terraform throws the following error in logs in debug mode when planing terraform. I use aws cli 2.0 on a windows machine. The error comes up only for aws west region deployment. the east is working fine. I tried updating the certificate chain in the python folder path C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python37_64\Lib\site-packages\certifi. still getting error. no luck
2021/06/07 19:30:58 [DEBUG] [aws-sdk-go] DEBUG: Send Request ec2/DescribeAccountAttributes failed, attempt 8/25, error RequestError: send request failed
2021-06-07T19:30:58.801+0530 [DEBUG] plugin.terraform-provider-aws_v2.70.0_x4.exe: caused by: Post https://ec2.us-west-2.amazonaws.com/: x509: certificate signed by unknown authority
Terraform providers are written in
goand it should grab CA certificates from the default OS trust store.There are a couple of things that can cause given error:
1. AWS CA update
During the last couple of years AWS was migrating to their own Certificate Authority, so this might be related. You can see their announcement blogs here.
For Windows installing latest OS updates should be enough to pull new CA certs.
You can also check AWS docs on how to install their CAs manually here
2. Outdated terraform provider
From provided logs looks like you are using
awsprovider version2.70.0. It was build with older version ofgothat since had some fixes related to certificate validation on Windows. Try updating your provider to latest version