Backend/S3: Add support for skip_requesting_account_id (#788)

Signed-off-by: Marcin Białoń <mbialon@spacelift.io>
2025-02-25 18:45:20 -06:00 · 2023-11-03 15:24:33 +01:00 · 2023-11-03 15:24:33 +01:00 · 16c6432c3a
commit 16c6432c3a
parent 4501ee0743
3 changed files with 25 additions and 17 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -63,6 +63,7 @@ S3 BACKEND:
 * Adds support for the `http_proxy`, `insecure`, `use_dualstack_endpoint`, and `use_fips_endpoint` attributes. ([#694](https://github.com/opentofu/opentofu/issues/694))
 * Adds support for the `use_path_style` argument and deprecates the `force_path_style` argument. ([#783](https://github.com/opentofu/opentofu/issues/783))
 * Adds support for customizing the AWS API endpoints. ([#775](https://github.com/opentofu/opentofu/issues/775))
 * Adds support for the `skip_requesting_account_id` attribute. ([#774](https://github.com/opentofu/opentofu/issues/774))
 ## Previous Releases
--- a/internal/backend/remote-state/s3/backend.go
+++ b/internal/backend/remote-state/s3/backend.go
@ -192,6 +192,11 @@ func (b *Backend) ConfigSchema(context.Context) *configschema.Block {
 				Optional:    true,
 				Description: "Skip static validation of region name.",
 			},
 			"skip_requesting_account_id": {
 				Type:        cty.Bool,
 				Optional:    true,
 				Description: "Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.",
 			},
 			"sse_customer_key": {
 				Type:        cty.String,
 				Optional:    true,
@ -692,6 +697,7 @@ func (b *Backend) Configure(ctx context.Context, obj cty.Value) tfdiags.Diagnost
 		Region:                  stringAttr(obj, "region"),
 		SecretKey:               stringAttr(obj, "secret_key"),
 		SkipCredsValidation:     boolAttr(obj, "skip_credentials_validation"),
 		SkipRequestingAccountId: boolAttr(obj, "skip_requesting_account_id"),
 		StsEndpoint:             customEndpoints["sts"].String(obj),
 		StsRegion:               stringAttr(obj, "sts_region"),
 		Token:                   stringAttr(obj, "token"),
--- a/website/docs/language/settings/backends/s3.mdx
+++ b/website/docs/language/settings/backends/s3.mdx
@ -169,6 +169,7 @@ The following configuration is optional:
 * `skip_credentials_validation` - (Optional) Skip credentials validation via the STS API.
 * `skip_region_validation` - (Optional) Skip validation of provided region name.
 * `skip_metadata_api_check` - (Optional) Skip usage of EC2 Metadata API.
 * `skip_requesting_account_id` - (Optional) Skip requesting the account ID. Useful for AWS API implementations that do not have the IAM, STS API, or metadata API.
 * `sts_endpoint` - (Optional) **Deprecated** Custom endpoint for the AWS Security Token Service (STS) API. This can also be sourced from the `AWS_STS_ENDPOINT` environment variable.
 * `sts_region` - (Optional) AWS region for STS. If unset, AWS will use the same region for STS as other non-STS operations.
 * `token` - (Optional) Multi-Factor Authentication (MFA) token. This can also be sourced from the `AWS_SESSION_TOKEN` environment variable.