### Terraform Version ```shell any version including 1.6 and above. ``` ### Terraform Configuration Files ```terraform terraform { backend "s3" { bucket = "" key = "/terraform.tfstate" region = "ap-southeast-2" } ``` ### Debug Output │ Error: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts-fips.ap-southeast-2.amazonaws.com/": dial tcp: lookup sts-fips.ap-southeast-2.amazonaws.com: no such host ### Expected Behavior Environment variable `AWS_USE_FIPS_ENDPOINT` = "false" or false (case-insensitive) should result in FIPS endpoints NOT being enabled. Only setting "true", true, should enable FIPS. ### Actual Behavior Expected ``` v5testing % export AWS_USE_FIPS_ENDPOINT=true v5testing % terraform init -reconfigure Initializing the backend... ╷ │ Error: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts-fips.ap-southeast-2.amazonaws.com/": dial tcp: lookup sts-fips.ap-southeast-2.amazonaws.com: no such host │ │ ╵ v5testing % export AWS_USE_FIPS_ENDPOINT= v5testing % terraform init -reconfigure Initializing the backend... Successfully configured the backend "s3"! Terraform will automatically use this backend unless the backend configuration changes. Initializing provider plugins... - Reusing previous version of hashicorp/aws from the dependency lock file - Using previously-installed hashicorp/aws v5.100.0 Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. ``` Not expected ``` v5testing % export AWS_USE_FIPS_ENDPOINT=false v5testing % terraform init -reconfigure Initializing the backend... ╷ │ Error: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "https://sts-fips.ap-southeast-2.amazonaws.com/": dial tcp: lookup sts-fips.ap-southeast-2.amazonaws.com: no such host │ │ ``` ### Steps to Reproduce 1. export AWS_USE_FIPS_ENDPOINT=false 2. terraform init 3. Confirm that FIPS endpoints are enabled, which is not expected. (also try export AWS_USE_FIPS_ENDPOINT=no, etc.) ### Additional Context In internal/backend/remote-state/s3/backend.go, the function boolAttrDefaultEnvVarOk() returns true for any non-empty env value. ``` func boolAttrDefaultEnvVarOk(obj cty.Value, name string, envvars ...string) (bool, bool) { if val := obj.GetAttr(name); val.IsNull() { for _, envvar := range envvars { if v := os.Getenv(envvar); v != "" { return true, true // BUG: Always returns true for any non-empty value } } return false, false } else { return val.True(), true } } ``` ### References None yet (user to update post submission if needed) ### Generative AI / LLM assisted development? _No response_