-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reason for deprecating aws_iam_role.managed_policy_arns #39771
Comments
Community NoteVoting for Prioritization
Volunteering to Work on This Issue
|
I don't see how this relates. |
Not sure what you mean by the Terraform Cloud bill, but this change is very annoying and the reasoning behind it doesn't seem clear to me either 😞 |
Seems like it is related to: #39718, #39376, #39204 And the easiest to read is here: https://github.com/hashicorp/terraform-provider-aws/blob/main/docs/design-decisions/exclusive-relationship-management-resources.md |
Terraform Cloud bills you per number of resources managed. Moving relations from attributes to dedicated resources increases your bill. |
Hey @sylr - thanks for your question. The short answer is to reduce the scope of responsibility for the Arguments like We understand that migrating arguments on such a foundational resource will require a non-trivial amount of effort, which is why we don't have imminent plans to remove the argument. A relevant section from the proposal:
We have no plans to remove this argument in the next major version, so you can continue using the existing argument without any changes to your TFC resource count. Hopefully this helps to describe our thinking with this change! |
Thank you @jar-b for your comment. I understand the reasoning/principles behind this. Since this attribute is "deprecated", it will be slated for removal some time in the future even if it's not the next major release so the concern regarding a multiplicative effect on our RUM will still exist. As a result of RUM, we are already trying to migrate away from using resources like I am aware that this is not directly related to the provider itself, but it's a big concern on our end as customers of HCP Terraform. |
Moving my issue here, as it was marked duplicated This deprecation is also causing an issue for us, without suitable alternative: The problemRemoving the Whilst ExampleI have a lambda, and I want to update the code and permissions to read from Dynamo. Right now: I can just add the IAM policy in the With the proposed deprecation: I'll have to create a new |
Is there a guide on how to perform such a migration? Does it have to be "terraform state rm" followed by "import"? It feels quite cumbersome and insecure. |
Description
Hi,
As a pretty extensive user of AWS IAM roles, deprecating
aws_iam_role.managed_policy_arns
in favor of a newaws_iam_role_policy_attachments_exclusive
resource is going to have a non negligible and unwanted impact on my Terraform Cloud bill.I'd like an explanation for this change.
Regards.
References
No response
Would you like to implement a fix?
None
The text was updated successfully, but these errors were encountered: