fix: remove usage of deprecated managed_policy_arns attribute #48
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
necipallef
reviewed
Jul 3, 2025
necipallef
requested changes
Jul 3, 2025
mcnulty-fp
force-pushed
the
fix/INTER-1311-managed-policy-arns-deprecated
branch
from
200ea60 to
6c77fbc
Compare
The `managed_policy_arns` attribute on `aws_iam_role` resources has been deprecated. At the AWS API layer, the `managed_policy_arns` list is translated by Terraform to individual "attached role policy" resources. Per the Terraform docs, using the `managed_policy_arns` attribute is equivalent to using a separate `aws_iam_role_policy_attachment` resource. As a result, this commit switches from the `managed_policy_arns` attribute to a `aws_iam_role_policy_attachment` resource. After this change, upgrading the fingerprint_cloudfront_integration module and running a terraform apply will result in Terraform creating a new resource in its state, but there will be no corresponding state change in the AWS APIs. Terraform also no longer produces the warning about the argument being deprecated.
mcnulty-fp
force-pushed
the
fix/INTER-1311-managed-policy-arns-deprecated
branch
from
6c77fbc to
07e97ae
Compare
necipallef
approved these changes
Jul 9, 2025
|
🎉 This PR is included in version 1.1.1-rc.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
|
🎉 This PR is included in version 1.1.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
managed_policy_arnsattribute onaws_iam_roleresources has been deprecated. At the AWS API layer, themanaged_policy_arnslist is translated by Terraform to individual "attached role policy" resources.Per the Terraform docs, using the
managed_policy_arnsattribute is equivalent to using a separateaws_iam_role_policy_attachments_exclusiveresource.As a result, this commit switches from the
managed_policy_arnsattribute to aaws_iam_role_policy_attachments_exclusiveresource.After this change, upgrading the fingerprint_cloudfront_integration module and running a terraform apply will result in Terraform creating a new resource in its state, but there will be no corresponding state change in the AWS APIs. Terraform also no longer produces the warning about the argument being deprecated.
With a Terraform configuration that deployed the CloudFront integration, listing the attached role policies to the IAM role showed no change after running a
terraform applywith the updated module. Output was something like: