From 10f7aeff666a7bef19f32c072de0ee8bead1d014 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Bia=C5=82o=C5=84?= <mbialon@spacelift.io>
Date: Tue, 24 Oct 2023 13:34:43 +0200
Subject: [PATCH] backend/s3: skip account verification when no constraints
 given (#772)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Marcin Białoń <mbialon@spacelift.io>
---
 internal/backend/remote-state/s3/backend.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go
index b67face691..4ca9c58abf 100644
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@@ -621,6 +621,10 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics {
 }
 
 func verifyAllowedAccountID(ctx context.Context, awsConfig aws.Config, cfg *awsbase.Config) tfdiags.Diagnostics {
+	if len(cfg.ForbiddenAccountIds) == 0 && len(cfg.AllowedAccountIds) == 0 {
+		return nil
+	}
+
 	var diags tfdiags.Diagnostics
 	accountID, _, awsDiags := awsbase.GetAwsAccountIDAndPartition(ctx, awsConfig, cfg)
 	for _, d := range awsDiags {