driftctl icon indicating copy to clipboard operation
driftctl copied to clipboard
verified publisher icon snyk

Errors reading state files generated by terraform aws provider 5.*

Open ckdake opened this issue 2 years ago • 3 comments

Description When running driftctl against a state file stored by the most recent version of the terraform aws provider (now on 5.* as of recently), driftctl complains of errors reading from the state file and fails to complete.

Environment

  • OS: Wolfi (container)
  • driftctl version: v0.39.0
  • terraform version: 1.4.6
  • terraform providers versions: [email protected]

How to reproduce Create a few resources using terraform. Any one of these will fail:

  • aws_route_table -> this will yield a "route": element 0: attribute "instance_id" is required error
  • aws_default_vpc -> this will yield a attributes "enable_classiclink" and "enable_classiclink_dns_support" are required error

Possible Solution Update to the most recent version of the terraform state file parsing library from hashicorp.

ckdake avatar Jun 08 '23 13:06 ckdake

Could you please tell me how you solved the issue?

Forte-RehamAdel avatar Sep 18 '24 13:09 Forte-RehamAdel

Could you please tell me how you solved the issue?

We gave up on using driftctl, and use a combination of AWS Security Hub controls, custom lambdas, and some other custom bits. https://github.com/prowler-cloud/prowler/issues/2678 would be nice.

ckdake avatar Sep 18 '24 19:09 ckdake

If anyone else finds this, we were able to solve it by passing the appropriate tf-provider-version

DCTL_TF_PROVIDER_VERSION=5.52.0 driftctl scan

pdsmcgavin avatar Oct 15 '25 14:10 pdsmcgavin