46 PMnumerous-plastic-31859
11/02/2022, 4:25 PMHEAD
has changed 🙂
Otherwise I’ll try the new version, I’ll let you know tomorrow!mysterious-teacher-68276
11/02/2022, 4:27 PMprovider "aws" {
region = "eu-central-1"
}
# new provider alias to define. Add any tags/config that you normally have on providers here.
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
}
module "infracost" {
source = "<http://github.com/infracost/cross-account-link|github.com/infracost/cross-account-link>"
infracost_external_id = "INFRACOST_ORGANIZATION_ID"
# add the new provider here with the `us_east_1` alias
providers = {
aws.us_east_1 = aws.us_east_1
}
}
...
white-airport-8778
11/02/2022, 5:00 PMnumerous-plastic-31859
11/03/2022, 7:57 AMHEAD
?"arn:aws:iam::${var.infracost_account}:root"
as it keeps reporting changes with just var.infracost_account
🙂mysterious-teacher-68276
11/03/2022, 9:45 AMnumerous-plastic-31859
11/03/2022, 10:27 AMmysterious-teacher-68276
11/03/2022, 10:27 AMnumerous-plastic-31859
11/09/2022, 3:15 PMTerraform plan Succeeded for Workspace: default
Show Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
! update in-place
Terraform will perform the following actions:
# module.aws.more.paths.here.module.infracost_cost_and_usage_report.aws_iam_role.cross_account_role will be updated in-place
! resource "aws_iam_role" "cross_account_role" {
! assume_role_policy = jsonencode(
! {
! Statement = [
! {
! Action = "sts:AssumeRole" -> [
+ "sts:AssumeRole",
]
# (3 unchanged elements hidden)
},
]
- Version = "2008-10-17" -> null
}
)
id = "terraform-20221103102406234000000001"
! managed_policy_arns = [
- "arn:aws:iam::xxxxxxxxxxx:policy/ObjectGetCostandUsageReports",
# (1 unchanged element hidden)
]
name = "terraform-20221103102406234000000001"
tags = {}
# (8 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
I think the sts diff could be fixed by changing it to `Action : "sts:assumeRole"`
Not sure about the managed_policy_arns
though 🤔mysterious-teacher-68276
11/09/2022, 3:31 PMaws_iam_policy_attachment
instead?ref=fix/iam-role-fixes
to the source
urlmanaged_policy_arns
, but let’s seenumerous-plastic-31859
11/10/2022, 7:05 AMVersion
on aws_iam_role.cross_account_role
🙂mysterious-teacher-68276
11/10/2022, 10:11 AMnumerous-plastic-31859
11/10/2022, 10:46 AMmysterious-teacher-68276
11/10/2022, 6:21 PMnumerous-plastic-31859
11/11/2022, 7:11 AM