Terraform aws - Unable to create AWS SFTP server using terraform script

Asked 25/6, 2020 at 16:34 Answered 28/8 at 20:57

amazon-web-services terraform terraform-provider-aws

I am trying to create AWS SFTP server using terraform script.

I am able to validate using terraform validate command and able to get plan using terraform plan as well

but I am getting below error while trying to run terraform apply command

Error: Error creating Transfer Server: InvalidRequestException: Must specify IdentityProviderType with IdentityProviderDetails on .terraform/modules/sftp/sftp.tf line 1, in resource "aws_transfer_server" "sftp": 1: resource "aws_transfer_server" "sftp" {

I have provided the identity_provider_type = "SERVICE_MANAGED" in my script but still i am getting the error and unable to create AWS SFTP server.

Here is my scripts

sftp.tf

provider "aws" {
   version = "~> 2.0"
   region  = "us-east-1"
}

resource "aws_transfer_server" "sftp" {
  identity_provider_type = "SERVICE_MANAGED"
  invocation_role = "arn:aws:iam::<id>"

  tags = {
        NAME     = "test-sftp"
  }
}

main.tf

provider "aws" {
    version = "~> 2.0"
    region  = "us-east-1"
}

module "sftp" {
    source = "/home/sasi/TerraForm/terraform-scripts/modules/sftp"
    aws-transfer-server-name = "test-sftp"
    iam-role-name-for-sftp = "test-sftp-role"
    s3-access-policy-name = "s3-specific-bucket-access"
    sftp-user-name = "sasi-sftp"
    sftp-s3-bucket-name = "/sasi-learn-test-bucket"
    ssh-public-key-file-location = "${file("/home/sasi/TerraForm/terraform-scripts/modules/sftp/rsa.pub")}"
}

Peruke answered 25/6, 2020 at 16:34 Comment(1)

This sounds like a bug in the AWS provider so I'd be tempted to raise it as an issue there. – Khrushchev 1/7, 2020 at 10:37

I had a similar issue with a configuration that looked something like this:

resource "aws_transfer_server" "sftp" {
  domain                      = "S3"
  protocols                   = ["SFTP"]
  endpoint_type               = "VPC"
  identity_provider_type      = "SERVICE_MANAGED"
  sftp_authentication_methods = "PUBLIC_KEY"
}

I found that by removing stfp_authentication_methods, the error went away.

Hydro answered 28/8 at 20:57 Comment(0)

It seems that you don't need the invocation_role when identity_provider_type is SERVICE_MANAGED. Here's the information from the Terraform transfer server resource page:

invocation_role - (Optional) Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an identity_provider_type of API_GATEWAY.

Since your identity_provider_type is not API_GATEWAY, you can probably try without providing the invocation_role.

Gowk answered 2/7, 2020 at 15:28 Comment(11)

Thanks for the answer but it is not resolving the error. I have tried by adding invocation_role property with valid role but still i am getting the same error as mentioned above – Peruke 2/7, 2020 at 16:26

What are AWS provider and Terraform versions? – Gowk 2/7, 2020 at 16:30

here is my aws provider version property version = "~> 2.0" – Peruke 2/7, 2020 at 16:34

I have updated my main.tf(configuration) script as well – Peruke 2/7, 2020 at 16:40

I could find the "terraform-provider-aws_v2.67.0_x4" file so seems like terraform aws provider 2.67.0 is the version to used when i run the script – Peruke 2/7, 2020 at 16:44

I'm kind of confused. Can you also paste contents of the sftp module? – Gowk 2/7, 2020 at 19:34

@SasikumarMurugesan: Marko is not suggesting that you add the invocation_role with a valid role, he is suggesting that you remove the invocation_role property altogether – Schoof 2/7, 2020 at 21:3

@Schoof I tried with and without invocation_role with valid role arn and getting the same error – Peruke 3/7, 2020 at 4:30

I believe it is an issue with AWS provider as suggested by @Khrushchev – Peruke 3/7, 2020 at 4:33

Could you post the output of terraform plan? – Gowk 3/7, 2020 at 9:28

I understood from the original post that when you run terraform validate and terraform plan you don't get any errors. – Gowk 5/7, 2020 at 12:10

Recommended topics

Hot tags