fix: prevent lambda IAM policies from detaching when orders are swapped #630
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Used for loop instead of count for resource "aws_iam_role_policy_attachment" "additional_many" to ensure that changing orders of the policy will not detach them
Motivation and Context
Fixes #629
I have a project on production where I used the module and added the policies to the lambda.
Subsequently, I swapped the order of the policies and they got detached from the lambda, this caused a production issue as the lambda lacked permissions. Would like to ensure that this does not happen again.
Breaking Changes
None that I am aware of
How Has This Been Tested?
I have updated at least one of the
examples/*to demonstrate and validate my change(s)There is no need to update as it applies to existing config
I have tested and validated these changes using one or more of the provided
examples/*projectsI have executed
pre-commit run -aon my pull requestI have also tested again the local code in the issue