Provisioning CodeBuild - "Error: cache location is required when cache type is "S3""

[Dzhuneyt]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v0.12.7

Affected Resource(s)

• aws_codebuild_project

Terraform Configuration Files

Downloadable here: https://drive.google.com/file/d/1QM47TzsCFfpNB0KtspWwJoiOZ6uWYbqV/view?usp=sharing

Expected Behavior

CodeBuild is provisioned

Actual Behavior

Error: cache location is required when cache type is "S3"

  on codebuild/codebuild-tests.tf line 1, in resource "aws_codebuild_project" "codebuild_tests":
   1: resource "aws_codebuild_project" "codebuild_tests" {

References

• CodeBuild cache location doesn't honor aws resource dependency correctly #4639

[Dzhuneyt]

Exact line in the Terraform code where this is triggered: https://github.com/terraform-providers/terraform-provider-aws/blob/master/aws/resource_aws_codebuild_project.go#L579

I have no idea why this happens though. Maybe client side validation should be skipped when dynamic resource tokens are present?

[Dzhuneyt]

I figured out a workaround:

The S3 bucket resource that I was referencing, had the following structure:

resource "aws_s3_bucket" "ci_bucket" {
  bucket_prefix = "${lower(var.tag)}-${var.branch_name}-cb"
}

Solution was to replace it with:

resource "aws_s3_bucket" "ci_bucket" {
  bucket = "${lower(var.tag)}-${var.branch_name}-cb"
}

[nathancarmona]

Want to add my experience, the issue seems to be intermittent when trying to plan/apply AND when trying to delete. A template applied and was unchanged, but can't proceed past refreshing state on a destroy due to identical error:

Error: cache location is required when cache type is "S3"

  on pipelines.tf line 7, in resource "aws_codebuild_project" "build":
   7: resource "aws_codebuild_project" "build" {

example of the cache settings on the resource:

resource "aws_codebuild_project" "build" {
...
    cache {
        location = "${module.s3_bucket.bucket_id}/build_cache"
        modes    = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_SOURCE_CACHE"]
        type     = "S3"
    }
...

[sakisv]

I ran into the same thing.

The following does not work, and it also doesn't work if the aws_s3_bucket resource is in a different module and it exposes the name as an output.

resource "aws_s3_bucket" "codebuild" {
  bucket = var.codebuild_bucket_name
  acl    = "private"
}

resource "aws_codebuild_project" "project" {
  name = var.name

  cache {
    type     = "S3"
    location = "${aws_s3_bucket.codebuild.id}/${var.name}"
  }
# ...more stuff
}

My workaround was to pass the name directly to the aws_codebuild_project, with the downside that it doesn't create the dependency between the two resources.

resource "aws_s3_bucket" "codebuild" {
  bucket = var.codebuild_bucket_name
  acl    = "private"
}

resource "aws_codebuild_project" "project" {
  name = var.name

  cache {
    type     = "S3"
    location = "${var.codebuild_bucket_name}/${var.name}"
  }
# ...more stuff
}

[sunilkumarmohanty]

However, using aws_s3_bucket.codebuild.bucket instead of aws_s3_bucket.codebuild.id works.

[T00mm]

We have the same error, we use aws_s3_bucket.codebuild.bucket. I've tried switching from BUCKET to ID and back but always the same error.

[fruuf]

ran into the same issue, seems to work fine when the terraform already has the bucket state. got it to work with commenting out the aws_codebuild_project, deploying everything else including the cache bucket and then uncommenting aws_codebuild_project. (edit: aws version "3.23.0", terraform 0.14.4)

[mazzespazze]

@fruuf I have same aws version and same terraform version. Though, if I comment out the aws_codebuild_project still fails to to outputs.tf modules referring to it.

I'm following this tutorial: https://github.com/ashwin9798/node-react-nginx-docker-boilerplate

Any insights?

###########

My answer was to have inside the aws_codebuild_project a reference to the cache as:

cache {
    type  = "LOCAL"
    modes = ["LOCAL_DOCKER_LAYER_CACHE", "LOCAL_SOURCE_CACHE"]
  }

[jbg]

@mazzespazze that is not really related to this issue, since this issue is about using S3 cache, and you're using local cache.

I get the same issue if using bucket_prefix, but using bucket works fine. It seem like the cache location cannot be dependent on something that is not known until the plan applies.

[udayreddym]

Earlier my cache block used to look like below:

cache { type = "S3" location = aws_s3_bucket.artifacts.bucket }

my code used to work but all of sudden it stopped working. As of now, I have a workaround, by replacing the above block with the below code block, it started working.

cache {
   type     = "S3"
   # location = aws_s3_bucket.artifacts.bucket
   location = var.s3_bucket_artifacts
 }

Please let me know if this works for you.

[dvulpe]

We've recently hit this issue as well and it appears that it can be triggered when the cache.0.location attribute is computed (creating a bucket in the same terraform root using bucket_prefix will trigger this behaviour).
A couple of workarounds are:

• create the bucket before the codebuild_project resource
• set the bucket name to be static

The following terraform code will reproduce the issue:

provider "aws" {
  region = "eu-west-1"
}


resource "aws_s3_bucket" "codebuild" {
  bucket_prefix = "cache"
}

data "aws_iam_policy_document" "codebuild" {
  statement {
    actions = ["sts:AssumeRole"]
    principals {
      type        = "Service"
      identifiers = ["codebuild.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "codebuild" {
  name_prefix        = "codebuild"
  assume_role_policy = data.aws_iam_policy_document.codebuild.json
}

resource "aws_codebuild_project" "demo" {
  name         = "demo"
  service_role = aws_iam_role.codebuild.name
  artifacts {
    type = "NO_ARTIFACTS"
  }
  environment {
    compute_type = "BUILD_GENERAL1_SMALL"
    image        = ""
    type         = "LINUX_CONTAINER"
  }
  source {
    type = "NO_SOURCE"
  }
  cache {
    type     = "S3"
    location = aws_s3_bucket.codebuild.bucket
  }
}

Terraform plan will fail with:

❯ terraform plan
╷
│ Error: cache location is required when cache type is "S3"
│ 
│   with aws_codebuild_project.demo,
│   on main.tf line 25, in resource "aws_codebuild_project" "demo":
│   25: resource "aws_codebuild_project" "demo" {
│ 

Changing the bucket_prefix attribute to bucket will result in the terraform plan succeeding.

I believe this is an issue with the validation logic here

[github-actions]

This functionality has been released in v3.71.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.