Should create attach policy resources in a consistent way, every apply.
Actual Behavior
Fails from inconsistent apply with same source config.
Relevant Error/Panic Output Snippet
│ Error: Provider produced inconsistent result after apply
│
│ When applying changes to
│ module.roles.module.iam_role.aws_iam_policy_attachment.policy_attach["ecs_role-task_definition_policy"],
│ provider "provider[\"registry.terraform.io/hashicorp/aws\"].apps" produced
│ an unexpected new value: Root resource was present, but now absent.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
locals {
attachement = { for key, role in var.roles : key => role.attach_policies }
attach_policy = flatten([
for k in keys(local.attachement) :
[for e in local.attachement[k] :
{ "role" = k, "policy" = e }
]])
}
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.5.4
AWS Provider Version
5.28.0
Affected Resource(s)
aws_iam_policy_attachment
Expected Behavior
Should create attach policy resources in a consistent way, every apply.
Actual Behavior
Fails from inconsistent apply with same source config.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
variable "policies" { type = map(object({ name = string description = string policies = list(object({ sid = string effect = string actions = list(string) resources = list(string) })) })) }
variable "roles" { type = map(object({ name = string description = string attach_policies = list(string) policy = list(object({ sid = string effect = string actions = list(string) principals = object({ type = string identifiers = string }) })) })) }
variable "tags" { type = any default = {} }
locals { attachement = { for key, role in var.roles : key => role.attach_policies } attach_policy = flatten([ for k in keys(local.attachement) : [for e in local.attachement[k] : { "role" = k, "policy" = e } ]]) }
data "aws_iam_policy_document" "custom_iam_policy" { for_each = var.policies dynamic "statement" { for_each = each.value.policies
} }
resource "aws_iam_policy" "policy_document" { for_each = var.policies name = each.value.name description = each.value.description policy = data.aws_iam_policy_document.custom_iam_policy[each.key].json tags = var.tags }
data "aws_iam_policy_document" "assume_role_policy" { for_each = var.roles dynamic "statement" { for_each = each.value.policy content { actions = lookup(statement.value, "actions") effect = lookup(statement.value, "effect") sid = lookup(statement.value, "sid")
} }
resource "aws_iam_role" "role" { for_each = var.roles name = each.value.name description = each.value.description assume_role_policy = data.aws_iam_policy_document.assume_role_policy[each.key].json tags = var.tags }
resource "aws_iam_policy_attachment" "policy_attach" { for_each = { for ap in local.attach_policy : "${ap.role}-${ap.policy}" => ap } name = "${each.value.role}-${each.value.policy}-attachment" roles = [aws_iam_role.role[each.value.role].name] policy_arn = aws_iam_policy.policy_document[each.value.policy].arn }
Steps to Reproduce
Create the policies by terraform apply and you will see the error output.
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None