Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Issue Connecting Bitbucket Repository to AWS Amplify via Terraform

akash_empower
akash_empower
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 15, 2025

I am encountering issues when trying to connect a Bitbucket repository to an AWS Amplify app using Terraform, and I would appreciate your assistance in resolving them.

 

 Scenario 1: Using Access Token

 

I have successfully deployed an AWS Amplify resource manually through the AWS Console. However, when I attempt to automate the process using Terraform, I receive the following error when trying to use the `access_token` for Bitbucket repository integration:

 

```

Plan: 2 to add, 0 to change, 0 to destroy.

module.amplify.aws_amplify_app.default[0]: Creating...

│ Error: creating Amplify App (devlopment-ort-amplify): operation error Amplify: CreateApp, https response error StatusCode: 400, RequestID: b5af611b-2890-4ed7-9b0b-0b3d57547012, BadRequestException: There was an issue setting up your repository. Please try again later.(Invalid Authorization header)

   with module.amplify.aws_amplify_app.default[0],

   on .terraform\modules\amplify\main.tf line 10, in resource "aws_amplify_app" "default":

   10: resource "aws_amplify_app" "default" {

Releasing state lock. This may take a few moments...

```

 

 Scenario 2: Using OAuth Token

 

When I use an `oauth_token` for the Bitbucket repository instead, I encounter a different error message:

 

```

Plan: 2 to add, 0 to change, 0 to destroy.

module.amplify.aws_amplify_app.default[0]: Creating...

│ Error: creating Amplify App (devlopment-ort-amplify): operation error Amplify: CreateApp, https response error StatusCode: 400, RequestID: 770b38a0-a987-4a95-8705-8b4c4862b8b9, BadRequestException: There was an issue setting up your repository. Please try again later.({"type": "error", "error": {"message": "Token is invalid or not supported for this endpoint."}})

   with module.amplify.aws_amplify_app.default[0],

   on .terraform\modules\amplify\main.tf line 10, in resource "aws_amplify_app" "default":

   10: resource "aws_amplify_app" "default" {

```

 

 Details of the Terraform Configuration:

Here is a snippet of the Terraform code I am using to configure the AWS Amplify app and link it to the Bitbucket repository:

module "amplify" {

  source  = "cloudposse/amplify-app/aws"

  version = "1.1.0"




  name = "development-ort-amplify"

  platform          = "WEB"

  enable_basic_auth = false




  repository = "https://bitbucket.org/onlinereadingtutor/frontend-ort"

  oauth_token = "ANVBfdsgf4vn3WsWN98AhxYn4Tp2A44D2C2"
  access_token = "asdfsisadlkfjasdfsadkjflasdkjflsakdjflkas"




  environments = {

    development = {

      branch_name       = "development"

      framework         = "React"

      stage             = "DEVELOPMENT"

      enable_auto_build = false

    }

  }

}

```

 

 Key Issues:

1. Invalid Authorization Header: When using the `access_token`, I get an "Invalid Authorization header" error, suggesting the token might not be recognized by AWS Amplify.

2. Token Invalid or Unsupported: When using the `oauth_token`, the error indicates that the token is invalid or not supported for the endpoint.

 

 Additional Information:

- I have provided the correct access tokens for the Bitbucket repository integration, and the `oauth_token` is correctly configured as per the documentation.

- The issue arises only when trying to create the Amplify app through Terraform. I have successfully connected and deployed the same repository to Amplify via the AWS Console manually.

 

 Request:

Can you help identify why the tokens are not working in the Terraform deployment process? Are there specific requirements or changes needed in the configuration for either the `access_token` or the `oauth_token` to function correctly?

 

Any guidance on how to troubleshoot or resolve this issue would be greatly appreciated.

 

Thank you for your support!

 

Answer
Watch
Like Be the first to like this
211 views

1 answer

0 votes
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 17, 2025

Hi and welcome to the community!

My first suggestion is to find out what is the exact operation performed by Terraform/AWS Amplify and then perform the operation with the same tokens outside of Terraform.

Is the operation a clone? Is it an API call, and if so, which one? I don't have knowledge on Terraform so I cannot answer that, but I assume you'd need to ask either Terraform or AWS Amplify community.

If it is a clone, try cloning this repo from a terminal application on your computer with each of the tokens. If it is an API call, try running the same API call with curl from a terminal application on your computer with each of the tokens. If you get an error when trying these, please share details so we can look into it.

This is to confirm if the tokens work for that specific operation outside of Terraform/AWS Amplify.

If you don't get an error when performing the same operation outside Terraform/AWS Amplify, then I suggest reaching out either to Terraform or AWS Amplify community or support team for help. There may be an issue with your configuration and they should be better equipped to guide you on this.

Kind regards,
Theodora

View More Comments
akash_empower
akash_empower
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
January 21, 2025

Hi Theodora,

I have followed your suggestion to perform the operation outside Terraform using an OAuth token, and it worked successfully.

Here are the steps I performed:

  1. I generated the OAuth token using the consumer_key and consumer_secret via API calls.
  2. I tested the generated OAuth token with API calls, and the response was successful.
  3. Using the same OAuth token, I successfully cloned code from a private repository outside of Terraform.

However, when I use the same OAuth token in my Terraform script, I encounter an error. Additionally, I have also tried using the app password, but that resulted in an error as well.

This suggests that the issue might be specific to how Terraform handles authentication with OAuth tokens or app passwords for Bitbucket operations.

Please advise if there are any additional configurations or specific requirements for using OAuth tokens or app passwords in Terraform scripts.

Looking forward to your support.

error:
aws_amplify_app.dev-ort-amplify-demo: Creating...

│ Error: creating Amplify App (demo-amplify): operation error Amplify: CreateApp, https response error StatusCode: 400, RequestID: 60436713-e16d-4382-86bd-9262f4925376, BadRequestException: You should at least provide one valid token

│ with aws_amplify_app.dev-ort-amplify-demo,
│ on amplify.tf line 69, in resource "aws_amplify_app" "dev-ort-amplify-demo":
│ 69: resource "aws_amplify_app" "dev-ort-amplify-demo" {

 

Like
Theodora Boudale
Theodora Boudale
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
January 22, 2025

Hi Akash,

Thank you for your reply.

I understand that the OAuth token is working for cloning and also for API calls. When it comes to API calls, it's important to test with the same API calls that Terraform performs (if it indeed performs any API calls). This is to ensure that the OAuth token is supported for these specific API endpoints.

You also mentioned trying an app password. Please keep in mind that an app password is not a Bearer token. An app password can be used for Basic authentication in combination with the username of the Bitbucket account, that you can find here:

I can help you and provide advice in case a token is not supported for specific API calls, but when it comes to Terraform configuration, I suggest reaching out either to the product's community forum:

or, if you are entitled to Enterprise support, you can reach out to Terraform's support team:

Terraform is not built by Atlassian and I don't have knowledge on the product to help you with your configuration. The terraform community and support team should be better equipped to help you.

Kind regards,
Theodora

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin Site Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events