Workspace creation without backend initialisation
501 views
Skip to first unread message
Ivan Miljenovic
Feb 22, 2018, 12:16:15 AM2/22/18
to Terraform
Hi all,
After not having heard of Terraform since late last year I've been fairly successful building up various modules, etc. for internal use of provisioning AWS infrastructure.
As part of this we're considering using workspaces to help ensure our non-production and production infrastructure are the same (since the backend specification doesn't support interpolation). We're using the same S3 bucket for all of our deployments, with permissions granted based upon object path to the relevant AWS accounts.
The problem occurs however when I try to create a new workspace. From a freshly cloned copy of our code:
```
$ terraform workspace new production
Backend reinitialization required. Please run "terraform init".
Reason: Initial configuration of the requested backend "s3"
The "backend" is the interface that Terraform uses to store state,
perform operations, etc. If this message is showing up, it means that the
Terraform configuration you're using is using a custom configuration for
the Terraform backend.
Changes to backend configurations require reinitialization. This allows
Terraform to setup the new configuration, copy existing state, etc. This is
only done during "terraform init". Please run that command now then try again.
If the change reason above is incorrect, please verify your configuration
hasn't changed and try again. At this point, no changes to your existing
configuration or state have been made.
Failed to load backend: Initialization required. Please see the error message above.
```
Why do I need to initialize my backend first?
Even if I try, it ends up failing because I haven't yet specified the AWS_PROFILE to use so it can't even access the specified S3 backend. So if I try to init:
```
$ terraform init
Initializing modules...
[snip]
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error loading state: AccessDenied: Access Denied
status code: 403, request id: A3F06079A689A596, host id: WXDkldryB5sOXB6CJbK12yRqtRrILxYhsAnaRvTvQQEBaOn+9xl3Mxd18evapVzkBzxP+zfQgvs=
```
After not having heard of Terraform since late last year I've been fairly successful building up various modules, etc. for internal use of provisioning AWS infrastructure.
As part of this we're considering using workspaces to help ensure our non-production and production infrastructure are the same (since the backend specification doesn't support interpolation). We're using the same S3 bucket for all of our deployments, with permissions granted based upon object path to the relevant AWS accounts.
The problem occurs however when I try to create a new workspace. From a freshly cloned copy of our code:
```
$ terraform workspace new production
Backend reinitialization required. Please run "terraform init".
Reason: Initial configuration of the requested backend "s3"
The "backend" is the interface that Terraform uses to store state,
perform operations, etc. If this message is showing up, it means that the
Terraform configuration you're using is using a custom configuration for
the Terraform backend.
Changes to backend configurations require reinitialization. This allows
Terraform to setup the new configuration, copy existing state, etc. This is
only done during "terraform init". Please run that command now then try again.
If the change reason above is incorrect, please verify your configuration
hasn't changed and try again. At this point, no changes to your existing
configuration or state have been made.
Failed to load backend: Initialization required. Please see the error message above.
```
Why do I need to initialize my backend first?
Even if I try, it ends up failing because I haven't yet specified the AWS_PROFILE to use so it can't even access the specified S3 backend. So if I try to init:
```
$ terraform init
Initializing modules...
[snip]
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Error loading state: AccessDenied: Access Denied
status code: 403, request id: A3F06079A689A596, host id: WXDkldryB5sOXB6CJbK12yRqtRrILxYhsAnaRvTvQQEBaOn+9xl3Mxd18evapVzkBzxP+zfQgvs=
```
Yegor Ius
Sep 10, 2019, 12:03:33 AM9/10/19
to Terraform
Ivan, came across your post while looking for a solution. My case is exactly the same.
Did you get to a resolution?
Ivan Lazar Miljenovic
Sep 10, 2019, 12:21:24 AM9/10/19
to terrafo...@googlegroups.com
Sorry, I haven't. I'm also no longer using Terraform any more (not doing any infra management) so I haven't been looking.
On mobile; please excuse any tpyos.
On mobile; please excuse any tpyos.
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to a topic in the Google Groups "Terraform" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/terraform-tool/XTAM1q_lQ4Q/unsubscribe.
To unsubscribe from this group and all its topics, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/1ec630b6-acc3-4dfe-8801-7a056b560ebb%40googlegroups.com.
Yegor Ius
Sep 12, 2019, 2:02:21 PM9/12/19
to Terraform
We've figured it out. TF workspaces tries to write to a top-level folder in our AWS S3 bucket but did not permission to do so. Adding a "workspace_key_prefix" seems to resolve the error.
From
terraform {
backend "s3" {
region = "us-east-1"
bucket = "terraform-state"
key = "accounts/dev/project.tfstate"
acl = "bucket-owner-full-control"
encrypt = true
dynamodb_table = "terraform-lock-table"
}
}
To
terraform {
backend "s3" {
region = "us-east-1"
bucket = "terraform-state"
workspace_key_prefix = "shared/workspaces"
key = "project/project.tfstate"
acl = "bucket-owner-full-control"
encrypt = true
dynamodb_table = "terraform-lock-table"
}
}
To unsubscribe from this group and all its topics, send an email to terrafo...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages