Skip to content

Commit

Permalink
Ignore lifecycle for AWS IAM in-line policy (#499)
Browse files Browse the repository at this point in the history 
* Ignore lifecycle for AWS IAM in-line policy

Signed-off-by: Sasikanth Eda <[email protected]>

* Improve comment

Signed-off-by: Sasikanth Eda <[email protected]>

* Correct comment typo

Signed-off-by: Sasikanth Eda <[email protected]>

---------

Signed-off-by: Sasikanth Eda <[email protected]>
  • Loading branch information
@sasikeda
sasikeda authored Mar 25, 2024
1 parent 1d5279a commit b263cb7
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 0 additions & 4 deletions aws_scale_templates/sub_modules/instance_template/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,10 +70,6 @@ module "cluster_host_iam_policy" {
"ec2:CreateTags*",
"ec2:ModifyInstanceAttribute",
"iam:GetRole",
"ssm:DescribeParameters",
"ssm:PutParameter",
"ssm:GetParameter",
"ssm:DeleteParameters",
"sns:DeleteTopic",
"sns:CreateTopic",
"sns:Unsubscribe",
Expand Down
4 changes: 4 additions & 0 deletions resources/aws/security/iam/iam_role_policy/iam_role_policy.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,10 @@ resource "aws_iam_role_policy" "itself" {
name_prefix = var.role_policy_name_prefix
role = element(var.iam_role_id, count.index)
policy = var.iam_role_policy
# Admin might add/link custom IAM policies, hence avoid to overwrite it
lifecycle {
ignore_changes = all
}
}

output "role_name" {
Expand Down

0 comments on commit b263cb7

Please sign in to comment.