IAM Roles have hard-coded names, cannot apply module multiple times

igoralveslima commented 2 years ago

Describe the bug IAM resources have hard-coded names, which prevents users from applying this module multiple times in a single account

https://github.com/clowdhaus/terraform-aws-dms/blob/main/main.tf#L47 https://github.com/clowdhaus/terraform-aws-dms/blob/main/main.tf#L66

To Reproduce Steps to reproduce the behavior:

Apply module to create DMS migration for service A in account 1
Apply module to create DMS migration for service B in account 1
AWS API errors "EntityAlreadyExists: Role with name dms-cloudwatch-logs-role already exists."

Expected behavior

Resources should include a randomly generated identifier
Allow users to override the IAM resource names

Screenshots

N/A

Desktop (please complete the following information):

N/A

Smartphone (please complete the following information):

N/A

Additional context

N/A

bryantbiggs commented 2 years ago

yes, this is an AWS requirement. I will agree it is rather odd and there are numerous issues reported on this, but it is what is required by the AWS API in order for DMS to function properly - https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#CHAP_Security.APIRole

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

terraform-aws-modules / terraform-aws-dms

IAM Roles have hard-coded names, cannot apply module multiple times #11