Learn how to troubleshoot and resolve the "Value for unconfigurable attribute. Can't configure a value for 'acl': its value will be decided automatically" error in Terraform AWS Provider.
When using Terraform with the AWS provider, you might encounter the error message "Value for unconfigurable attribute. Can't configure a value for 'acl': its value will be decided automatically". This error occurs because AWS provider version 4.0.0 and later handle the acl attribute differently than previous versions. This article explains why this error happens and provides solutions to resolve it.
The error message "Value for unconfigurable attribute. Can't configure a value for 'acl': its value will be decided automatically" when using the AWS provider in Terraform arises from changes introduced in version 4.0.0 of the provider. Prior versions allowed setting the acl attribute directly for resources like aws_s3_bucket. However, version 4 and later determine the ACL automatically based on other configurations.
To resolve this, you should:
Remove the acl attribute: Since the acl attribute is no longer configurable directly, delete it from your aws_s3_bucket resource block in your Terraform code.
Use aws_s3_bucket_acl resource: If you need to manage the bucket ACL separately, use the aws_s3_bucket_acl resource. This resource allows you to define granular access control settings for your bucket.
Upgrade your Terraform configuration: If you're encountering this error after upgrading your AWS provider to version 4 or later, ensure that your Terraform configuration is compatible with the new version. Refer to the upgrade guide for detailed information on breaking changes and how to update your code.
By following these steps, you can fix the "Value for unconfigurable attribute" error and ensure that your Terraform code works correctly with the latest AWS provider version.
This code snippet demonstrates how to resolve an error encountered after upgrading the AWS provider for Terraform from version 3.x to 4.x. The error occurs because the acl attribute within the aws_s3_bucket resource is deprecated in version 4.x. The solution involves either removing the acl attribute altogether, allowing the provider to manage it automatically, or using the dedicated aws_s3_bucket_acl resource for explicit ACL control. This example highlights the importance of consulting upgrade guides and migrating configurations when dealing with major version changes in providers.
Scenario: You have an existing Terraform code using AWS provider version 3.x that defines an S3 bucket with a custom ACL:
# Using AWS provider version 3.x
resource "aws_s3_bucket" "example" {
bucket = "my-example-bucket"
acl = "private"
}Error: After upgrading to AWS provider version 4.x, running terraform apply throws the error:
Error: Value for unconfigurable attribute
│
│ on main.tf line 3, in resource "aws_s3_bucket" "example":
│ 3: acl = "private"
│
│ Can't configure a value for "acl": its value will be decided automatically.
Solution:
Remove the acl attribute:
# Using AWS provider version 4.x
resource "aws_s3_bucket" "example" {
bucket = "my-example-bucket"
}Use aws_s3_bucket_acl resource (if needed):
# Using AWS provider version 4.x
resource "aws_s3_bucket" "example" {
bucket = "my-example-bucket"
}
resource "aws_s3_bucket_acl" "example" {
bucket = aws_s3_bucket.example.id
acl = "private"
}Explanation:
acl attribute within aws_s3_bucket is deprecated and automatically managed.acl attribute lets the provider handle it based on other configurations.aws_s3_bucket_acl resource.Important:
aws_s3_bucket resource, but the principle applies to other resources where the acl attribute might be deprecated in favor of dedicated resources.acl: In most cases, removing the acl attribute won't negatively impact your infrastructure. AWS has good default security settings, and the provider will likely choose a secure configuration. However, it's crucial to understand the implications for your specific use case, especially if you relied on specific ACL settings in the past.aws_s3_bucket_acl: Use this resource only if you require granular control over bucket access beyond what the provider automatically configures. Overusing it can add complexity to your Terraform code.This error occurs when using Terraform's AWS provider version 4.0.0 or later and attempting to directly set the acl attribute for resources like aws_s3_bucket. This is because AWS provider v4+ automatically manages the ACL based on other configurations.
Resolution:
acl attribute: Delete the acl attribute from your aws_s3_bucket resource block.aws_s3_bucket_acl resource: For separate bucket ACL management, utilize the dedicated aws_s3_bucket_acl resource.In conclusion, the "Value for unconfigurable attribute" error related to the acl attribute in Terraform's AWS provider version 4.0.0 and later stems from significant changes in how ACLs are managed. By understanding these changes and implementing the provided solutions—removing the deprecated acl attribute or utilizing the dedicated aws_s3_bucket_acl resource—you can ensure your Terraform code remains compatible and functional. Remember to consult the AWS provider upgrade guide for comprehensive information on breaking changes and recommended migration steps when upgrading to newer versions. Staying informed about these updates and adapting your configurations accordingly will lead to a smoother and more efficient infrastructure automation experience with Terraform and AWS.
Tutorial:Develop configuration with console - Terraform | i was doing this tutorial Develop Configuration with the Console | Terraform - HashiCorp Learn and i came across a problem with first terraform init i got following error: Error: Failed to query available provider packages │ │ Could not retrieve the list of available versions for provider hashicorp/aws: │ locked provider registry.terraform.io/hashicorp/aws 3.58.0 does not match │ configured version constraint ~> 4.0.0; must use terraform init -upgrade to │ allow selection of new versions so ...
Terraform AWS Provider Version 4 Upgrade Guide | Guides ... | ... its value will be decided automatically based on the result of applying this configuration. ... Since acl is now read only, update your configuration to use the ...
LAB - Terraform with AWS Resources S3 - Terraform - KodeKloud ... | LAB Q8 - The main.tf file is empty. Use it to create a new S3 with the following specifications: resource name: dc_bucket bucket name: dc_is_better_than_marvel acl: public-read-write Once the resource block is complete, run a terraform init, plan and apply to try and create the bucket. If unsure, refer to the documentation. The documentation tab is available at the top right panel. (it’s ok if you get an error! Move on to the next question!) Output: iac-server $ terraform plan Warning:...aws_s3_bucket refactor, AFTER moving from AWS v 3.7.x to ... | Posted by u/learnin_hashicorp - No votes and 1 comment
Terraform AWS Provider v4 にアップグレード | Mar 18, 2022 ... ... value will be decided automatically ... cat_images_bucket_acl will be created + resource "aws_s3_bucket_acl" "cat_images_bucket_acl" { + acl ...
TerraformのAWS Provider v4メジャーアップデートは破壊的変更 ... | この記事の要約2022/02/10に、TerraformからAWS Provider v4.0.0がリリースされました。このメジャーアップデートには__破壊的変更__が含まれおり、今まで利用してい…
【Terraform】AWS Provider v4.9.0のS3リファクタリングの挙動を ... | v4以前のS3の書き方もオプションとして記述できるようになりました。 Terraform AWS Provider Version 4がリリースされました ... | Feb 23, 2022 ... ... acl`とコンフリクトするためコメントアウト # grant { # type = "Group ... value will be decided │ automatically based on the result of applying this ...