broad-zoo-34077
11/02/2022, 3:40 PMwhite-airport-8778
mysterious-teacher-68276
11/02/2022, 3:43 PMnumerous-plastic-31859
11/02/2022, 3:43 PMmysterious-teacher-68276
11/02/2022, 3:44 PMAWS_PROFILE
to run with?numerous-plastic-31859
11/02/2022, 3:45 PMAWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
to terraformmysterious-teacher-68276
11/02/2022, 3:46 PMmysterious-teacher-68276
11/02/2022, 3:58 PMmysterious-teacher-68276
11/02/2022, 4:23 PMnumerous-plastic-31859
11/02/2022, 4:25 PMHEAD
has changed 🙂
Otherwise I’ll try the new version, I’ll let you know tomorrow!mysterious-teacher-68276
11/02/2022, 4:27 PMprovider "aws" {
region = "eu-central-1"
}
# new provider alias to define. Add any tags/config that you normally have on providers here.
provider "aws" {
alias = "us_east_1"
region = "us-east-1"
}
module "infracost" {
source = "<http://github.com/infracost/cross-account-link|github.com/infracost/cross-account-link>"
infracost_external_id = "INFRACOST_ORGANIZATION_ID"
# add the new provider here with the `us_east_1` alias
providers = {
aws.us_east_1 = aws.us_east_1
}
}
...
white-airport-8778
numerous-plastic-31859
11/03/2022, 7:57 AMnumerous-plastic-31859
11/03/2022, 7:58 AMHEAD
?numerous-plastic-31859
11/03/2022, 9:08 AM"arn:aws:iam::${var.infracost_account}:root"
as it keeps reporting changes with just var.infracost_account
🙂numerous-plastic-31859
11/03/2022, 9:35 AMmysterious-teacher-68276
11/03/2022, 9:45 AMmysterious-teacher-68276
11/03/2022, 9:46 AMnumerous-plastic-31859
11/03/2022, 10:27 AMmysterious-teacher-68276
11/03/2022, 10:27 AMnumerous-plastic-31859
11/09/2022, 3:15 PMTerraform plan Succeeded for Workspace: default
Show Output
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
! update in-place
Terraform will perform the following actions:
# module.aws.more.paths.here.module.infracost_cost_and_usage_report.aws_iam_role.cross_account_role will be updated in-place
! resource "aws_iam_role" "cross_account_role" {
! assume_role_policy = jsonencode(
! {
! Statement = [
! {
! Action = "sts:AssumeRole" -> [
+ "sts:AssumeRole",
]
# (3 unchanged elements hidden)
},
]
- Version = "2008-10-17" -> null
}
)
id = "terraform-20221103102406234000000001"
! managed_policy_arns = [
- "arn:aws:iam::xxxxxxxxxxx:policy/ObjectGetCostandUsageReports",
# (1 unchanged element hidden)
]
name = "terraform-20221103102406234000000001"
tags = {}
# (8 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
I think the sts diff could be fixed by changing it to `Action : "sts:assumeRole"`
Not sure about the managed_policy_arns
though 🤔mysterious-teacher-68276
11/09/2022, 3:31 PMaws_iam_policy_attachment
insteadmysterious-teacher-68276
11/09/2022, 3:32 PMmysterious-teacher-68276
11/09/2022, 3:41 PM?ref=fix/iam-role-fixes
to the source
urlmysterious-teacher-68276
11/09/2022, 3:41 PMmanaged_policy_arns
, but let’s seenumerous-plastic-31859
11/10/2022, 7:05 AMVersion
on aws_iam_role.cross_account_role
🙂mysterious-teacher-68276
11/10/2022, 10:11 AMmysterious-teacher-68276
11/10/2022, 10:23 AMnumerous-plastic-31859
11/10/2022, 10:46 AMmysterious-teacher-68276
11/10/2022, 6:21 PMnumerous-plastic-31859
11/11/2022, 7:11 AM