terraform-provider-aws: Invalid AWS Region

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.13
+ provider.aws v2.2.0

Terraform Configuration Files

provider "aws" {
  region = "us-west-2"
  alias = "bridge"
  version = "~> 2.2.0"
}

data "aws_caller_identity" "bridge" {
  provider = "aws.bridge"
}

data "aws_iam_policy_document" "s3_changeme_terraform" {
  statement {
    #sid = "1"

    actions = [
      "s3:GetBucketLocation",
      "s3:GetBucketVersioning",
      "s3:GetObject",
      "s3:GetObjectVersion",
      "s3:ListBucket",
    ]

    effect = "Allow"

    resources = [
      "arn:aws:s3:::changeme-terraform",
    ]

    principals {
      type = "AWS"
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.bridge.account_id}:root",
      ]
    }
  }
}

Debug Output

Plan: https://gist.github.com/scalp42/c847168667233b4bf5b89e79dbaa7c0c

Apply: https://gist.github.com/scalp42/cd7644708890dfed55080c6d870a8b1f

Expected Behavior

it should not ask for the region
it should pick up the region from the provider

Actual Behavior

will ask for AWS region
will not create any resource mentioning an invalid AWS region

Steps to Reproduce

terraform plan -out terraform
terraform plan apply terraform

References

This issue relates to the region being asked: https://github.com/hashicorp/terraform/issues/20599

About this issue

Original URL
State: closed
Created 5 years ago
Reactions: 100
Comments: 32 (8 by maintainers)

Commits related to this issue

Addresses required region error which was looking up region info from local environment variables https://github.com/terraform-providers/terraform-provider-aws/issues/8040 — committed to shinjonathan/terraform-aws-postgres-vpc by shinjonathan 4 years ago

Most upvoted comments

I had the same problem when using terraform import with a -var-file and aws provider like:

provider "aws" {
  region = var.region
}

Error output:

Error: Invalid AWS Region: 

  on ../terraform/modules/cluster/main.tf line 1, in provider "aws":
   1: provider "aws" {

I had to replace the variable with a hard-coded region in order to get it to work.

The annoying thing about it is that it appears (far as I can tell) to work just fine when doing plan/apply, and then surprises you with problems if you ever happen to use import.

+67

rehevkor5 on Sep 13, 2019

Region name must be like this other wise you will get error for region ok region= “us-west-1a” you need to remove a this is the right way to keep your regino name region = “us-west-1”

happy ERROR MSG TO LOGIN ECT IN TERRAFORM

+23

amitcloudworld on Jun 26, 2020

I don’t know if it is related, but the error is the same, at least. Still happen on v0.15.0 + AWS v3.37.0

Terraform v0.15.0
+ provider registry.terraform.io/hashicorp/aws v3.37.0

#########################
locals {
  region               = "eu-north-1"
  resource_name_prefix = "elastic-lab"
  common_tags = {
    project     = "elastic-lab"
    workspace   = "elastic-lab"
    environment = "lab"
    region      = "${local.region}"
    terraform   = "true"
  }
}

#########################
provider "aws" {
  region = local.region
}

If I plan, it goes well

% terraform plan -out deploy.plan
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-04059f72fbd29c65a]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-048d25053a9462e08]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-06e137f834aafb643]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-05292f8ea1a41e5d2]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-03f14abf8d3dbcff3]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04ef51cea1a9b3432]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-03f14abf8d3dbcff31080289494]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-04433f9202cebccf9]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0c75e1cf254ec8112]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-096033c5f5206f58e]

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your configuration and the remote system(s). As a result, there are no actions to take.

But if I try to destroy

% terraform destroy              
module.vpc.aws_vpc.this[0]: Refreshing state... [id=vpc-04059f72fbd29c65a]
module.vpc.aws_internet_gateway.this[0]: Refreshing state... [id=igw-04ef51cea1a9b3432]
module.vpc.aws_route_table.public[0]: Refreshing state... [id=rtb-03f14abf8d3dbcff3]
module.vpc.aws_subnet.public[2]: Refreshing state... [id=subnet-06e137f834aafb643]
module.vpc.aws_subnet.public[0]: Refreshing state... [id=subnet-048d25053a9462e08]
module.vpc.aws_subnet.public[1]: Refreshing state... [id=subnet-05292f8ea1a41e5d2]
module.vpc.aws_route.public_internet_gateway[0]: Refreshing state... [id=r-rtb-03f14abf8d3dbcff31080289494]
module.vpc.aws_route_table_association.public[2]: Refreshing state... [id=rtbassoc-0c75e1cf254ec8112]
module.vpc.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-04433f9202cebccf9]
module.vpc.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-096033c5f5206f58e]
╷
│ Error: Invalid AWS Region: 
│ 
│   on main.tf line 19, in provider "aws":
│   19: provider "aws" {
│

+11

dyegoe on Apr 19, 2021

It works if I force the region through env variable:

AWS_REGION=us-west-2 terraform xxx

But I don’t think it’s expected behavior as the region is specified in the provider.

+10

scalp42 on Mar 21, 2019

faced the same issue during import of resources with terraform v0.12.8 and AWS provider v2.26.0 and v2.27.0

mikhailadvani on Sep 6, 2019

This seems to be a deep terraform bug in the way import runs vs plan or apply . https://github.com/hashicorp/terraform/issues/13018

llamahunter on May 18, 2020

The same problem with “profile” too, not only “region”. I couldn’t do import until hardcoded profile name.

Error message:

Error: No valid credential sources found for AWS Provider.
	Please see https://terraform.io/docs/providers/aws/index.html for more information on
	providing credentials for the AWS Provider

terraform = 0.12.20, through tfenv. provider.aws 2.49

vazhnov on Feb 20, 2020

seems it was fixed in 0.15.1

antondemidov on Apr 29, 2021

Seeing the same issue. apply works fine, but on destroy, any nested provider block with region set to a variable gives an “Invalid AWS Region” error.

brikis98 on Apr 27, 2021

It looks like this is a bug upstream in Terraform CLI version 0.15.0 (https://github.com/hashicorp/terraform/issues/28428 / https://github.com/hashicorp/terraform/pull/28444), which could be addressed next Terraform CLI release.

bflad on Apr 19, 2021

Looks like for import context is initialized with some short circuit. If variable used for region doesn’t have default value, import fails with Error: Invalid AWS Region: as described above. But if default value added for this variable, import operation uses this value instead of given to module’s parameter.

main.tf:

module "tst" {
  source = "./tst"
  region = "aws-ie"
}

tst/main.tf:

variable "region" {
   default = "WAT?"
}

local {
   regions = { "aws-ie" = "eu-west-1" }
}

provider "aws" {
  region = local.regions[var.region]
}
...

terraform import module.tst.resource resource_id fails like this:

Error: Invalid index

  on tst/main.tf line 2, in provider "aws":
   2:   region = local.regions[var.region]
    |----------------
    | local.regions is object with 10 attributes
    | var.region is "WAT?"

The given key does not identify an element in this collection value.

Terraform v0.12.7
+ provider.aws v2.29.0

UPD: same error with Terraform v0.12.9

kartvep on Sep 24, 2019

Same issue with provider.aws v2.29.0

kartvep on Sep 23, 2019

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

BovineEnthusiast on Jun 18, 2019

Still happening for me on terraform-0.12.1 and terraform-provider-aws-2.13.0

squidfunk on Jun 6, 2019

seems to have resurfaced in 1.1.7 with aws provider 4.4.0.

terraform plan fails when the region is set from the provider config, but will proceed if I set an env var:

provider "aws" {
  region = "us-west-2"
  alias = "west"
}

Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, failed to resolve service endpoint, an AWS region is required, but was not found

markhuge on Mar 8, 2022

I have run into this a few times now - I end up manually editing all the providers in all my modules inside .terraform from

provider "aws" {
  region = var.region
}

provider "aws" {
  region = "us-east-1"
}

and then tf import again.

sosimon on Aug 26, 2020

seems it was fixed in 0.15.1

I tried with 0.15.4 and it workd. So; with 0.15.0 I can init and plan, but not destroy. Bug seems fixed in the subsequent patch 🤷‍♀️

mhvelplund on May 25, 2021

In the off chance this helps someone who has the same issue but for a different reason, I accidentally had underscores instead of dashes.

Underscores and dashes in what? AWS_REGION is the correct format with underscores.

DrStrangepork on Jul 12, 2019