Problem
When attempting to use the Terraform Enterprise backup API, requests to the endpoint fail with an HTTP 502 status code. The ptfe_backup_restore container logs display the following error message:
[INFO] performing s3 prefix detection NoCredentialProviders: no valid providers in chain. Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors
This issue occurs when Terraform Enterprise is configured to use an AWS S3 instance profile for authentication, and the aws_session_token is also present in the AWS credentials.
Cause
The version of the aws-sdk-go library used in this version of Terraform Enterprise does not function as expected when both an S3 Instance Profile is enabled and an aws_session_token is set in the environment.
Solutions
To resolve this issue, you can use one of the following workarounds.
Solution 1: Reconfigure S3 Access Without an Instance Profile
Configure Terraform Enterprise to access the S3 bucket directly without relying on an Instance Profile for authentication.
Solution 2: Use Key-Based Authentication
Configure authentication using only an aws_access_key_id and aws_secret_access_key. Ensure that the aws_session_token is not set in the environment where Terraform Enterprise is running.
Additional Information
- For more details on configuring storage for Terraform Enterprise, please refer to the official documentation on Backup and Restore.
- For guidance on AWS authentication, consult the AWS provider documentation.