vendor/github.com/aws/aws-sdk-go/service/iam/api.go · 710b01a54f3f52237eca25f98a363a48ba6f2bdd · 小白蛋 / Terraform

deps: github.com/aws/aws-sdk-go@v1.21.7 · acf794b0

Brian Flad authored Jul 30, 2019

Notable changes (from Terraform AWS Provider CHANGELOG):

```
NOTES:

* backend/s3: Region validation now automatically supports the new `me-south-1` Middle East (Bahrain) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the [previous new region announcement blog post](https://aws.amazon.com/blogs/aws/now-open-aws-asia-pacific-hong-kong-region/). When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. `error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid`).
* backend/s3: After this update, the AWS Go SDK will prefer credentials found via the `AWS_PROFILE` environment variable when both the `AWS_PROFILE` environment variable and the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables are statically defined. Previously the SDK would ignore the `AWS_PROFILE` environment variable, if static environment credentials were also specified. This is listed as a bug fix in the AWS Go SDK release notes.

ENHANCEMENTS:

* backend/s3: Add support for assuming role via web identity token via the `AWS_WEB_IDENTITY_TOKEN_FILE` and `AWS_ROLE_ARN` environment variables
* backend/s3: Support automatic region validation for `me-south-1`

BUG FIXES:

* backend/s3: Load credentials via the `AWS_PROFILE` environment variable (if available) when `AWS_PROFILE` is defined along with `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
```

Updated via:

```
go get github.com/aws/aws-sdk-go@v1.21.7
go mod tidy
go mod vendor
```

Verification with this update:

```hcl
terraform {
backend "s3" {
bucket = "me-south-1-testing"
key = "test"
region = "me-south-1"
}
}

output "test" {
value = timestamp()
}
```

Outputs:

```
$ terraform apply

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Outputs:

test = 2019-07-30T12:49:19Z
```

If the new region is not properly enabled for the account, errors like the below will be received:

```
$ terraform init

Initializing the backend...

Error: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
```

To use this region before this update:

```hcl
terraform {
# ... potentially other configuration ...

backend "s3" {
# ... other configuration ...

region = "me-south-1"
skip_region_validation = true
}
}
```

acf794b0