s3:DeleteObject IAM permission on S3 backend #36175

ericrichtert · 2024-12-08T10:07:35Z

Terraform Version

Terraform 1.10.1

Affected Pages

https://developer.hashicorp.com/terraform/language/backend/s3#:~:text=Note%3A%20s3%3ADeleteObject%20is%20not%20needed%2C%20as%20Terraform%20will%20not%20delete%20the%20state%20storage.

What is the docs issue?

The s3:DeleteObject is needed when using the 'use_lockfile=true'. From the s3 accesslogs:

request_uri: "DELETE /terraform.tfstate.tflock?x-id=DeleteObject HTTP/1.1"

Proposal

No response

References

#35661

The text was updated successfully, but these errors were encountered:

bschaatsbergen · 2024-12-09T10:39:41Z

Hi @ericrichtert,

Thank you for reporting this! The S3 backend is managed by the AWS Provider team at HashiCorp, and we’ve added this issue to their triage queue.

You are correct—when use_lockfile=true is set, the s3:DeleteObject permission is required for Terraform to delete the lock file (.tflock). We’ll update the documentation to clarify that the s3:DeleteObject permission is required in this case. Thanks again for bringing this to our attention!

ericrichtert added documentation new new issue not yet triaged labels Dec 8, 2024

bschaatsbergen added the backend/s3 label Dec 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

s3:DeleteObject IAM permission on S3 backend #36175

s3:DeleteObject IAM permission on S3 backend #36175

ericrichtert commented Dec 8, 2024

bschaatsbergen commented Dec 9, 2024 •

edited

Loading

s3:DeleteObject IAM permission on S3 backend #36175

s3:DeleteObject IAM permission on S3 backend #36175

Comments

ericrichtert commented Dec 8, 2024

Terraform Version

Affected Pages

What is the docs issue?

Proposal

References

bschaatsbergen commented Dec 9, 2024 • edited Loading

bschaatsbergen commented Dec 9, 2024 •

edited

Loading