Cycle error.

[gowgopal83]

Description

• [X] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
2. Re-initialize the project root to pull down modules: terraform init
3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

• Module version [Required]:

• "v5.41.0"

• Terraform version:

  
  Terraform v1.3.2
  on darwin_amd64

• provider registry.terraform.io/carlpett/sops v0.7.2

• provider registry.terraform.io/hashicorp/aws v5.32.1

• provider registry.terraform.io/hashicorp/external v2.3.3

• provider registry.terraform.io/hashicorp/local v2.5.1

• provider registry.terraform.io/hashicorp/null v3.2.2

• provider registry.terraform.io/hashicorp/time v0.11.1

• Provider version(s):

Providers required by configuration: . ├── provider[registry.terraform.io/hashicorp/aws] ~> 5.32.0 ├── provider[registry.terraform.io/carlpett/sops] ~> 0.7.1 ├── provider[registry.terraform.io/hashicorp/time] ├── module.iam_policies │   └── provider[registry.terraform.io/hashicorp/aws] >= 4.0.0 ├── module.certcheck_lambda │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │   ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │   ├── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 │   └── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 ├── module.certdeploy_lambda │   ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │   ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │   └── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 ├── module.certissue_lambda │   ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │   ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │   └── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 ├── module.crl_processor_lambda │   ├── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 │   ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │   ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │   └── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 └── module.iam_assumable_roles └── provider[registry.terraform.io/hashicorp/aws] >= 4.0.0

Providers required by state:

provider[registry.terraform.io/hashicorp/null]

provider[registry.terraform.io/hashicorp/time]

provider[registry.terraform.io/hashicorp/aws]

provider[registry.terraform.io/hashicorp/external]

provider[registry.terraform.io/hashicorp/local]

## Reproduction Code [Required]

module "certissue_lambda" { source = "terraform-aws-modules/lambda/aws" version = "7.0.0" function_name = "acmpca-certIssue" description = "Acmpca certIssue Transform" handler = "certIssue.lambda_handler" runtime = "python3.9" timeout = "60" create_role = false

lambda_role = aws_iam_role.cert_issue_lambda_role.arn

lambda_role = module.iam_assumable_roles["ert_issue_lambda_role_test"].iam_role_arn

source_path = "${path.module}/python/certIssue.py" attach_cloudwatch_logs_policy = true

layers = [] environment_variables = { SigningAlgorithm = local.signing_algorithm PCAarn = aws_acmpca_certificate_authority.private_ca_authority.arn CSR_PATH = local.csr_path SNS_TOPIC_ARN = aws_sns_topic.failed_cert_rotation_sns_topic.id }

tags = local.tags }

module "iam_assumable_roles" { for_each = local.iam_roles source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" version = "v5.41.0"

create_role = true role_requires_mfa = false

role_name = each.key custom_role_policy_arns = each.value.custom_role_policy_arns create_custom_role_trust_policy = each.value.create_custom_trust_policy custom_role_trust_policy = each.value.custom_role_trust_policy trusted_role_arns = each.value.trusted_role_arns trusted_role_services = each.value.trusted_role_services tags = local.tags }

module "iam_policies" { for_each = local.iam_policies source = "terraform-aws-modules/iam/aws//modules/iam-policy" version = "v5.41.0" name = each.key path = "/" policy = each.value.policy

tags = local.tags }

locals { iam_roles = { "cert_issue_lambda_role_test" = { create_custom_trust_policy = "false" custom_role_trust_policy = "" custom_role_policy_arns = [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ] trusted_role_services = [ "lambda.amazonaws.com" ] trusted_role_arns = [] } } iam_policies = { "cert_issue_lambda_policy_test" = { description = "Cert Issue lambda policy" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [ "ssm:SendCommand", "ssm:GetCommandInvocation", "dynamodb:PutItem", "acm-pca:IssueCertificate", "sns:Publish" ] Resource = ["*"] } ] }) } }

Steps to reproduce the behavior:

<!-- Are you using workspaces? --> No 
<!-- Have you cleared the local cache (see Notice section above)? --> Yes
<!-- List steps in order that led up to the issue you encountered --> `terraform init ` and `terraform apply`

## Expected behavior

* IAM policy created
* IAM role created
* Lambda role has attached with Lambda and lambda has created. 

## Actual behavior

t validate ╷ │ Error: Cycle: module.iam_policies.output.path (expand), module.iam_policies.output.arn (expand), module.iam_policies (close), module.iam_policies.output.policy (expand), module.iam_policies.output.name (expand), module.iam_policies.output.description (expand), module.iam_policies.var.path (expand), module.iam_policies.var.name_prefix (expand), module.iam_policies.var.name (expand), module.iam_policies.var.description (expand), module.iam_policies.var.tags (expand), module.iam_policies.var.policy (expand), module.iam_policies.var.create_policy (expand), module.iam_policies.aws_iam_policy.policy, module.iam_assumable_roles.var.custom_role_trust_policy (expand), module.iam_assumable_roles.local.custom_role_trust_policy_condition (expand), module.iam_assumable_roles.var.tags (expand), module.iam_assumable_roles.var.max_session_duration (expand), module.iam_assumable_roles.var.role_permissions_boundary_arn (expand), module.iam_assumable_roles.data.aws_iam_policy_document.assume_role, module.iam_assumable_roles.var.force_detach_policies (expand), module.iam_assumable_roles.var.create_role (expand), module.iam_assumable_roles.var.role_description (expand), module.iam_assumable_roles.var.mfa_age (expand), module.iam_assumable_roles.data.aws_partition.current, module.iam_assumable_roles.local.partition (expand), module.iam_assumable_roles.var.allow_self_assume_role (expand), module.iam_assumable_roles.var.create_custom_role_trust_policy (expand), module.iam_assumable_roles.var.trusted_role_actions (expand), module.iam_assumable_roles.var.role_name_prefix (expand), module.iam_assumable_roles.var.role_name (expand), module.iam_assumable_roles.local.role_name_condition (expand), module.iam_assumable_roles.var.trusted_role_services (expand), module.iam_assumable_roles.var.role_sts_externalid (expand), module.iam_assumable_roles.local.role_sts_externalid (expand), module.iam_assumable_roles.var.role_path (expand), module.iam_assumable_roles.var.trusted_role_arns (expand), module.iam_assumable_roles.data.aws_caller_identity.current, module.iam_assumable_roles.local.account_id (expand), module.iam_assumable_roles.var.role_session_name (expand), module.iam_assumable_roles.var.role_requires_session_name (expand), module.iam_assumable_roles.data.aws_iam_policy_document.assume_role_with_mfa, module.iam_assumable_roles.aws_iam_role.this, module.iam_assumable_roles.output.iam_role_arn (expand), module.certissue_lambda.var.lambda_role (expand), module.certissue_lambda.aws_lambda_function.this, module.certissue_lambda.output.lambda_function_arn (expand), module.certcheck_lambda.var.environment_variables (expand), module.certcheck_lambda.aws_lambda_function.this, module.certcheck_lambda.output.lambda_function_arn (expand), local.iam_policies (expand), module.iam_policies (expand), module.iam_policies.output.id (expand), local.iam_roles (expand), module.iam_assumable_roles (expand), module.iam_assumable_roles.var.role_requires_mfa (expand) │

## Additional context

Have tried adding the following depends for `lambda` module. but no luck. 

depends_on = [module.iam_policies, module.iam_assumable_roles]

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days