"name" cannot be longer than 64 characters should contain erroneous name

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

NOTE: I wasn't sure if this should be classified as a bug or a feature request.

Terraform Version

terraform -v Terraform v0.12.21

provider.aws v2.58.0

Affected Resource(s)

aws_iam_role
aws_iam_policy_document

Terraform Configuration Files

main.tf

module "lambda2" {
  source = "git::ssh://git@git.eng.esentire.com/eng/lambda-function.git?ref=v0.1.7"

  additional_tags      = local.common_tags
  component_name       = var.component_name
  description          = "This lambda was generated from a template."
  handler              = "src.app.handler"
  memory_size          = var.lambda2_memory_size
  name                 = "${terraform.workspace}-${var.component_name}-lambda2"
  owner                = var.owner
  permissions_boundary = var.permissions_boundary
  runtime              = "python3.8"
  security_groups      = var.security_groups
  subnet_ids           = var.subnet_ids
  timeout              = var.lambda2_timeout
  zipfile              = var.lambda2_zip_path

  variables = {
    TEST_ENV = true
  }
}

Lambda Module Partial

This module is decently large so I'm just including the role and permissions section that's failing.

data "aws_iam_policy_document" "lambda_execution_assume_role" {
  count = var.enabled ? 1 : 0

  statement {
    actions = ["sts:AssumeRole"]

    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
}

resource "aws_iam_role" "lambda_execution" {
  count = var.enabled ? 1 : 0

  name                 = "${var.name}-execution-role"
  permissions_boundary = var.permissions_boundary
  assume_role_policy = join(
    "",
    data.aws_iam_policy_document.lambda_execution_assume_role.*.json,
  )

  tags = merge(local.common_tags, var.additional_tags)
}

data "aws_iam_policy_document" "lambda_logging" {
  count = var.enabled ? 1 : 0

  statement {
    sid = "LambdaLogging"
    actions = [
      "logs:PutLogEvents",
      "logs:CreateLogStream",
    ]
    resources = ["*"]
  }
}

Our terraform config is

provider "aws" {
  region = var.region
}

terraform {
  backend "s3" {}
}

Debug Output

Error: "name" cannot be longer than 64 characters

on .terraform/modules/lambda2/main.tf line 37, in resource "aws_iam_role" "lambda_execution": 37: resource "aws_iam_role" "lambda_execution" {

Expected Behavior

The full name that I expected for the IAM role is alex-nested-1-nested-deploys-lambda2-execution-role which is 51 characters but the actual name was much longer then I expected.

terraform.workspace == "nested-deploys-1" var.component_name == "this turned out to be too long"

But when I just do the aws_iam_role with that explicit name make plan succeeds. This left me fairly confused.

If the error had contained the full failing name it would have helped me track down what portion of our module structure was causing this failure.

Actual Behavior

Error doesn't contain failing name value.

Steps to Reproduce

terraform plan

hashicorp / terraform-provider-aws