search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.83k stars 9.17k forks source link

[Bug]: aws_config_remediation_configuration now fails with InvalidParameterValueException #31428

Open abvm659 opened 1 year ago

abvm659 commented 1 year ago

Terraform Core Version

1.4.2

AWS Provider Version

4.67.0

Affected Resource(s)

aws_config_remediation_configuration

Expected Behavior

In 4.66.1 it works fine, while in 4.67.0 single value parameters fails.

Actual Behavior

Fails with InvalidParameterValueException: There were invalid RemediationParameterValues for configurations for AWS Config Rules

Relevant Error/Panic Output Snippet

│ Error: creating AWS Config Remediation Configuration ({
│   RemediationConfigurations: [{
│       Automatic: true,
│       ConfigRuleName: "cldfrc-euw1-dev-ec2-core-custom-rule",
│       MaximumAutomaticAttempts: 5,
│       Parameters: {
│         InstanceIds: {
│           ResourceValue: {
│             Value: "RESOURCE_ID"
│           },
│           StaticValue: {
│             Values: ["arn:aws:iam::####:policy/services/###_1","arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore","arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"]
│           }
│         },
│         PolicyArns: {
│           StaticValue: {
│             Values: ["arn:aws:iam::#####:policy/services/###_1","arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore","arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"]
│           }
│         },
│         DefaultInstanceProfileArn: {
│           StaticValue: {
│             Values: ["arn:aws:iam::#####:instance-profile/services/###_1"]
│           }
│         },
│         AutomationAssumeRole: {
│           StaticValue: {
│             Values: ["arn:aws:iam::#####:policy/services/###_1","arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore","arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy"]
│           }
│         }
│       },
│       ResourceType: "AWS::EC2::Instance",
│       RetryAttemptSeconds: 60,
│       TargetId: "cldfrc-euw1-dev-ec2-core-remediation",
│       TargetType: "SSM_DOCUMENT"
│     }]
│ }): InvalidParameterValueException: There were invalid RemediationParameterValues for configurations for AWS Config Rules cldfrc-euw1-dev-ec2-core-custom-rule

Terraform Configuration Files

resource "aws_config_remediation_configuration" "ec2_core_custom_rule" {
  config_rule_name = aws_config_config_rule.ec2_core_custom_rule.name
  target_id        = aws_ssm_document.ec2_core_remediation.id
  target_type      = "SSM_DOCUMENT"
  automatic        = true
  resource_type    = "AWS::EC2::Instance"
  maximum_automatic_attempts = "5"
  retry_attempt_seconds = "60"

  parameter {
    name           = "InstanceIds"
    resource_value = "RESOURCE_ID"
  }

  parameter {
    name           = "PolicyArns"
    static_values  = var.ec2_instance_profile_policy_arns
  }

  parameter {
    name           = "DefaultInstanceProfileArn"
    static_value   = var.default_instance_profile_arn
  }

  parameter {
    name         = "AutomationAssumeRole"
    static_value = var.resource_policy_lambda_role_arn
  }
}

Steps to Reproduce

Run terraform apply with given configuration block.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

This is the bug fix that most probably introduced this error:

https://github.com/hashicorp/terraform-provider-aws/pull/31315

Would you like to implement a fix?

No

github-actions[bot] commented 1 year ago

Community Note

Voting for Prioritization

Volunteering to Work on This Issue