Details below, but at a high level I've had no issues building out resources in AWS GovCloud, particularly in the us-gov-wast-1 region. When I decided to add a resource for a private aws_route53_zone I get the below error:
* aws_route53_zone.private: error creating Route53 Hosted Zone: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: a9124a21-8eba-11e9-8bbb-c59c842ad843
Normally I would think this is due to incorrect IAM creds since it's a 403, but my creds are working fine for every other resource, even those that are in the same TF file. I even tried changing them but no luck. Anyone know what could be the cause of this and how I can get around it. Route53 is supposed to be available in GovCloud us-west.
Terraform Version
Terraform v0.11.13
provider.aws v2.12.0
Terraform Configuration Details
provider "aws" {
region = "us-gov-west-1"
access_key = "${var.aws_access_key}"
secret_key = "${var.aws_secret_key}"
}
... Other VPC resources.
resource "aws_route53_zone" "private" {
name = "my-domain.com"
comment = "my-domain (preprod-gov) terraform"
vpc = {
vpc_id = "${module.preprod_gov_vpc.vpc_id}"
}
}