Home > Net >  ValidationError: The specified value for roleName is invalid
ValidationError: The specified value for roleName is invalid

Time:10-19

I've successfully applied and deployed this script a week ago. I made 0 changes since then, to the script or to other factors used within this. Running it this morning throws this -

Terraform v1.0.8
on linux_amd64
Configuring remote state backend...
Initializing Terraform configuration...
aws_iam_role.iam_for_lambda: Refreshing state... [id=iam_for_lambda]
aws_lambda_function.lambda: Refreshing state... [id=MissingPostedTransactions]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
    create

Terraform will perform the following actions:

  # aws_iam_role_policy_attachment.tf_vpc_execution_policy will be created
    resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy" {
        id         = (known after apply)
        policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
        role       = "arn:aws:iam::<arn no>:role/iam_for_lambda"
    }

Then I type "yes" to apply the supposed "change", and I get this -

aws_iam_role_policy_attachment.tf_vpc_execution_policy: Creating...
╷
│ Error: Error attaching policy arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole to IAM Role arn:aws:iam::<arn no>:role/iam_for_lambda: ValidationError: The specified value for roleName is invalid. It must contain only alphanumeric characters and/or the following:  =,.@_-
│       status code: 400, request id: 8d354476-df67-4c2d-b3b8-c7aa7efce060
│ 
│   with aws_iam_role_policy_attachment.tf_vpc_execution_policy,
│   on main.tf line 55, in resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy":
│   55: resource "aws_iam_role_policy_attachment" "tf_vpc_execution_policy" {

What am I missing here?

CodePudding user response:

Everything is ok in your resources except you should specify role_name and not role_arn. Please refer to documentation from Terraform for more info:

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment

        id         = (known after apply)
        policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
        role       = "<ROLE_NAME>"
    }
  • Related