CODEWITHSUNDEEP
amazon-web-servicesterraformterraform-provider-aws
Ishiven
Ishiven

Reputation: 23

ValidationException error when deploying AWS WorkSpaces via terraform

I've been trying to deploy AWS WorkSpaces infrastructure using Terraform. The code itself passes the verify and plan check, but it fails to apply.

Source:

module "networking" {
  source = "../../modules/networking"
  region = var.region
  main_cidr_block = var.main_cidr_block
  cidr_block_1 = var.cidr_block_1
  cidr_block_2 = var.cidr_block_2
  size = var.size
}

resource "aws_directory_service_directory" "main" {
  name     = var.aws_ds_name
  password = var.aws_ds_passwd
  size     = var.size
  type = "SimpleAD"
  vpc_settings {
    vpc_id     = module.networking.main_vpc
    subnet_ids = ["${module.networking.private-0}", "${module.networking.private-1}"]
  }
}

resource "aws_workspaces_directory" "main" {
  directory_id = aws_directory_service_directory.main.id
  subnet_ids   = ["${module.networking.private-0}", "${module.networking.private-1}"]
}

resource "aws_workspaces_ip_group" "main" {
  name        = "Contractors."
  description = "Main IP access control group"


  rules {
    source      = "10.0.0.0/16"
    description = "Contractors"
  }
}

Error code:

ValidationException: 2 validation errors detected: Value at 'password' failed to satisfy constraint: Member must satisfy regular expression pattern: (?=^.{8,64}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))^.*; Value '' at 'name' failed to satisfy constraint: Member must satisfy regular expression pattern: ^([a-zA-Z0-9]+[\\.-])+([a-zA-Z0-9])+$
        status code: 400, request id: 073f6e61-775e-4ff9-a88e-e1eab97f8519

  on modules/workspaces/workspaces.tf line 10, in resource "aws_directory_service_directory" "main":
  10: resource "aws_directory_service_directory" "main" {

I am aware that it is a regex issue with the username/passwords, but I haven't set any users for now, and I've reset the security policies for testing reasons.

Anyone had this issue before?

Upvotes: 2

Views: 1185

Answers (1)

ydaetskcoR
ydaetskcoR

Reputation: 56839

The AWS API for the directory service enforces a constraint on the password attribute and matches what you are seeing in that error when you run terraform apply:

Password

The password for the directory administrator. The directory creation process creates a directory administrator account with the user name Administrator and this password.

If you need to change the password for the administrator account, you can use the ResetUserPassword API call.

Type: String

Pattern:

(?=^.{8,64}$)((?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9\s])(?=.*[a-z])|(?=.*[^A-Za-z0-9\s])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9\s]))^.*

Required: Yes

Normally Terraform is able to validate this with the plan or validate commands but unfortunately the AWS provider is currently missing an appropriate ValidateFunc so it will only fail at apply time instead at the minute.

If you want this to be caught at plan or validate time then you should raise a feature request for it on the provider issue tracker.

Upvotes: 4

Related Questions