Terraform attempts to authorize with the wrong AWS region even though AWS CLI seems configured correctly?

Question

I have the AWS CLI configured correctly such that running aws sts get-caller-identity is successful.

I have configured AWS CLI to reach region us-west-2 in a few ways:

user ~/ $ echo $AWS_REGION
us-west-2

user ~/ $ echo $AWS_DEFAULT_REGION
us-west-2

user ~/ $ tail ~/.aws/config
[default]
region = us-west-2

I have a main.tf file with the content:

terraform {
  backend "s3" {}
  required_version = ">= 0.15"
  required_providers {
    aws = "~> 3.0"
  }
}

provider "aws" {
  region = "us-west-2"
}

So that the region is also configured there.

However, terraform init keeps failing with:

Error: error configuring S3 Backend: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.

I used env TF_LOG=TRACE terraform init to see what was going on and I can see that the wrong region is being used by terraform:

Authorization: AWS4-HMAC-SHA256 Credential=ASIAXDHR3W2BVQFO5BGQ/20230915/us-east-1/sts/aws4_request,  ...

note the us-east-1 there.

How can I get terraform to use the correct region? Is it ignoring my main.tf file?

Thanks!

Answer 1

Try a complete block for the backend configuration:

terraform {
  backend "s3" {
    bucket = "mybucket"
    key    = "path/to/my/key"
    region = "us-west-2"

} }