We should upgrade AWS provider to take advantage of new features and recent updates. When attempting to upgrade the provider previously, I ran into the following errors:
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_iam_role.hydrocron_lambda_track_ingest_role
│ to include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .inline_policy: planned set element
│ cty.ObjectVal(map[string]cty.Value{"name":cty.StringVal("HydrocronSSMRead"),
│ "policy":cty.StringVal("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"ssm:DescribeParameters\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:us-west-2:***:parameter/service/hydrocron/*\"},{\"Action\":[\"ssm:GetParametersByPath\",\"ssm:GetParameters\",\"ssm:GetParameter\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:us-west-2:***:parameter/service/hydrocron/*\"}]}")})
│ does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_iam_role.hydrocron-lambda-execution-role to
│ include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .inline_policy: planned set element
│ cty.ObjectVal(map[string]cty.Value{"name":cty.StringVal("HydrocronLambdaVPC"),
│ "policy":cty.StringVal("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"ec2:CreateNetworkInterface\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:us-west-2:***:*/*\"},{\"Action\":\"ec2:DeleteNetworkInterface\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ec2:us-west-2:***:*/*\"},{\"Action\":\"ec2:DescribeNetworkInterfaces\",\"Effect\":\"Allow\",\"Resource\":\"*\"}]}")})
│ does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
╵
╷
│ Error: Provider produced inconsistent final plan
│
│ When expanding the plan for aws_iam_role.hydrocron-lambda-execution-role to
│ include new values learned so far during apply, provider
│ "registry.terraform.io/hashicorp/aws" produced an invalid new value for
│ .inline_policy: planned set element
│ cty.ObjectVal(map[string]cty.Value{"name":cty.StringVal("HydrocronSSMRead"),
│ "policy":cty.StringVal("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"ssm:DescribeParameters\",\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:us-west-2:***:parameter/service/hydrocron/*\"},{\"Action\":[\"ssm:GetParametersByPath\",\"ssm:GetParameters\",\"ssm:GetParameter\"],\"Effect\":\"Allow\",\"Resource\":\"arn:aws:ssm:us-west-2:***:parameter/service/hydrocron/*\"}]}")})
│ does not correlate with any element in actual.
│
│ This is a bug in the provider, which should be reported in the provider's
│ own issue tracker.
Which seems to indicate an issue with using * in the ARN of a resource defined in an inline policy. This does seem to be fixed when using aws_iam_policy. So we should also revisit how we define and use IAM policies in roles when doing the upgrade.
We should upgrade AWS provider to take advantage of new features and recent updates. When attempting to upgrade the provider previously, I ran into the following errors:
Which seems to indicate an issue with using
*in the ARN of a resource defined in an inline policy. This does seem to be fixed when usingaws_iam_policy. So we should also revisit how we define and use IAM policies in roles when doing the upgrade.