Backend/S3: Add support for skip_requesting_account_id (#788)

Signed-off-by: Marcin Białoń <mbialon@spacelift.io>
2025-02-25 18:45:20 -06:00 · 2023-11-03 15:24:33 +01:00 · 2023-11-03 15:24:33 +01:00 · 16c6432c3a
commit 16c6432c3a
parent 4501ee0743
3 changed files with 25 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -63,6 +63,7 @@ S3 BACKEND:
 * Adds support for the `http_proxy`, `insecure`, `use_dualstack_endpoint`, and `use_fips_endpoint` attributes. ([#694](https://github.com/opentofu/opentofu/issues/694))
 * Adds support for the `use_path_style` argument and deprecates the `force_path_style` argument. ([#783](https://github.com/opentofu/opentofu/issues/783))
 * Adds support for customizing the AWS API endpoints. ([#775](https://github.com/opentofu/opentofu/issues/775))
+* Adds support for the `skip_requesting_account_id` attribute. ([#774](https://github.com/opentofu/opentofu/issues/774))

 ## Previous Releases

--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@ -192,6 +192,11 @@ func (b *Backend) ConfigSchema(context.Context) *configschema.Block {
 				Optional:    true,
 				Description: "Skip static validation of region name.",
 			},
+			"skip_requesting_account_id": {
+				Type:        cty.Bool,
+				Optional:    true,
+				Description: "Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.",
+			},
 			"sse_customer_key": {
 				Type:        cty.String,
 				Optional:    true,
@ -682,23 +687,24 @@ func (b *Backend) Configure(ctx context.Context, obj cty.Value) tfdiags.Diagnost
 	}

 	cfg := &awsbase.Config{
-		AccessKey:              stringAttr(obj, "access_key"),
-		CallerDocumentationURL: "https://opentofu.org/docs/language/settings/backends/s3",
-		CallerName:             "S3 Backend",
-		SuppressDebugLog:       logging.IsDebugOrHigher(),
-		IamEndpoint:            customEndpoints["iam"].String(obj),
-		MaxRetries:             intAttrDefault(obj, "max_retries", 5),
-		Profile:                stringAttr(obj, "profile"),
-		Region:                 stringAttr(obj, "region"),
-		SecretKey:              stringAttr(obj, "secret_key"),
-		SkipCredsValidation:    boolAttr(obj, "skip_credentials_validation"),
-		StsEndpoint:            customEndpoints["sts"].String(obj),
-		StsRegion:              stringAttr(obj, "sts_region"),
-		Token:                  stringAttr(obj, "token"),
-		HTTPProxy:              stringAttrDefaultEnvVar(obj, "http_proxy", "HTTP_PROXY", "HTTPS_PROXY"),
-		Insecure:               boolAttr(obj, "insecure"),
-		UseDualStackEndpoint:   boolAttr(obj, "use_dualstack_endpoint"),
-		UseFIPSEndpoint:        boolAttr(obj, "use_fips_endpoint"),
+		AccessKey:               stringAttr(obj, "access_key"),
+		CallerDocumentationURL:  "https://opentofu.org/docs/language/settings/backends/s3",
+		CallerName:              "S3 Backend",
+		SuppressDebugLog:        logging.IsDebugOrHigher(),
+		IamEndpoint:             customEndpoints["iam"].String(obj),
+		MaxRetries:              intAttrDefault(obj, "max_retries", 5),
+		Profile:                 stringAttr(obj, "profile"),
+		Region:                  stringAttr(obj, "region"),
+		SecretKey:               stringAttr(obj, "secret_key"),
+		SkipCredsValidation:     boolAttr(obj, "skip_credentials_validation"),
+		SkipRequestingAccountId: boolAttr(obj, "skip_requesting_account_id"),
+		StsEndpoint:             customEndpoints["sts"].String(obj),
+		StsRegion:               stringAttr(obj, "sts_region"),
+		Token:                   stringAttr(obj, "token"),
+		HTTPProxy:               stringAttrDefaultEnvVar(obj, "http_proxy", "HTTP_PROXY", "HTTPS_PROXY"),
+		Insecure:                boolAttr(obj, "insecure"),
+		UseDualStackEndpoint:    boolAttr(obj, "use_dualstack_endpoint"),
+		UseFIPSEndpoint:         boolAttr(obj, "use_fips_endpoint"),
 		UserAgent: awsbase.UserAgentProducts{
 			{Name: "APN", Version: "1.0"},
 			{Name: httpclient.DefaultApplicationName, Version: version.String()},
--- a/website/docs/language/settings/backends/s3.mdx
+++ b/website/docs/language/settings/backends/s3.mdx
@ -169,6 +169,7 @@ The following configuration is optional:
 * `skip_credentials_validation` - (Optional) Skip credentials validation via the STS API.
 * `skip_region_validation` - (Optional) Skip validation of provided region name.
 * `skip_metadata_api_check` - (Optional) Skip usage of EC2 Metadata API.
+* `skip_requesting_account_id` - (Optional) Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
 * `sts_endpoint` - (Optional) **Deprecated** Custom endpoint for the AWS Security Token Service (STS) API. This can also be sourced from the `AWS_STS_ENDPOINT` environment variable.
 * `sts_region` - (Optional) AWS region for STS. If unset, AWS will use the same region for STS as other non-STS operations.
 * `token` - (Optional) Multi-Factor Authentication (MFA) token. This can also be sourced from the `AWS_SESSION_TOKEN` environment variable.