[Bug]: DLM requires resource_types, although marked optional

[andreineculau]

Terraform Core Version

1.9.4

AWS Provider Version

5.62.0

Affected Resource(s)

aws_dlm_lifecycle_policy

Expected Behavior

Expected to skip mentioning resource_types, as the docs mention

resource_types - (Optional) A list of resource types that should be targeted by the lifecycle policy. Valid values are VOLUME and INSTANCE.

Actual Behavior

terraform apply actually fails with complaining about missing resource types.

Relevant Error/Panic Output Snippet

│ Error: creating DLM Lifecycle Policy: operation error DLM: CreateLifecyclePolicy, https response error StatusCode: 400, RequestID: 85bd6b4e-6b07-4a60-bb2e-ec422035be8a, InvalidRequestException: The following required parameter(s) are missing: {ResourceTypes}

Terraform Configuration Files

# example from the docs
# with resource_types commented out

data "aws_iam_policy_document" "assume_role" {
  statement {
    effect = "Allow"

    principals {
      type        = "Service"
      identifiers = ["dlm.amazonaws.com"]
    }

    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "dlm_lifecycle_role" {
  name               = "dlm-lifecycle-role"
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

data "aws_iam_policy_document" "dlm_lifecycle" {
  statement {
    effect = "Allow"

    actions = [
      "ec2:CreateSnapshot",
      "ec2:CreateSnapshots",
      "ec2:DeleteSnapshot",
      "ec2:DescribeInstances",
      "ec2:DescribeVolumes",
      "ec2:DescribeSnapshots",
    ]

    resources = ["*"]
  }

  statement {
    effect    = "Allow"
    actions   = ["ec2:CreateTags"]
    resources = ["arn:aws:ec2:*::snapshot/*"]
  }
}

resource "aws_iam_role_policy" "dlm_lifecycle" {
  name   = "dlm-lifecycle-policy"
  role   = aws_iam_role.dlm_lifecycle_role.id
  policy = data.aws_iam_policy_document.dlm_lifecycle.json
}

resource "aws_dlm_lifecycle_policy" "example" {
  description        = "example DLM lifecycle policy"
  execution_role_arn = aws_iam_role.dlm_lifecycle_role.arn
  state              = "ENABLED"

  policy_details {
    # resource_types = ["VOLUME"]

    schedule {
      name = "2 weeks of daily snapshots"

      create_rule {
        interval      = 24
        interval_unit = "HOURS"
        times         = ["23:45"]
      }

      retain_rule {
        count = 14
      }

      tags_to_add = {
        SnapshotCreator = "DLM"
      }

      copy_tags = false
    }

    target_tags = {
      Snapshot = "true"
    }
  }
}

Steps to Reproduce

plan and apply

Debug Output

No response

Panic Output

No response

Important Factoids

Maybe related to the sdk bump in https://github.com/hashicorp/terraform-provider-aws/issues/36140 ?

References

No response

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[andreineculau]

There's more. resource_types is a list, but only 1 item is allowed 🙃

Attribute policy_details.0.resource_types supports 1 item maximum, but config has 2 declared.

[andreineculau]

And more. target_tags is also required

InvalidRequestException: The following required parameter(s) are missing: {TargetTags}

despite docs say

target_tags (Optional) A map of tag keys and their values. Any resources that match the resource_types and are tagged with any of these tags will be targeted.

---

Question: how does one create a default policy (available in AWS Console) then if both resource_types and target_tags are required?