### Terraform Version ```shell Terraform v1.10.0 on darwin_amd64 ... + provider registry.terraform.io/hashicorp/aws v5.78.0 ``` ### Terraform Configuration Files ```terraform # NOTE: environment variable AWS_REGION = "REGION-2" # Terraform will store infrastructure state using the following AWS resources backend "s3" { # This is NOT the region where resources are created. # This is the region where information about created resources is stored. region = "REGION-1" bucket = "BUCKET" key = "PREFIX" encrypt = true use_lockfile = true # experimental feature of 1.10, uses both DynamoDB and S3 conditional write on this file dynamodb_table = "TerraformLock" endpoints = { # DynamoDB doesn't respect the region parameter above anymore. For REGION-2-based infra it tries to use REGION-2 # DynamoDB instead of REGION-1's. So we force through explicit endpoint. # (uncomment the next line to fix the issue) # dynamodb = "https://dynamodb.REGION-1.amazonaws.com/" } } ``` ### Debug Output ```console Acquiring state lock. This may take a few moments... ╷ │ Error: Error acquiring the state lock │ │ Error message: operation error DynamoDB: PutItem, failed to resolve service endpoint, endpoint rule error, Credentials-sourced account ID parameter is invalid │ Unable to retrieve item from DynamoDB table "TerraformLock": operation error DynamoDB: GetItem, failed to resolve service endpoint, endpoint rule error, Credentials-sourced account ID parameter is invalid │ │ Terraform acquires a state lock to protect the state from being written │ by multiple users at the same time. Please resolve the issue above and try │ again. For most commands, you can disable locking with the "-lock=false" │ flag, but this is not recommended. ``` ### Expected Behavior When environment variable `AWS_REGION = "REGION-2"` The S3 backend should have tried to reach DynamoDB in region `REGION-1` as defined by the `region` argument. ### Actual Behavior When environment variable `AWS_REGION = "REGION-2"` The S3 backend seems to respect the `AWS_REGION` environment variable instead of the `region` argument, and attempts to read the DynamoDB table in `REGION-2`. ### Steps to Reproduce 1. terraform init -reconfigure 2. AWS_REGION="REGION-2" terraform apply ### Additional Context Using the explicit endpoint argument with the appropriate (but repeated) `REGION-1` endpoint URL will fix this issue as commented in the source above. But according to documentation this should not be necessary: > [region](https://developer.hashicorp.com/terraform/language/backend/s3#region) - (Required) AWS Region of the S3 Bucket and DynamoDB Table (if used). This can also be sourced from the AWS_DEFAULT_REGION and AWS_REGION environment variables. ### References _No response_