I have a CodeBuild project setup via Terraform, and I've specified secondary sources like

  secondary_sources {
    git_clone_depth   = 0
    location          = "/...repo-a..."
    source_identifier = "repo_a"
    type              = "GITHUB"
  }

  secondary_sources {
    git_clone_depth   = 0
    location          = "/...repo-b..."
    source_identifier = "repo_b"
    type              = "GITHUB"
  }

I've done these exact blocks in stand-alone CodeBuild projects, and they work fine - they get checked out along side the main repository directory.

I'm trying to use this CodeBuild project as a second step of a CodePipeline project:

resource "aws_codepipeline" "pipeline" {
...
  trigger {
    provider_type = "CodeStarSourceConnection"

    git_configuration {
      source_action_name = "Source"
      pull_request {
        events = ["OPEN", "UPDATED"]
...
  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "AWS"
      provider         = "CodeStarSourceConnection"
...
  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["${var.name}-source"]
      version         = "1"

      configuration = {
        ProjectName = aws_codebuild_project.stage1-x86.name
      }
    }
  }
...

The Pipeline and the Build projects run as expected, but the secondary sources are never checked out (I actually did both a plocate and a find in the buildspec to see if they were pulled somewhere unexpected, they weren't).

I've looked at the CodeBuild project in the AWS console, and the secondary sources are both listed in the configuration, and no errors are printed out about not being able to pull them.

Is it not possible to use secondary sources when part of a pipeline? If so, why isn't some kind of error thrown?