When deploying with deploy_log_archive = false and no s3_logs_archive_bucket provided, Terraform fails during apply with the following error:
Error: creating Flow Log (vpc-xxxxxxxx): api error 400: 1 validation error detected:
Value '{bucketName=, prefix=vpc-flow-logs/}' at 'logDestination' failed to satisfy
constraint: Map value must satisfy constraint: [Member must have length less than or
equal to 1024, Member must have length greater than or equal to 1, ...]
Root cause: The aws_flow_log resource in modules/base_infra/vpc_infra/vpc_subnets.tf is created unconditionally. It always attempts to build a log destination ARN from var.archive_log_bucket_name, which is an empty string when no archive bucket is configured. This produces an invalid ARN (arn:aws:s3:::/vpc-flow-logs/) that fails AWS validation.
Expected behavior: When archive_log_bucket_name is empty, no VPC flow log resource should be created.
Affected module: modules/base_infra/vpc_infra
When deploying with
deploy_log_archive = falseand nos3_logs_archive_bucketprovided, Terraform fails during apply with the following error:Root cause: The
aws_flow_logresource inmodules/base_infra/vpc_infra/vpc_subnets.tfis created unconditionally. It always attempts to build a log destination ARN fromvar.archive_log_bucket_name, which is an empty string when no archive bucket is configured. This produces an invalid ARN (arn:aws:s3:::/vpc-flow-logs/) that fails AWS validation.Expected behavior: When
archive_log_bucket_nameis empty, no VPC flow log resource should be created.Affected module:
modules/base_infra/vpc_infra