Updating policy name

[chelseybeck]

What changed?

• We updated the policy name to replace 'admin' with 'supervisor' and I missed a few places, so that's the only change

The plan should show the 'admin' policy removed and then the new policy (that was applied previously) will be assigned to the group

[github-actions[bot]]

Terraform plan in terraform

Plan: 2 to add, 0 to change, 2 to destroy.

```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create - destroy Terraform will perform the following actions: # module.aws_custom_policies.aws_iam_policy.custom_policy["IAMServicesAdmin"] will be destroyed # (because key ["IAMServicesAdmin"] is not in for_each map) - resource "aws_iam_policy" "custom_policy" { - arn = "arn:aws:iam::035866691871:policy/IAMServicesAdmin" -> null - description = "Policy granting IAM services admins permissions to make changes to user accounts" -> null - id = "arn:aws:iam::035866691871:policy/IAMServicesAdmin" -> null - name = "IAMServicesAdmin" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = [ - "iam:CreateAccessKey", ] - Effect = "Allow" - Resource = "arn:aws:iam::*:user/*" }, - { - Action = [ - "iam:UpdateLoginProfile", ] - Condition = { - StringEquals = { - "iam:ResourceTag/Access Level" = [ - "1", - "2", ] } } - Effect = "Allow" - Resource = "arn:aws:iam::*:user/*" }, - { - Action = [ - "cloudshell:CreateEnvironment", - "cloudshell:GetEnvironmentStatus", - "cloudshell:CreateSession", - "cloudshell:StartEnvironment", - "cloudshell:StopEnvironment", ] - Effect = "Allow" - Resource = "*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPAQQWOSJEPRL2DTHOJL" -> null - tags = {} -> null - tags_all = {} -> null } # module.iam_services_admin_group.aws_iam_group.group will be destroyed # (because aws_iam_group.group is not in configuration) - resource "aws_iam_group" "group" { - arn = "arn:aws:iam::035866691871:group/iam-services-admin-group" -> null - id = "iam-services-admin-group" -> null - name = "iam-services-admin-group" -> null - path = "/" -> null - unique_id = "AGPAQQWOSJEPURLU5DTDL" -> null } # module.iam_services_supervisor_group.aws_iam_group.group will be created + resource "aws_iam_group" "group" { + arn = (known after apply) + id = (known after apply) + name = "iam-services-supervisor-group" + path = "/" + unique_id = (known after apply) } # module.iam_services_supervisor_group.aws_iam_group_policy_attachment.group_policy_attachment["IAMServicesSupervisor"] will be created + resource "aws_iam_group_policy_attachment" "group_policy_attachment" { + group = "iam-services-supervisor-group" + id = (known after apply) + policy_arn = "arn:aws:iam::035866691871:policy/IAMServicesSupervisor" } Plan: 2 to add, 0 to change, 2 to destroy. ```

:x: Error applying plan in Apply Terraform changes on merge #4

[chelseybeck]

@freaky4wrld it's okay for you to merge...the previous issue was that the apply step wasn't seeing the plan written as a comment in the pr. I'm wondering if that comment has to be the most recent one...but feel like that shouldn't be the case.

i found these two errors where I didn't change the name, so let's see if it happens again 🤞

[freaky4wrld]

Nope it didn't work!! maybe this prompt from ChatGPT might help you, read the second prompt!!!

[github-actions[bot]]

Terraform plan in terraform

Plan: 1 to add, 0 to change, 2 to destroy.

```diff Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create - destroy Terraform will perform the following actions: # module.aws_custom_policies.aws_iam_policy.custom_policy["IAMServicesAdmin"] will be destroyed # (because key ["IAMServicesAdmin"] is not in for_each map) - resource "aws_iam_policy" "custom_policy" { - arn = "arn:aws:iam::035866691871:policy/IAMServicesAdmin" -> null - description = "Policy granting IAM services admins permissions to make changes to user accounts" -> null - id = "arn:aws:iam::035866691871:policy/IAMServicesAdmin" -> null - name = "IAMServicesAdmin" -> null - path = "/" -> null - policy = jsonencode( { - Statement = [ - { - Action = [ - "iam:CreateAccessKey", ] - Effect = "Allow" - Resource = "arn:aws:iam::*:user/*" }, - { - Action = [ - "iam:UpdateLoginProfile", ] - Condition = { - StringEquals = { - "iam:ResourceTag/Access Level" = [ - "1", - "2", ] } } - Effect = "Allow" - Resource = "arn:aws:iam::*:user/*" }, - { - Action = [ - "cloudshell:CreateEnvironment", - "cloudshell:GetEnvironmentStatus", - "cloudshell:CreateSession", - "cloudshell:StartEnvironment", - "cloudshell:StopEnvironment", ] - Effect = "Allow" - Resource = "*" }, ] - Version = "2012-10-17" } ) -> null - policy_id = "ANPAQQWOSJEPRL2DTHOJL" -> null - tags = {} -> null - tags_all = {} -> null } # module.iam_services_admin_group.aws_iam_group.group will be destroyed # (because aws_iam_group.group is not in configuration) - resource "aws_iam_group" "group" { - arn = "arn:aws:iam::035866691871:group/iam-services-admin-group" -> null - id = "iam-services-admin-group" -> null - name = "iam-services-admin-group" -> null - path = "/" -> null - unique_id = "AGPAQQWOSJEPURLU5DTDL" -> null } # module.iam_services_supervisor_group.aws_iam_group_policy_attachment.group_policy_attachment["IAMServicesSupervisor"] will be created + resource "aws_iam_group_policy_attachment" "group_policy_attachment" { + group = "iam-services-supervisor-group" + id = (known after apply) + policy_arn = "arn:aws:iam::035866691871:policy/IAMServicesSupervisor" } Plan: 1 to add, 0 to change, 2 to destroy. ```

:x: Error applying plan in Apply Terraform changes on merge #4

[chelseybeck]

@freaky4wrld i was able to get it to apply in the latest PR. for whatever reason, I'm having to go back and run the plan action again right before the apply and it works. the error you were seeing was because dflook action didn't detect a plan in the comment - or it wasn't fresh...looking into it