creating IAM Role (AWSAFTExecution/AWSAFTService): operation error IAM: CreateRole, EntityAlreadyExists: Role with name AWSAFTExecution/AWSAFTService already exists. #465
Terraform Version & Provider Versions
Please provide the outputs of terraform version and terraform providers from within your AFT environment
terraform version
1.8.5
terraform providers
aws
Bug Description
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
try deploying the module
it fails with below error
Expected behavior
module to work as expected without issues
Related Logs
│ Error: creating IAM Role (AWSAFTExecution): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 3b1c42be-0cd2-4815-9862-962220865c2a, EntityAlreadyExists: Role with name AWSAFTExecution already exists.
│
│ with module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role,
│ on .terraform/modules/aft_pipeline/modules/aft-iam-roles/admin-role/iam.tf line 19, in resource "aws_iam_role" "role":
│ 19: resource "aws_iam_role" "role" {
│
╵
╷
│ Error: creating IAM Role (AWSAFTService): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 1000d20a-8f74-4b20-8999-6d8bffac2b5e, EntityAlreadyExists: Role with name AWSAFTService already exists.
│
│ with module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role,
│ on .terraform/modules/aft_pipeline/modules/aft-iam-roles/service-role/main.tf line 28, in resource "aws_iam_role" "role":
│ 28: resource "aws_iam_role" "role" {
logs with debug:
2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role
2024-06-10T15:29:28.731+0300 [TRACE] provider.terraform-provider-aws_v5.53.0_x5: Served request: tf_proto_version=5.6 tf_resource_type=aws_iam_role tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:878 @module=sdk.proto tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=dd428a5b-d12a-c189-b264-da72e00bb872 timestamp="2024-06-10T15:29:28.727+0300"
2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role
2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role
2024-06-10T15:29:28.765+0300 [TRACE] statemgr.Filesystem: creating backup snapshot at terraform.tfstate.backup
2024-06-10T15:29:28.801+0300 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1220
2024-06-10T15:29:28.801+0300 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
2024-06-10T15:29:28.818+0300 [DEBUG] State storage statemgr.Filesystem declined to persist a state snapshot
2024-06-10T15:29:28.818+0300 [ERROR] vertex "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role" error: creating IAM Role (AWSAFTExecution): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 8a54bad9-3853-4eb2-ac7d-15efb66d1288, EntityAlreadyExists: Role with name AWSAFTExecution already exists.
2024-06-10T15:29:28.818+0300 [TRACE] vertex "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role": visit complete, with errors
2024-06-10T15:29:28.818+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role
2024-06-10T15:29:28.818+0300 [TRACE] evalApplyProvisioners: module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role is tainted, so skipping provisioning
2024-06-10T15:29:28.818+0300 [TRACE] maybeTainted: module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role was already tainted, so nothing to do
2024-06-10T15:29:28.818+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role_policy_attachment.administrator-access-attachment (expand)" errored, so skipping
2024-06-10T15:29:28.819+0300 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/hashicorp/aws" is in the global cache
2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role_policy_attachment.administrator-access-attachment" errored, so skipping
2024-06-10T15:29:28.819+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role
2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.provider[\"registry.terraform.io/hashicorp/aws\"].aft_management (close)" errored, so skipping
2024-06-10T15:29:28.819+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role
2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role (close)" errored, so skipping
2024-06-10T15:29:28.819+0300 [TRACE] statemgr.Filesystem: have already backed up original terraform.tfstate to terraform.tfstate.backup on a previous write
2024-06-10T15:29:28.837+0300 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1221
2024-06-10T15:29:28.837+0300 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate
2024-06-10T15:29:28.849+0300 [DEBUG] State storage statemgr.Filesystem declined to persist a state snapshot
2024-06-10T15:29:28.849+0300 [ERROR] vertex "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role" error: creating IAM Role (AWSAFTService): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: cc41ac45-9e47-4d20-9cce-8ee1617c6152, EntityAlreadyExists: Role with name AWSAFTService already exists.
2024-06-10T15:29:28.849+0300 [TRACE] vertex "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role": visit complete, with errors
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role_policy_attachment.administrator-access-attachment (expand)" errored, so skipping
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role_policy_attachment.administrator-access-attachment" errored, so skipping
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.provider[\"registry.terraform.io/hashicorp/aws\"].ct_management (close)" errored, so skipping
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role (close)" errored, so skipping
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles (close)" errored, so skipping
2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline (close)" errored, so skipping
**Note
Tried removing the role manually, did not help
Terraform Version & Prov:
AFT Version: 1.12.2
Terraform Version & Provider Versions Please provide the outputs of
terraform versionandterraform providersfrom within your AFT environmentterraform versionterraform providersBug Description A clear and concise description of what the bug is.
To Reproduce Steps to reproduce the behavior:
Expected behavior module to work as expected without issues
Related Logs
│ Error: creating IAM Role (AWSAFTExecution): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 3b1c42be-0cd2-4815-9862-962220865c2a, EntityAlreadyExists: Role with name AWSAFTExecution already exists. │ │ with module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role, │ on .terraform/modules/aft_pipeline/modules/aft-iam-roles/admin-role/iam.tf line 19, in resource "aws_iam_role" "role": │ 19: resource "aws_iam_role" "role" { │ ╵ ╷ │ Error: creating IAM Role (AWSAFTService): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 1000d20a-8f74-4b20-8999-6d8bffac2b5e, EntityAlreadyExists: Role with name AWSAFTService already exists. │ │ with module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role, │ on .terraform/modules/aft_pipeline/modules/aft-iam-roles/service-role/main.tf line 28, in resource "aws_iam_role" "role": │ 28: resource "aws_iam_role" "role" {
logs with debug:
2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role 2024-06-10T15:29:28.731+0300 [TRACE] provider.terraform-provider-aws_v5.53.0_x5: Served request: tf_proto_version=5.6 tf_resource_type=aws_iam_role tf_rpc=ApplyResourceChange @caller=github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/tf5server/server.go:878 @module=sdk.proto tf_provider_addr=registry.terraform.io/hashicorp/aws tf_req_id=dd428a5b-d12a-c189-b264-da72e00bb872 timestamp="2024-06-10T15:29:28.727+0300" 2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role 2024-06-10T15:29:28.731+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role 2024-06-10T15:29:28.765+0300 [TRACE] statemgr.Filesystem: creating backup snapshot at terraform.tfstate.backup 2024-06-10T15:29:28.801+0300 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1220 2024-06-10T15:29:28.801+0300 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate 2024-06-10T15:29:28.818+0300 [DEBUG] State storage statemgr.Filesystem declined to persist a state snapshot 2024-06-10T15:29:28.818+0300 [ERROR] vertex "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role" error: creating IAM Role (AWSAFTExecution): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 8a54bad9-3853-4eb2-ac7d-15efb66d1288, EntityAlreadyExists: Role with name AWSAFTExecution already exists. 2024-06-10T15:29:28.818+0300 [TRACE] vertex "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role.role": visit complete, with errors 2024-06-10T15:29:28.818+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role 2024-06-10T15:29:28.818+0300 [TRACE] evalApplyProvisioners: module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role is tainted, so skipping provisioning 2024-06-10T15:29:28.818+0300 [TRACE] maybeTainted: module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role was already tainted, so nothing to do 2024-06-10T15:29:28.818+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role_policy_attachment.administrator-access-attachment (expand)" errored, so skipping 2024-06-10T15:29:28.819+0300 [TRACE] terraform.contextPlugins: Schema for provider "registry.terraform.io/hashicorp/aws" is in the global cache 2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role.aws_iam_role_policy_attachment.administrator-access-attachment" errored, so skipping 2024-06-10T15:29:28.819+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState to workingState for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role 2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.provider[\"registry.terraform.io/hashicorp/aws\"].aft_management (close)" errored, so skipping 2024-06-10T15:29:28.819+0300 [TRACE] NodeAbstractResouceInstance.writeResourceInstanceState: removing state object for module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role 2024-06-10T15:29:28.819+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.aft_exec_role (close)" errored, so skipping 2024-06-10T15:29:28.819+0300 [TRACE] statemgr.Filesystem: have already backed up original terraform.tfstate to terraform.tfstate.backup on a previous write 2024-06-10T15:29:28.837+0300 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 1221 2024-06-10T15:29:28.837+0300 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate 2024-06-10T15:29:28.849+0300 [DEBUG] State storage statemgr.Filesystem declined to persist a state snapshot 2024-06-10T15:29:28.849+0300 [ERROR] vertex "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role" error: creating IAM Role (AWSAFTService): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: cc41ac45-9e47-4d20-9cce-8ee1617c6152, EntityAlreadyExists: Role with name AWSAFTService already exists. 2024-06-10T15:29:28.849+0300 [TRACE] vertex "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role.role": visit complete, with errors 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role_policy_attachment.administrator-access-attachment (expand)" errored, so skipping 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role.aws_iam_role_policy_attachment.administrator-access-attachment" errored, so skipping 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.provider[\"registry.terraform.io/hashicorp/aws\"].ct_management (close)" errored, so skipping 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles.module.ct_management_service_role (close)" errored, so skipping 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline.module.aft_iam_roles (close)" errored, so skipping 2024-06-10T15:29:28.849+0300 [TRACE] dag/walk: upstream of "module.aft_pipeline (close)" errored, so skipping
**Note Tried removing the role manually, did not help