Updating a aws_iam_user_policy causes multiple policies to be attached to an IAM user. #781
Comments
|
Hello, Is there anything I can do to help troubleshoot this issue? We hit this again today. |
|
Hello, We're still seeing this issue. Is there any update on the terraform side? Do you need any more information? |
|
I can confirm this issue for inline IAM user policies that do not specify |
May I suggest we track this with a more specific bug report that just came in? #2449 |
|
I've migrated the relevant bug fix into a new, smaller PR #3031 and I'll see if we can't get it into v1.7.1 for this week. More soon! 🚀 |
|
This has been merged into master and will be released in v1.7.1 (likely tomorrow) - happy Terraform'ing! 🎉 |
|
This has been released in terraform-provider-aws version 1.7.1. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
This issue was originally opened by @poblahblahblah as hashicorp/terraform#14585. It was migrated here as part of the provider split. The original body of the issue is below.
Terraform Version
Affected Resource(s)
Terraform Configuration Files
module: https://gist.github.com/poblahblahblah/1782bd221059bdeeaa63b814a2260f4a
module template: https://gist.github.com/poblahblahblah/dc324da5e066e9b8d3d92cb37d426219
first module invocation: https://gist.github.com/poblahblahblah/5e68aa9dc074661b8d0ce787cdd5a439
second module invocation: https://gist.github.com/poblahblahblah/71cfc70c165864c35f73c54e89f82670
Debug Output
At this point the user does not exist, nor does a user policy.
debug output of first tf plan: https://gist.github.com/poblahblahblah/939fda5fae0ce31c7a7fb7c04f524bb0
debug output of first tf apply: https://gist.github.com/poblahblahblah/98e0e663ce86c036dea245eb5182ed2d (this failed because the user was created successfully, but it looks like terraform tried to attach the user policy too quickly, which also looks like a bug)
debug output of second tf apply: https://gist.github.com/poblahblahblah/c9e5de274afa6b77f5878b41f0f5ca37
At this point the user exists and there is a single user policy attached to it. I can confirm this in the UI and through the aws cli. Now I am going to add folders to the module invocation.
debug output of second tf plan: https://gist.github.com/poblahblahblah/a717f037a53d6d6a8c3cdac1caf746e5
debug output of last tf apply: https://gist.github.com/poblahblahblah/6c2e1394b12c62e8f875ba13460bb9f9
And now there are two policies attached. The original that terraform created, and the new one.
Panic Output
N/A
Expected Behavior
Terraform should have updated the existing user policy. There should only be a single user policy attached to the user.
Actual Behavior
Terraform created a 2nd user policy, now there are two user policies attached to the user.
Steps to Reproduce
I went through this in the Debug output section, but here it is again
Important Factoids
We have tried this on three separate AWS accounts - our production account in us-east-1, our test account in us-east-1, and our AWS China account. All environments produced the same behavior.
References
None that I could find.
The text was updated successfully, but these errors were encountered: