Allow specifying role names instead of hardcoded dms-access-for-endpoint / dms-cloudwatch-logs-role / dms-vpc-role

Question

Allow specifying role names instead of hardcoded dms-access-for-endpoint / dms-cloudwatch-logs-role / dms-vpc-role

rgarrigue opened this issue 4 months ago · 2 comments

Is your request related to a problem? Please describe.

I applied this module twice, and ended up with

│ Error: creating IAM Role (dms-access-for-endpoint): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 1d3032eb-ed29-4e97-95e9-4f584a63e9fa, EntityAlreadyExists: Role with name dms-access-for-endpoint already exists.
│ 
│   with module.database_migration_service.aws_iam_role.dms_access_for_endpoint[0],
│   on .terraform/modules/database_migration_service/main.tf line 80, in resource "aws_iam_role" "dms_access_for_endpoint":
│   80: resource "aws_iam_role" "dms_access_for_endpoint" {
│ 
╵
╷
│ Error: creating IAM Role (dms-cloudwatch-logs-role): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 0cf957a0-9ea2-408d-91b3-5f6e7f811364, EntityAlreadyExists: Role with name dms-cloudwatch-logs-role already exists.
│ 
│   with module.database_migration_service.aws_iam_role.dms_cloudwatch_logs_role[0],
│   on .terraform/modules/database_migration_service/main.tf line 94, in resource "aws_iam_role" "dms_cloudwatch_logs_role":
│   94: resource "aws_iam_role" "dms_cloudwatch_logs_role" {
│ 
╵
╷
│ Error: creating IAM Role (dms-vpc-role): operation error IAM: CreateRole, https response error StatusCode: 409, RequestID: 74d6de97-a5af-4118-8160-5689ca49da7d, EntityAlreadyExists: Role with name dms-vpc-role already exists.
│ 
│   with module.database_migration_service.aws_iam_role.dms_vpc_role[0],
│   on .terraform/modules/database_migration_service/main.tf line 108, in resource "aws_iam_role" "dms_vpc_role":
│  108: resource "aws_iam_role" "dms_vpc_role" {

Describe the solution you'd like.

Being able to specify the role names, like access_iam_role_name. Or maybe an unique prefix for the whole module... as long as I can make it unique.

Describe alternatives you've considered.

I guess I can try out switching create_iam_roles to false on the 2nd DMS, but obviously if I ever delete the first one, boom.

Answer 1 · 2024-08-28T13:04:05.000Z

Please read the DMS docs and search past issues on this

Answer 2 · 2024-09-29T02:15:52.000Z

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.