Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: aws_verifiedaccess_group and policy_document #34052

Closed
evilr00t opened this issue Oct 22, 2023 · 3 comments · Fixed by #34054
Closed

[Bug]: aws_verifiedaccess_group and policy_document #34052

evilr00t opened this issue Oct 22, 2023 · 3 comments · Fixed by #34054
Labels
bug Addresses a defect in current functionality. service/verifiedaccess Issues and PRs that pertain to the verifiedaccess service.
Milestone
v5.23.0

Comments

@evilr00t
Copy link

Terraform Core Version

1.6.1

AWS Provider Version

5.21.0

Affected Resource(s)

When a group is created and we want to add policy I have below error message:

  # aws_verifiedaccess_group.monitoring will be updated in-place
  ~ resource "aws_verifiedaccess_group" "monitoring" {
        id                         = "vagr-XYZ"
      + policy_document            = <<-EOT
            permit(principal,action,resource)
                  when {
                  context.test.groups has "XYZ" || context.test.user.email.address like "*@FOOBAR"
                };
        EOT
        tags                       = {
            "Environment" = "monitoring"
            "Name"        = "monitoring-ava-group"
            "system"      = "core"
        }
        # (7 unchanged attributes hidden)
    }

...

│ Error: updating Verified Access Group (vagr-043f49684c52f3afb) policy: operation error EC2: ModifyVerifiedAccessGroupPolicy, https response error StatusCode: 400, RequestID: ed72eee9-3fcc-4c2b-8a7b-d492d16d7a4e, api error InvalidParameterValue: Policy Document cannot be provided when Policy Enabled is false or missing

When I create group with policy already included, there is no problem. There is no variable to enable/disable policy so I'd assume it's a bug atm?

Expected Behavior

policy should be applied

Actual Behavior

policy is denied as there is a missing variable/argument.

Relevant Error/Panic Output Snippet

No response

Terraform Configuration Files

In the comment.

Steps to Reproduce

Try to create group without policy and add it after.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

No response

Would you like to implement a fix?

None
@evilr00t evilr00t added the bug Addresses a defect in current functionality. label Oct 22, 2023
@github-actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added the service/verifiedaccess Issues and PRs that pertain to the verifiedaccess service. label Oct 22, 2023
@evilr00t evilr00t mentioned this issue Oct 22, 2023
Merged
@terraform-aws-provider terraform-aws-provider bot added the needs-triage Waiting for first response or review from a maintainer. label Oct 22, 2023
@sQu4rks sQu4rks mentioned this issue Oct 22, 2023
Merged
@ewbankkit ewbankkit removed the needs-triage Waiting for first response or review from a maintainer. label Oct 23, 2023
@github-actions github-actions bot added this to the v5.23.0 milestone Oct 23, 2023
@github-actions
Copy link

This functionality has been released in v5.23.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/verifiedaccess Issues and PRs that pertain to the verifiedaccess service.
Projects
None yet
Milestone
v5.23.0
2 participants
@ewbankkit @evilr00t