terraform-provider-aws: region is not picked up from the AWS profile

Community Note

  • Please vote on this issue by adding a πŸ‘ reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave β€œ+1” or β€œme too” comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.11.11
+ provider.aws v1.60.0

Terraform Configuration Files

AWS config files on disk

~/.aws/credentials

[myprofile]
aws_access_key_id=<my access key>
aws_secret_access_key=<my secret key>

~/.aws/config

[profile myprofile]
region=eu-west-1
output=json

scenario 1: profile set via the provider block.

provider "aws" {
  version = "~> 1.60"
  profile = "myprofile"
}

scenario 2: profile set via the environment variable

provider "aws" {
  version = "~> 1.60"
}

with

$ export AWS_PROFILE=myprofile

Expected Behavior

The Argument Reference docs state this about region:

region - (Required) This is the AWS region. It must be provided, but it can also be sourced from the AWS_DEFAULT_REGION environment variables, or via a shared credentials file if profile is specified.

When running terraform plan, I expect the region to be picked up via the myprofile section in ~/.aws/config.

Actual Behavior

Terraform asks for the region value:

$ terraform plan
provider.aws.region
  The region where AWS operations will take place. Examples
  are us-east-1, us-west-2, etc.

  Default: us-east-1
  Enter a value:

Steps to Reproduce

  1. terraform init
  2. terraform plan

Arguments

The reason this fails is because region is a Required attribute for the AWS provider. The code only retrieves the value from the 2 environment variables when not specified in HCL. This is clearly not as documented with via a shared credentials file if profile is specified.

https://github.com/terraform-providers/terraform-provider-aws/blob/687f09ebf7d2b5d0fe1b92f45c3c49ead8cb3711/aws/provider.go#L60-L69

The AWS SDK, like it does for credentials, searches for region via environment variables and profile when not specified explicitly:

https://github.com/aws/aws-sdk-go/blob/275272fc5c7fdea1719f5851925dc5d9df27f89d/aws/session/env_config.go#L205

https://github.com/aws/aws-sdk-go/blob/275272fc5c7fdea1719f5851925dc5d9df27f89d/aws/session/shared_config.go#L236-L239

It probably needs a bit more testing, but I would suggest making region an Optional attribute and remove the DefaultFunc initialization on the AWS provider side.

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 40
  • Comments: 16 (4 by maintainers)

Most upvoted comments

Can confirm here, always asking for region.

+6
scalp42 on Mar 21, 2019

Any update on this?

I am seeing this in terraform v0.12.20

My shared config: (just using the default profile)

[default]
aws_access_key_id = MYKEY
aws_secret_access_key = MYSECRET
region = us-east-1

when I run terraform plan i get:

Error: Missing required argument

The argument "region" is required, but was not set.

Everything works if I explicitly export the AWS_DEFAULT_REGION var. My credentials are being picked up from the file properly, but not the region for some reason.

Any help would be appreciated!

+5
chrispruitt on Feb 18, 2020

Confirming this is still an issue in v0.15.5.

+1
Jonas-Noh on Jul 14, 2021

Confirming this is still an issue in v0.15.3.

+1
cmeisinger on May 13, 2021
Read more comments on GitHub
← terraform-provider-aws: RDS InvalidDBInstanceState: Instance cannot currently reboot due to an in-progress management operation
terraform-provider-aws: Removing ingress rules from aws_security_group is not detected →