Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_macie2_invitation_accepter does not properly populate invitationId #40587

Open
kkrav3ts opened this issue Dec 16, 2024 · 4 comments
Open

[Bug]: aws_macie2_invitation_accepter does not properly populate invitationId #40587

kkrav3ts opened this issue Dec 16, 2024 · 4 comments
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/macie2 Issues and PRs that pertain to the macie2 service.

Comments

@kkrav3ts
Copy link

Terraform Core Version

1.9.8

AWS Provider Version

5.81.0

Affected Resource(s)

resource "aws_macie2_invitation_accepter" "member_accept" {
  depends_on = [aws_macie2_account.member_account]
  administrator_account_id = "011122233344"
}

Expected Behavior

Invitation is accepted after issuing API call that contains populated invitation id like:

    "requestParameters": {
        "administratorAccountId": "011122233344",
        "invitationId": "b6c9e81cc0c310b3484111032b0f3e32"
    },

Actual Behavior

Invitation is not accepted because the API call does not contain proper invitation id, just empty string:

    "requestParameters": {
        "administratorAccountId": "011122233344",
        "invitationId": ""
    },

Relevant Error/Panic Output Snippet

Error: accepting Macie InvitationAccepter (): operation error Macie2: AcceptInvitation, https response error StatusCode: 400, RequestID: 516a23b3-909e-4fdd-9f6e-ff6e8033968a, ValidationException: The request is rejected because the current account has no pending invitation from the given master account ID or is already an associated member of another master account.

Terraform Configuration Files

n/a

Steps to Reproduce

n/a

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

No
@kkrav3ts kkrav3ts added the bug Addresses a defect in current functionality. label Dec 16, 2024
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/macie2 Issues and PRs that pertain to the macie2 service. needs-triage Waiting for first response or review from a maintainer. labels Dec 16, 2024
@justinretzolk
Copy link
Member

Hey @kkrav3ts 👋 Thank you for taking the time to raise this! In order for this to be investigated, we'll need a sample configuration that can be used to reproduce this and/or debug logs (redacted as needed) so that whoever picks this up has the information they need. Are you able to provide some of that additional information?

@justinretzolk justinretzolk added the waiting-response Maintainers are waiting on response from community or contributor. label Jan 8, 2025
@kkrav3ts
Copy link
Author

kkrav3ts commented Jan 8, 2025
edited
Loading

Sample configuration:

terraform {
  required_version = "~> 1.3"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.0.0, < 6.0.0"
    }
  }
}


provider "aws" {
  region  = "eu-west-3"
  profile = "main"
}
provider "aws" {
  region  = "eu-west-3"
  profile = "secondary"
  alias   = "secondary"
}


locals {
  main_acc_id = "148XXXXX176"
  secondary_acc_id = "909XXXXXX087"
}

# Enable Macie in two accounts
resource "aws_macie2_account" "macie" {
  finding_publishing_frequency = "FIFTEEN_MINUTES"
  status                       = "ENABLED"
}
resource "aws_macie2_member" "macie" {
  account_id         = local.secondary_acc_id
  email              = "[email protected]"
  invitation_message = "Sample Macie Test KYRYLO KRAVETS"
  invite             = true

  depends_on = [aws_macie2_account.macie]
}

# Invite account SECONDARY from account MAIN
resource "aws_macie2_account" "macie2" {
  provider                     = aws.secondary
  finding_publishing_frequency = "FIFTEEN_MINUTES"
  status                       = "ENABLED"
}

# Accept invitation from account MAIN on account SECONDARY
resource "aws_macie2_invitation_accepter" "macie2" {
  depends_on = [aws_macie2_account.macie2]
  provider                 = aws.secondary
  administrator_account_id = local.main_acc_id
}

Output:

╷
│ Error: accepting Macie InvitationAccepter (): operation error Macie2: AcceptInvitation, https response error StatusCode: 400, RequestID: e6b1b7ab-b515-47cd-ad2e-afc6c3a39c06, ValidationException: The request is rejected because the current account has no pending invitation from the given master account ID or is already an associated member of another master account.
│
│   with aws_macie2_invitation_accepter.macie2,
│   on main.tf line 45, in resource "aws_macie2_invitation_accepter" "macie2":
│   45: resource "aws_macie2_invitation_accepter" "macie2" {
│
╵

However, all works good on version v5.63.1 and breaks starting from v5.64.0

@github-actions github-actions bot removed the waiting-response Maintainers are waiting on response from community or contributor. label Jan 8, 2025
@justinretzolk justinretzolk added regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. and removed needs-triage Waiting for first response or review from a maintainer. labels Jan 16, 2025
@terraform-aws-provider terraform-aws-provider bot added the prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. label Jan 16, 2025
@justinretzolk
Copy link
Member

justinretzolk commented Jan 16, 2025
edited
Loading

Thanks for the update @kkrav3ts, and for mentioning that this was working up until 5.64.0 -- hat's really helpful information.

Related #36184
Related #37999

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. prioritized Part of the maintainer teams immediate focus. To be addressed within the current quarter. regression Pertains to a degraded workflow resulting from an upstream patch or internal enhancement. service/macie2 Issues and PRs that pertain to the macie2 service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@justinretzolk @kkrav3ts