terraform-aws-ecs icon indicating copy to clipboard operation
terraform-aws-ecs copied to clipboard

Published 20 hours ago verified publisher icon terraform-aws-modules

setting variables task_exec_iam_role_arn and tasks_iam_role_arn is a no-op

Open hardboiled opened this issue 1 year ago • 2 comments

Description

I am trying to understand what the task_exec_iam_role_arn and tasks_iam_role_arn variables are for. The description says "Existing IAM role ARN", which I thought might mean I could pass an existing role ARN and this would be assigned to the task I'm creating. However, when I run terraform plan/apply when passing a value for these variables, terraform doesn't make any changes. Is this what they are supposed to be used for? If so, how can I assign an existing role to tasks.

  • [x] ✋ I have searched the open/closed issues and my issue is not listed.

⚠️ Notes

I have cleared the .terraform directory and reinitialized the project

Versions are below:

$ terraform -version
Terraform v1.9.2
on darwin_arm64

$ terraform providers -version
Terraform v1.9.2
on darwin_arm64
+ provider [registry.terraform.io/hashicorp/aws](http://registry.terraform.io/hashicorp/aws) v5.60.0
+ provider [registry.terraform.io/hashicorp/random](http://registry.terraform.io/hashicorp/random) v3.6.2

Reproduction Code [Required]

resource "aws_iam_role" "test_role" {
    name = "test_role"

    assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "ecs-tasks.amazonaws.com"
        }
      },
    ]
  })
}


module "my_service" {
  source  = "terraform-aws-modules/ecs/aws//modules/service"
  version = "5.9.3"

  name        = "my-service-${var.module_id}"
  task_exec_iam_role_arn = aws_iam_role.test_role.arn
  tasks_iam_role_arn = aws_iam_role.test_role.arn
 # ...
}

Not using workspaces and I have cleared the cache.

Expected behavior

terraform plan/apply changes the resources when I add these variables.

Actual behavior

Setting and/or changing these variables is ignored. Tasks aren't associated with the roles provided by these variables.

hardboiled avatar Sep 13 '24 02:09 hardboiled

These are used only if create_iam_role and create_task_exec_iam_role are respectively set to false. Otherwise the module creates the role and won't take your arn into consideration.

psantus avatar Sep 21 '24 13:09 psantus

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

github-actions[bot] avatar Oct 22 '24 00:10 github-actions[bot]

This issue was automatically closed because of stale in 10 days

github-actions[bot] avatar Nov 01 '24 00:11 github-actions[bot]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

github-actions[bot] avatar Dec 02 '24 02:12 github-actions[bot]