aws_efs_file_system lifecycle_policy fails with more than one argument

[sheisnicola]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

$ terraform -v
Terraform v1.0.0
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.59.0
+ provider registry.terraform.io/hashicorp/external v2.1.0
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/hashicorp/random v3.0.1
+ provider registry.terraform.io/hashicorp/template v2.2.0
+ provider registry.terraform.io/phillbaker/elasticsearch v1.6.3

Your version of Terraform is out of date! The latest version
is 1.0.7. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s)

• aws_efs_file_system

Terraform Configuration Files

variable "lifecycle_policy" {
  type = map(string)
  default = {
    transition_to_ia                    = "AFTER_30_DAYS"
    transition_to_primary_storage_class = "AFTER_1_ACCESS"
  }
  description = "Map of lifecycle transition policies to apply to EFS objects"
}

resource "aws_efs_file_system" "efs" {
  creation_token = var.name
  encrypted      = true
  kms_key_id     = length(var.kms_key) > 0 ? data.aws_kms_key.filesystem[0].arn : aws_kms_alias.filesystem[0].target_key_arn
  tags           = merge(var.tags, { "Name" = var.name })

  # Error: Argument or block definition required
  #
  #   on efs.tf line 80, in resource "aws_efs_file_system" "efs":
  #   80:       lifecycle_policy.key = lifecycle_policy.value
  #
  # An argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value.
  #dynamic "lifecycle_policy" {
  #  for_each = var.lifecycle_policy
  #  content {
  #    lifecycle_policy.key = lifecycle_policy.value
  #  }
  #}

  # Error: error updating EFS file system (fs-01234567) lifecycle configuration: BadRequest: One or more LifecyclePolicy objects specified are malformed.
  # {
  #   RespMetadata: {
  #     StatusCode: 400,
  #     RequestID: "01234567-89ab-cdef-1234-567890fedcba"
  #   },
  #   ErrorCode: "BadRequest",
  #   Message_: "One or more LifecyclePolicy objects specified are malformed."
  # }
  lifecycle_policy {
    transition_to_primary_storage_class = "AFTER_1_ACCESS"
    transition_to_ia = "AFTER_30_DAYS"
  }

  # Error: Too many lifecycle_policy blocks
  #
  #   on  line 0:
  #   (source code not available)
  #
  # No more than 1 "lifecycle_policy" blocks are allowed
  #lifecycle_policy {
  #  transition_to_primary_storage_class = "AFTER_1_ACCESS"
  #}
  #lifecycle_policy {
  #  transition_to_ia = "AFTER_30_DAYS"
  #}
}

Expected Behavior

Following documentation https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system#lifecycle-policy-arguments I would like to implement the default intelligent tiering lifecycle policy described at https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html.

I would expect one of the attempted (commented out) lifecycle_policy block implementations shown above to set both transition_to_primary_storage_class and transition_to_ia lifecycle transition policies.

Actual Behavior

The first example using a variable map results in what appears to be a Terraform syntax error. I believe this may simply be a limitation of being unable to specify a variable on the left hand side key, or a misunderstanding on my part? If this is a mistake on my part then guidance would be appreciated. This is the preferred implementation if it is possible to make work.

dynamic "lifecycle_policy" {
  for_each = var.lifecycle_policy
  content {
    lifecycle_policy.key = lifecycle_policy.value
  }
}

Results in the following error:

Error: Argument or block definition required

  on efs.tf line 80, in resource "aws_efs_file_system" "efs":
   80:       lifecycle_policy.key = lifecycle_policy.value

An argument or block definition is required here. To set an argument, use the equals sign "=" to introduce the argument value.

Specifying both transitions in the lifecycle_policy {} block at once like this:

lifecycle_policy {
 transition_to_primary_storage_class = "AFTER_1_ACCESS"
 transition_to_ia = "AFTER_30_DAYS"
}

Results in the following error:

Error: error updating EFS file system (fs-01234567) lifecycle configuration: BadRequest: One or more LifecyclePolicy objects specified are malformed.
{
  RespMetadata: {
    StatusCode: 400,
    RequestID: "01234567-89ab-cdef-1234-567890fedcba"
  },
  ErrorCode: "BadRequest",
  Message_: "One or more LifecyclePolicy objects specified are malformed."
}

Finally trying to define two lifecycle_policy {} blocks:

lifecycle_policy {
  transition_to_primary_storage_class = "AFTER_1_ACCESS"
}
lifecycle_policy {
  transition_to_ia = "AFTER_30_DAYS"
}

Results in the following error:

Error: Too many lifecycle_policy blocks

  on  line 0:
  (source code not available)

No more than 1 "lifecycle_policy" blocks are allowed

Steps to Reproduce

1. terraform apply

Important Factoids

Specifying a single lifecycle_policy {} block with only one of the transitions in it at a time works as expected. (Both appear to be valid and work as expected when used on their own).

I have been able to set both these lifecycle policy transitions from the AWS EFS web console interface without any difficulty. Terraform is able to see that more than one lifecycle policy is set after I enable both transitions in the web console. See the terraform apply output showing both transitions being removed when I comment out the lifecycle_policy {} blocks in my example code:

Terraform will perform the following actions:

  # aws_efs_file_system.efs will be updated in-place
  ~ resource "aws_efs_file_system" "efs" {
        id                              = "fs-01234567"
        tags                            = {
            "Name" = "testfoo"
        }
        # (12 unchanged attributes hidden)

      - lifecycle_policy {
          - transition_to_ia = "AFTER_30_DAYS" -> null
        }
      - lifecycle_policy {
          - transition_to_primary_storage_class = "AFTER_1_ACCESS" -> null
        }
    }

References

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/efs_file_system#lifecycle-policy-arguments
• https://docs.aws.amazon.com/efs/latest/ug/lifecycle-management-efs.html
• https://docs.aws.amazon.com/efs/latest/ug/API_DescribeLifecycleConfiguration.html

[github-actions]

This functionality has been released in v3.60.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[acdha]

@ewbankkit Any chance we could get a documentation update? It's not obvious that this can be specified multiple times and it's a bit clumsy if you need to do dynamic blocks since HCL doesn't support dynamic keys so it looks like you have to do something like this:

locals {
  default_efs_lifecycle_policies = {
    transition_to_ia                    = "AFTER_30_DAYS",
    transition_to_primary_storage_class = "AFTER_1_ACCESS",
  }

  active_efs_lifecycle_policies = var.disable_efs_lifecycle_policies ? {} : local.default_efs_lifecycle_policies
}

resource "aws_efs_file_system" "collection" {
 …
  lifecycle_policy {
    transition_to_ia = lookup(local.active_efs_lifecycle_policies, "transition_to_ia", null)
  }

  lifecycle_policy {
    transition_to_primary_storage_class = lookup(local.active_efs_lifecycle_policies, "transition_to_primary_storage_class", null)
  }
}

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.