Skip to content

Optional as2_config message_subject field in aws_transfer_connector sends empty string to AWS API causing validation error #44992

New issue
New issue
Open
Open
Optional as2_config message_subject field in aws_transfer_connector sends empty string to AWS API causing validation error#44992
Labels
bugAddresses a defect in current functionality.service/transferIssues and PRs that pertain to the transfer service.
@donhector

Description

@donhector
donhector
opened on Nov 7, 2025

Terraform and AWS Provider Version

Terraform v1.5.7
on linux_amd64
+ provider registry.terraform.io/cloudposse/awsutils v0.20.1
+ provider registry.terraform.io/datadog/datadog v3.79.0
+ provider registry.terraform.io/hashicorp/archive v2.7.1
+ provider registry.terraform.io/hashicorp/aws v6.20.0
+ provider registry.terraform.io/hashicorp/local v2.5.3
+ provider registry.terraform.io/hashicorp/null v3.2.4
+ provider registry.terraform.io/hashicorp/random v3.7.2
+ provider registry.terraform.io/hashicorp/time v0.13.1
+ provider registry.terraform.io/hashicorp/tls v4.1.0

Your version of Terraform is out of date! The latest version
is 1.13.5. You can update by downloading from https://www.terraform.io/downloads.html

Affected Resource(s) or Data Source(s)

  • aws_transfer_connector

Expected Behavior

When message_subject is not specified in the configuration (since it's optional), the field should either:

  • Not be included in the API request to AWS, OR
  • Be sent as null to indicate it's not being set

Actual Behavior

When the optional message_subject field in aws_transfer_connector.as2_config is not explicitly provided in the configuration, Terraform appears to send an empty string ("") to the AWS Transfer Family API instead of omitting the field entirely or sending null. This causes AWS to reject the request with a validation error.

Essentially this prevents users from creating Transfer Connectors for AS2 without specifying a message subject, even though the field is documented as optional.

Relevant Error/Panic Output

Error: creating Transfer Connector: operation error Transfer: CreateConnector, https response error StatusCode: 400, RequestID: 6955c953-a7fb-40fa-9d7a-ac48a6581f85, api error ValidationException: 2 validation errors detected: Value at 'as2Config.messageSubject' failed to satisfy constraint: Member must have length greater than or equal to 1; Value at 'as2Config.messageSubject' failed to satisfy constraint: Member must satisfy regular expression pattern: [\u0020-\u007E\t]+

Sample Terraform Configuration

Click to expand configuration 
resource "aws_transfer_connector" "example" {
  access_role  = aws_iam_role.access.arn
  logging_role = aws_iam_role.logging.arn
  url          = "https://partner.example.com:5080"

  as2_config {
    local_profile_id      = aws_transfer_profile.local.profile_id
    partner_profile_id    = aws_transfer_profile.partner.profile_id
    compression           = "ZLIB"
    signing_algorithm     = "SHA256"
    encryption_algorithm  = "AES256_CBC"
    mdn_response          = "SYNC"
    mdn_signing_algorithm = "SHA256"
    # message_subject is intentionally omitted
  }
}

Steps to Reproduce

  1. Create an aws_transfer_connector resource with as2_config block
  2. Do not include the message_subject field in the configuration
  3. Run terraform apply

Debug Logging

Click to expand log output 




GenAI / LLM Assisted Development


n/a


Important Facts and References


Refer to message_subject field in the official AWS documentation: https://docs.aws.amazon.com/transfer/latest/APIReference/API_As2ConnectorConfig.html)


Would you like to implement a fix?


No, as I'm not versed in Go, unfortunately.
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugAddresses a defect in current functionality.service/transferIssues and PRs that pertain to the transfer service.
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions