Closed gowgopal83 closed 1 week ago
This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days
This issue was automatically closed because of stale in 10 days
Description
⚠️ Note
Before you submit an issue, please perform the following first:
.terraform
directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!):rm -rf .terraform/
terraform init
Versions
Module version [Required]:
"v5.41.0"
Terraform version:
provider registry.terraform.io/carlpett/sops v0.7.2
provider registry.terraform.io/hashicorp/aws v5.32.1
provider registry.terraform.io/hashicorp/external v2.3.3
provider registry.terraform.io/hashicorp/local v2.5.1
provider registry.terraform.io/hashicorp/null v3.2.2
provider registry.terraform.io/hashicorp/time v0.11.1
Provider version(s):
Providers required by configuration: . ├── provider[registry.terraform.io/hashicorp/aws] ~> 5.32.0 ├── provider[registry.terraform.io/carlpett/sops] ~> 0.7.1 ├── provider[registry.terraform.io/hashicorp/time] ├── module.iam_policies │ └── provider[registry.terraform.io/hashicorp/aws] >= 4.0.0 ├── module.certcheck_lambda │ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │ ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │ ├── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 │ └── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 ├── module.certdeploy_lambda │ ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │ ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │ └── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 ├── module.certissue_lambda │ ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │ ├── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 │ └── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 ├── module.crl_processor_lambda │ ├── provider[registry.terraform.io/hashicorp/local] >= 1.0.0 │ ├── provider[registry.terraform.io/hashicorp/null] >= 2.0.0 │ ├── provider[registry.terraform.io/hashicorp/aws] >= 5.32.0 │ └── provider[registry.terraform.io/hashicorp/external] >= 1.0.0 └── module.iam_assumable_roles └── provider[registry.terraform.io/hashicorp/aws] >= 4.0.0
Providers required by state:
module "certissue_lambda" { source = "terraform-aws-modules/lambda/aws" version = "7.0.0" function_name = "acmpca-certIssue" description = "Acmpca certIssue Transform" handler = "certIssue.lambda_handler" runtime = "python3.9" timeout = "60" create_role = false
lambda_role = aws_iam_role.cert_issue_lambda_role.arn
lambda_role = module.iam_assumable_roles["ert_issue_lambda_role_test"].iam_role_arn
source_path = "${path.module}/python/certIssue.py" attach_cloudwatch_logs_policy = true
layers = [] environment_variables = { SigningAlgorithm = local.signing_algorithm PCAarn = aws_acmpca_certificate_authority.private_ca_authority.arn CSR_PATH = local.csr_path SNS_TOPIC_ARN = aws_sns_topic.failed_cert_rotation_sns_topic.id }
tags = local.tags }
module "iam_assumable_roles" { for_each = local.iam_roles source = "terraform-aws-modules/iam/aws//modules/iam-assumable-role" version = "v5.41.0"
create_role = true role_requires_mfa = false
role_name = each.key custom_role_policy_arns = each.value.custom_role_policy_arns create_custom_role_trust_policy = each.value.create_custom_trust_policy custom_role_trust_policy = each.value.custom_role_trust_policy trusted_role_arns = each.value.trusted_role_arns trusted_role_services = each.value.trusted_role_services tags = local.tags }
module "iam_policies" { for_each = local.iam_policies source = "terraform-aws-modules/iam/aws//modules/iam-policy" version = "v5.41.0" name = each.key path = "/" policy = each.value.policy
tags = local.tags }
locals { iam_roles = { "cert_issue_lambda_role_test" = { create_custom_trust_policy = "false" custom_role_trust_policy = "" custom_role_policy_arns = [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ] trusted_role_services = [ "lambda.amazonaws.com" ] trusted_role_arns = [] } } iam_policies = { "cert_issue_lambda_policy_test" = { description = "Cert Issue lambda policy" policy = jsonencode({ Version = "2012-10-17" Statement = [ { Effect = "Allow" Action = [ "ssm:SendCommand", "ssm:GetCommandInvocation", "dynamodb:PutItem", "acm-pca:IssueCertificate", "sns:Publish" ] Resource = ["*"] } ] }) } }
t validate ╷ │ Error: Cycle: module.iam_policies.output.path (expand), module.iam_policies.output.arn (expand), module.iam_policies (close), module.iam_policies.output.policy (expand), module.iam_policies.output.name (expand), module.iam_policies.output.description (expand), module.iam_policies.var.path (expand), module.iam_policies.var.name_prefix (expand), module.iam_policies.var.name (expand), module.iam_policies.var.description (expand), module.iam_policies.var.tags (expand), module.iam_policies.var.policy (expand), module.iam_policies.var.create_policy (expand), module.iam_policies.aws_iam_policy.policy, module.iam_assumable_roles.var.custom_role_trust_policy (expand), module.iam_assumable_roles.local.custom_role_trust_policy_condition (expand), module.iam_assumable_roles.var.tags (expand), module.iam_assumable_roles.var.max_session_duration (expand), module.iam_assumable_roles.var.role_permissions_boundary_arn (expand), module.iam_assumable_roles.data.aws_iam_policy_document.assume_role, module.iam_assumable_roles.var.force_detach_policies (expand), module.iam_assumable_roles.var.create_role (expand), module.iam_assumable_roles.var.role_description (expand), module.iam_assumable_roles.var.mfa_age (expand), module.iam_assumable_roles.data.aws_partition.current, module.iam_assumable_roles.local.partition (expand), module.iam_assumable_roles.var.allow_self_assume_role (expand), module.iam_assumable_roles.var.create_custom_role_trust_policy (expand), module.iam_assumable_roles.var.trusted_role_actions (expand), module.iam_assumable_roles.var.role_name_prefix (expand), module.iam_assumable_roles.var.role_name (expand), module.iam_assumable_roles.local.role_name_condition (expand), module.iam_assumable_roles.var.trusted_role_services (expand), module.iam_assumable_roles.var.role_sts_externalid (expand), module.iam_assumable_roles.local.role_sts_externalid (expand), module.iam_assumable_roles.var.role_path (expand), module.iam_assumable_roles.var.trusted_role_arns (expand), module.iam_assumable_roles.data.aws_caller_identity.current, module.iam_assumable_roles.local.account_id (expand), module.iam_assumable_roles.var.role_session_name (expand), module.iam_assumable_roles.var.role_requires_session_name (expand), module.iam_assumable_roles.data.aws_iam_policy_document.assume_role_with_mfa, module.iam_assumable_roles.aws_iam_role.this, module.iam_assumable_roles.output.iam_role_arn (expand), module.certissue_lambda.var.lambda_role (expand), module.certissue_lambda.aws_lambda_function.this, module.certissue_lambda.output.lambda_function_arn (expand), module.certcheck_lambda.var.environment_variables (expand), module.certcheck_lambda.aws_lambda_function.this, module.certcheck_lambda.output.lambda_function_arn (expand), local.iam_policies (expand), module.iam_policies (expand), module.iam_policies.output.id (expand), local.iam_roles (expand), module.iam_assumable_roles (expand), module.iam_assumable_roles.var.role_requires_mfa (expand) │
depends_on = [module.iam_policies, module.iam_assumable_roles]