Error deleting S3 Bucket with Versioning Enabled: BucketNotEmpty

[hashibot]

This issue was originally opened by @osterman as hashicorp/terraform#7854. It was migrated here as part of the provider split. The original body of the issue is below.

---

Terraform Version

Terraform v0.6.16

Affected Resource(s)

aws_s3_bucket

Terraform Configuration Files

resource "aws_s3_bucket" "storage" {
  bucket = "storage.${var.dns_zone}"
  acl = "private"                                                                                                                                                                                                                          
  force_destroy = true
  versioning {
    enabled = true                                                                                                                                                                                                                         
  }
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect":"Allow",
      "Action":["s3:GetObject"],
      "Resource":["arn:aws:s3:::storage.${var.dns_zone}", "arn:aws:s3:::storage.${var.dns_zone}/*"],
      "Principal": "*",
      "Condition": {
        "StringEquals": {
          "aws:sourceVpce": "${aws_vpc_endpoint.s3.id}"
        }
      }
    }
  ]
}
EOF

  tags {
    Name = "${var.namespace}-storage"
    Namespace = "${var.namespace}"
    Role = "storage"
    Stage = "${var.stage}"
  }

  lifecycle {
    create_before_destroy = true
  }
}

Expected Behavior

Because force_destroy = true is enabled, it should also delete the versions of the objects.

Actual Behavior

Error applying plan:

1 error(s) occurred:

* aws_s3_bucket.storage: Error deleting S3 Bucket: BucketNotEmpty: The bucket you tried to delete is not empty. You must delete all versions in the bucket.
    status code: 409, request id: 9AE6E70339A97B62

Steps to Reproduce

1. Define a bucket resource
2. terraform apply
3. Upload some other assets to the bucket
4. terraform destroy

Important Factoids

• Running on AWS.
• Bucket was created using aws cli because we also use it to store terraform remote state.

References

• The ability to force delete a bucket was requested here: Destroy non-empty bucket terraform#1977
• The ability to force delete a bucket was implemented here: provider/aws: force_destroy argument for s3 buckets with objects terraform#2007 (no mention of versioning support)

[sarjuymd]

Seeing this on v0.9.11 too.

[xocasdashdash]

Can confirm the workaround that helped me with this issue (0.10.5) was:

• Changed force_destroy to true
• Run plan & apply
• Changed bucket name
• Run plan & apply
• Change force_destroy back to false

[pmoust]

FWIW this is still the case with 0.11.1

[scraly]

Yes the issue still exists with latest version of terraform.

[Ycallaer]

+1 Any idea when this issue might be resolved ?

[jasonlll88]

It works in Terraform v0.12.0.
I created some resources

resource "aws_s3_bucket" "terraform-state-storage-s3" {
    # Remember that this name should be globally unique
    bucket = "terraform-remote-state-storage-s3-example"

    versioning {
      enabled = true
    }
 
    lifecycle {
      prevent_destroy = false
    }
    force_destroy = true
}

I added some files to the bucket and then run terraform destroy it worked well

[bostrowski13]

i can confirm this also works in v0.11.14 as well

[ewbankkit]

There have been various fixes, such as #7268, which mean that this problem should be resolved now.

[bflad]

Hi folks 👋 As mentioned above, it is likely that various scenarios have been fixed with various updates to the Terraform AWS Provider since this bug report was submitted. If you are still running into trouble running recent versions of the Terraform CLI and the Terraform AWS Provider, please open a new bug report following the issue template and we will take a further look. Thanks.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!