jacobwoffenden
commented
1 month ago Terraform Plan:
Terraform will perform the following actions:
# module.managed_grafana.aws_grafana_role_association.this["EDITOR"] will be updated in-place
~ resource "aws_grafana_role_association" "this" {
~ group_ids = [
- "a68242b4-b0a1-7085-25f4-dc60e4c122c0",
# (2 unchanged elements hidden)
]
id = "g-e937f84aea/EDITOR"
# (3 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.Terraform Apply:
module.managed_grafana.aws_grafana_role_association.this["EDITOR"]: Modifying... [id=<REDACTED>]
module.managed_grafana.aws_grafana_role_association.this["EDITOR"]: Modifications complete after 2s [id=<REDACTED>]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.CloudTrail Event:
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROA5KKMBF7OI3NYV3UB2:aws-go-sdk-1717101485367509248",
"arn": "arn:aws:sts::915524366300:assumed-role/MemberInfrastructureAccess/aws-go-sdk-1717101485367509248",
"accountId": "915524366300",
"accessKeyId": "ASIA5KKMBF7OPNTUQ6N4",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROA5KKMBF7OI3NYV3UB2",
"arn": "arn:aws:iam::915524366300:role/MemberInfrastructureAccess",
"accountId": "915524366300",
"userName": "MemberInfrastructureAccess"
},
"attributes": {
"creationDate": "2024-05-30T20:38:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2024-05-30T20:38:08Z",
"eventSource": "grafana.amazonaws.com",
"eventName": "UpdatePermissions",
"awsRegion": "eu-west-2",
"sourceIPAddress": "52.234.36.40",
"userAgent": "APN/1.0 HashiCorp/1.0 Terraform/1.8.4 (+https://www.terraform.io) terraform-provider-aws/5.51.1 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.53.8 (go1.22.2; linux; amd64)",
"requestParameters": {
"updateInstructionBatch": [
{
"action": "ADD",
"role": "EDITOR",
"users": [
{
"id": "9c6710dd7f-e2cdaf44-0510-48cd-8bb1-4b21552ae0f1",
"type": "SSO_GROUP"
},
{
"id": "9c6710dd7f-120a1f73-34c1-447a-b34c-6cdc2cd64b5e",
"type": "SSO_GROUP"
}
]
}
],
"workspaceId": "g-e937f84aea"
},
"responseElements": {
"errors": []
},
"requestID": "63df886c-f7e9-407f-9b7b-de8b2d70bcd3",
"eventID": "62891520-318b-42d6-85c2-542f4bfacac1",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "915524366300",
"eventCategory": "Management"
}AWS CLI:
$ aws grafana list-permissions --workspace-id g-e937f84aea
{
"permissions": [
{
"role": "EDITOR",
"user": {
"id": "a68242b4-b0a1-7085-25f4-dc60e4c122c0",
"type": "SSO_GROUP"
}
},
{
"role": "ADMIN",
"user": {
"id": "16a2d234-1031-70b5-2657-7f744c55e48f",
"type": "SSO_GROUP"
}
},
{
"role": "EDITOR",
"user": {
"id": "9c6710dd7f-e2cdaf44-0510-48cd-8bb1-4b21552ae0f1",
"type": "SSO_GROUP"
}
},
{
"role": "EDITOR",
"user": {
"id": "9c6710dd7f-120a1f73-34c1-447a-b34c-6cdc2cd64b5e",
"type": "SSO_GROUP"
}
}
]
}
Describe the bug.
The following is seen over and over now that Data Platform have been off-boarded
To Reproduce
Expected Behaviour
aws_grafana_role_associationis properly cleaned upAdditional context
No response