Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Version Selection in policy_document data sources #14216

Closed
hikerspath opened this issue May 4, 2017 · 1 comment
Closed

Allow Version Selection in policy_document data sources #14216

hikerspath opened this issue May 4, 2017 · 1 comment
Labels
bug provider/aws

Comments

@hikerspath
Copy link

Having used terraform for a while now, we have some configs running that we don't necessarily want to have torn down by terraform if switching to use of the newer (v0.7.7+) aws_iam_policy_document data source. Presently we are running a pre-defined version that has been called out in heredoc format. If we switch to use of the data source, we are forced to a specific version that is hard-coded into the app.

I could totally see having this be something that is defaulted in the app, but not something that is hard-coded as then both of us have more to maintain / be aware of...

  • You would need to be aware if AWS ever changed / upgraded the version and release a new version with the change (which would not be backwards compatible to running configs)
  • We would need to know if you ever changed the version so that the policy and all its dependancies would not be impacted with a terraform apply.

Terraform Version

  • v0.8.8

Affected Resource(s)

  • aws_iam_policy_document

Terraform Configuration Files

Below I have placed what we presently have called out and what is available to call out in the new configuration style. Specifically it is the 'Version:' options that I am speaking about.

Existing Policy Definition

resource "aws_iam_role" "lambda_assume_role" {
  name = "lambda_assume_role"

  assume_role_policy = <<EOF
{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "lambda.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

New Policy Document Format

data "aws_iam_policy_document" "lambda_assume_role" {
  statement {
    actions = [ "sts:AssumeRole" ]

    principals {
      type = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
  }
}

References
@hashibot hashibot mentioned this issue Jun 13, 2017
Closed
@ghost
Copy link

ghost commented Apr 9, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug provider/aws
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@grubernaut @hikerspath @hashibot