-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resource aws_iam_policy_attachment.ec2_ssm_attachment
causes conflicts with other resources in IAM
#162
Comments
This is a major issue with the Weka terraform module. Please see the warning in the terraform AWS provider docs for
It is not a problem (and could be considered good practice) to use terraform-aws-weka/modules/iam/ec2.tf Lines 150 to 154 in 4660301
AmazonEC2RoleforSSM AWS managed policy has been removed from all other users, roles, and groups in our AWS account.
|
Fixed in this release: https://github.com/weka/terraform-aws-weka/releases/tag/v1.0.6 |
The following policy attachment was causing issues as it was trying to remove other attributes on the existing "ec2-ssm-attachment" (added somewhere else). Doing a "terrafrom plan" showed a lot of removals related to the "ec2-ssm-attachment".
This change seemed to fix the issue, in my fork of this codebase, because it applies the policy to the role without involving the existing "ec2-ssm-attachment".
Here is the relevant place in the code:
https://github.com/weka/terraform-aws-weka/blob/46603015877427f092eedbe7d0871f9ac634ed5b/modules/iam/ec2.tf#L150C12-L150C57
The text was updated successfully, but these errors were encountered: