CODEWITHSUNDEEP
amazon-web-servicesterraform
Xcute
Xcute

Reputation: 25

ValidationError: The specified value for roleName is invalid

I've successfully applied and deployed this script a week ago. I made 0 changes since then, to the script or to other factors used within this. Running it this morning throws this -

Terraform v1.0.8
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
aws_iam_role.iam_for_lambda: Refreshing state... [id=iam_for_lambda]
aws_lambda_function.lambda: Refreshing state... [id=MissingPostedTransactions]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_iam_role_policy_attachment.tf_vpc_execution_policy will be created
  + resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
      + role       = "arn:aws:iam::<arn no>:role/iam_for_lambda"
    }

Then I type "yes" to apply the supposed "change", and I get this -

aws_iam_role_policy_attachment.tf_vpc_execution_policy: Creating...
╷
│ Error: Error attaching policy arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole to IAM Role arn:aws:iam::<arn no>:role/iam_for_lambda: ValidationError: The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
│       status code: 400, request id: 8d354476-df67-4c2d-b3b8-c7aa7efce060
│ 
│   with aws_iam_role_policy_attachment.tf_vpc_execution_policy,
│   on main.tf line 55, in resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy":
│   55: resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy" {

What am I missing here?

Upvotes: 2

Views: 5295

Answers (1)

tomarv2
tomarv2

Reputation: 823

Everything is ok in your resources except you should specify role_name and not role_arn. Please refer to documentation from Terraform for more info:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment

      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
      + role       = "<ROLE_NAME>"
    }

Upvotes: 5

Related Questions