Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SNS Feedback role is broken #219

Closed
1 task done
kvendingoldo opened this issue Mar 12, 2024 · 4 comments · Fixed by #220
Closed
1 task done

SNS Feedback role is broken #219

kvendingoldo opened this issue Mar 12, 2024 · 4 comments · Fixed by #220

Comments

@kvendingoldo
Copy link

Description

The same as #204

  • ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Note

Before you submit an issue, please perform the following first:

  1. Remove the local .terraform directory (! ONLY if state is stored remotely, which hopefully you are following that best practice!): rm -rf .terraform/
  2. Re-initialize the project root to pull down modules: terraform init
  3. Re-attempt your terraform plan or apply and check if the issue still persists

Versions

  • Module version [Required]:

  • Terraform version:

  • Provider version(s):

Reproduction Code [Required]

Steps to reproduce the behavior:

Expected behavior

Actual behavior

Terminal Output Screenshot(s)

Additional context
@SwarajBaral
Copy link
Contributor

SwarajBaral commented Mar 12, 2024
edited
Loading

Hey so I am working on a fix for this and wanted to verify if I am headed in the right direction before I raise PR. Apologies if this is not appropriate.
I was trying to follow #204 (comment) and came up with this inline policy. This will ensure that the IAM policy for CloudWatch Logs is properly attached to the role, and a valid assume role policy is defined, granting AWS SNS the right to assume the role.
Is this the right way to go about it ?

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Effect    = "Allow",
      Principal = {
        Service = "sns.amazonaws.com"
      },
      Action    = "sts:AssumeRole"
    }]
  })

@kclinden
Copy link
Contributor

Hey so I am working on a fix for this and wanted to verify if I am headed in the right direction before I raise PR. Apologies if this is not appropriate. I was trying to follow #204 (comment) and came up with this inline policy. This will ensure that the IAM policy for CloudWatch Logs is properly attached to the role, and a valid assume role policy is defined, granting AWS SNS the right to assume the role. Is this the right way to go about it ?

  assume_role_policy = jsonencode({
    Version = "2012-10-17",
    Statement = [{
      Effect    = "Allow",
      Principal = {
        Service = "sns.amazonaws.com"
      },
      Action    = "sts:AssumeRole"
    }]
  })

This is the correct fix. You will also want to move the previous policy over to an inline policy document or create the policy as a standalone resource.

@SwarajBaral SwarajBaral mentioned this issue Mar 21, 2024
Merged
3 tasks
@antonbabenko
Copy link
Member

This issue has been resolved in version 6.1.2 🎉

@github-actions GitHub Actions
Copy link

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@antonbabenko @kclinden @bryantbiggs @kvendingoldo @SwarajBaral