CloudTrail option side effect: aws_s3_bucket_notification is overwritten #53
Labels
bug
Something isn't working
documentation
Improvements or additions to documentation
help wanted
Extra attention is needed
Comments
jim80net
added
bug
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The module's CloudTrail option depends on references to an externally-created S3 bucket. If the bucket already has a notification configuration, the module overwrites it. Conversely, adding a notification configuration outside the module, for some other CloudTrail consumer, overwrites the one created by the module.
A bucket can have only one s3_bucket_notification configuration. Terraform gives no warning at the time a conflicting configuration is introduced. The old configuration is overwritten in AWS, but both the old and new ones end up in Terraform state.
Though there can only be one configuration, it may point to multiple destinations. So, if we went beyond the first step of documenting the side effect, we might be able to accept configuration contents as an optional input, and append. Or, we could eliminate the side effect by removing the s3_bucket_notification resource from the module and leaving it to the user to create or modify their CloudTrail bucket's notification configuration.
The text was updated successfully, but these errors were encountered: