CODEWITHSUNDEEP
terraform
user_01_02
user_01_02

Reputation: 763

How to import terraform policy attachment?

Our main goal is to move some resources to a different terraform state fle. I am trying to import a policy attachment of a resource ,however seems like it does not support importing of policy attachment . i am getting an error.

What is the other alternative if it does not support?

i am trying to import this policy 

 + aws_iam_role_policy_attachment.gitlab_as_attach
      id:                                                <computed>
      policy_arn:                                        "arn:aws:iam::xxxxxxxxxxxx:policy/gitlab_as_policy"
      role:                                              "gitlab_prod"

error:

terraform import aws_iam_role_policy_attachment.gitlab_as_attach arn:aws:iam::xxxxxxxxx:policy/gitlab_as_policy
aws_iam_role_policy_attachment.gitlab_as_attach: Importing from ID "arn:aws:iam::xxxxxxxx:policy/gitlab_as_policy"...
Error importing: 1 error(s) occurred:

* aws_iam_role_policy_attachment.gitlab_as_attach (import id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): import aws_iam_role_policy_attachment.gitlab_as_attach (id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): resource aws_iam_role_policy_attachment doesn't support import

terraform version:

Terraform v0.11.0
+ provider.aws v1.5.0

Upvotes: 7

Views: 8376

Answers (3)

tomasbedrich
tomasbedrich

Reputation: 1370

Based on @Momooo's response, I was able to import user policy attachment like this:

terraform import aws_iam_user_policy_attachment.TERRAFORM_RESOURCE_NAME USER_NAME/POLICY_ARN

Upvotes: 2

Rowan Jacobs
Rowan Jacobs

Reputation: 389

EDIT: a new PR was written and merged, and a new version of the AWS Terraform provider (1.37.0) was released adding this feature. This answer is now not really valid anymore; see Momooo's answer for how to do this.

Unfortunately this has been an open issue in the AWS Terraform provider for a while, and the PR that would fix it was abandoned. You could try to detach the policy, refresh terraform, perform the import, then re-attach after the import.

Upvotes: 1

Momooo
Momooo

Reputation: 338

This issue is fixed in 1.37.0 for the provider.aws plugin. Do upgrade the plugins and modules related to the terraform.

To upgrade the plugins run the below command

terraform init -upgrade

To upgrade the modules run the below command

terraform get -update

For further information, look up at the defects and enhancements related to terraform

https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md#1370-september-19-2018

I ran import for the aws_iam_role_policy_attachment today and it's successful.

terraform import -provider=aws.{example} aws_iam_role_policy_attachment.role-attach-1 {test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess
aws_iam_role_policy_attachment.role-attach-1: Importing from ID "{test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess"...
aws_iam_role_policy_attachment.role-attach-1: Import complete!
  Imported aws_iam_role_policy_attachment (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
aws_iam_role_policy_attachment.role-attach-1: Refreshing state... (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)

I hope this helps.

Upvotes: 13

Related Questions