When applying updates to the aws_iam_role resource in Terraform, specifically changes to the managed_policy_arns attribute, the expected behavior is that Terraform should detect any modifications to the list of ARNs and apply these changes accordingly to the IAM role in AWS.
When the managed_policy_arns list is updated in the Terraform configuration file, running terraform apply should detect the changes and update the IAM role's attached managed policies to reflect the new configuration.
Actual Behavior
Terraform's apply operation does not detect changes made to the managed_policy_arns attribute. As a result, the IAM role in AWS does not get updated with the new set of managed policy ARNs, leading to a state drift between the Terraform state and the actual IAM role configuration in AWS.
update the managed_policy_arns and you will get the same plan.
Steps to Reproduce
- Define an aws_iam_role resource with a set of managed_policy_arns.
- Apply the configuration using terraform apply.
- Modify the managed_policy_arns list in the Terraform configuration file.
- Run terraform apply/plan again.
- Observe that the IAM role in AWS does not reflect the changes to the managed_policy_arns.
Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
Volunteering to Work on This Issue
If you are interested in working on this issue, please leave a comment.
If this would be your first contribution, please review the contribution guide.
Terraform Core Version
1.3.2
AWS Provider Version
5.57.0
Affected Resource(s)
aws_iam_role
Expected Behavior
When applying updates to the aws_iam_role resource in Terraform, specifically changes to the managed_policy_arns attribute, the expected behavior is that Terraform should detect any modifications to the list of ARNs and apply these changes accordingly to the IAM role in AWS.
When the managed_policy_arns list is updated in the Terraform configuration file, running terraform apply should detect the changes and update the IAM role's attached managed policies to reflect the new configuration.
Actual Behavior
Terraform's apply operation does not detect changes made to the managed_policy_arns attribute. As a result, the IAM role in AWS does not get updated with the new set of managed policy ARNs, leading to a state drift between the Terraform state and the actual IAM role configuration in AWS.
Relevant Error/Panic Output Snippet
Terraform Configuration Files
update the managed_policy_arns and you will get the same plan.
Steps to Reproduce
Debug Output
No response
Panic Output
No response
Important Factoids
No response
References
No response
Would you like to implement a fix?
None