Terraform aws_s3_bucket_website_configuration keeps creating website block of aws_s3_bucket resource

Question

I'm using ~3.0 as AWS provider version on Terraform and last terraform init downloaded 3.75.1. When I ran terraform plan, a WARNING came up;

Warning: Argument is deprecated

  on main.tf line 14, in resource "aws_s3_bucket" "xxx":
  14: resource "aws_s3_bucket" "xxx" {

Use the aws_s3_bucket_website_configuration resource instead

My bucket resource was like this;

resource "aws_s3_bucket" "bucket" {
  bucket = "bucket"
  acl    = "public-read"
  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}
EOF

  website {
    index_document = "index.html"
    error_document = "index.html"
  }
}

And due to latest changes on provider configuration and Deprecation warning I got because of changes, I divided my bucket resource to 3 like below;

resource "aws_s3_bucket" "bucket" {
  bucket = "bucket"
  policy = <<EOF
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": "*",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::bucket/*"
        }
    ]
}
EOF
}

resource "aws_s3_bucket_acl" "bucket-acl" {
  bucket = aws_s3_bucket.bucket.id
  acl    = "public-read"
}

resource "aws_s3_bucket_website_configuration" "bucket-website-config" {
  bucket = aws_s3_bucket.bucket.id

  index_document {
    suffix = "index.html"
  }
  error_document {
    key = "index.html"
  }
}

I ran terraform plan, Output was like below;

# aws_s3_bucket.bucket will be updated in-place
  ~ resource "aws_s3_bucket" "bucket" {
      ~ acl                         = "public-read" -> "private"
        id                          = "bucket"
        tags                        = {}
        # (13 unchanged attributes hidden)


      - website {
          - error_document = "index.html" -> null
          - index_document = "index.html" -> null
        }
        # (1 unchanged block hidden)
    }


# aws_s3_bucket_acl.bucket-acl will be created
  + resource "aws_s3_bucket_acl" "bucket-acl" {
      + acl    = "public-read"
      + bucket = "bucket"
      + id     = (known after apply)

      + access_control_policy {
          + grant {
              + permission = (known after apply)

              + grantee {
                  + display_name  = (known after apply)
                  + email_address = (known after apply)
                  + id            = (known after apply)
                  + type          = (known after apply)
                  + uri           = (known after apply)
                }
            }

          + owner {
              + display_name = (known after apply)
              + id           = (known after apply)
            }
        }
    }

# aws_s3_bucket_website_configuration.bucket-website-config will be created
  + resource "aws_s3_bucket_website_configuration" "bucket-website-config" {
      + bucket           = "bucket"
      + id               = (known after apply)
      + website_domain   = (known after apply)
      + website_endpoint = (known after apply)

      + error_document {
          + key = "index.html"
        }

      + index_document {
          + suffix = "index.html"
        }
    }

Despite the confusion (because I couldn't understand the changes on aws_s3_bucket. Because I'm using the same configuration values basically), I ran terraform apply to see what will be happening.

After every change is applied, I ran terraform plan to make sure everything is up-to-date. After this point, my environment entered kind of a vicious circle here.

Second terraform plan output is;

aws_s3_bucket.bucket will be updated in-place
  ~ resource "aws_s3_bucket" "bucket" {
        id                          = "bucket"
        tags                        = {}
        # (14 unchanged attributes hidden)


      - website {
          - error_document = "index.html" -> null
          - index_document = "index.html" -> null
        }
        # (1 unchanged block hidden)
    }

As we can see, it tries to remove website configuration from bucket. I ran terraform apply for this as well and after apply, I ran terraform plan for the 3rd time;

# aws_s3_bucket_website_configuration.bucket-website-config will be created
  + resource "aws_s3_bucket_website_configuration" "bucket-website-config" {
      + bucket           = "bucket"
      + id               = (known after apply)
      + website_domain   = (known after apply)
      + website_endpoint = (known after apply)

      + error_document {
          + key = "index.html"
        }

      + index_document {
          + suffix = "index.html"
        }
    }

When I apply this, Terraform is trying to remove website config again, And these circle of changes goes on and on.

Is this a bug, are there anyone stumbled upon this issue? Is there any solution other than adding ignore_changes block or downgrading provider version?

Any help will be appreciated, Thank you very much.

Answer 1

I had exactly the same case and I ran into it because of a too old provider version. I was also using a ~3.62 AWS provider.

According to the provider changelog some of this resources just got added with 4.0.0:

• New Resource: aws_s3_bucket_website_configuration (#22648)
• New Resource: aws_s3_bucket_acl (#22853)

I switched to version >= 4.4 for the AWS provider and afterwards everything was working as expected (just to mention it, I have chosen 4.4 for additional reasons not related to this problem. 4.0 should have also already been enough).