fix: error IAM role attachement when applying the module the first time (#591)

npalm · npalm · commit 6c74058143b0 · 2023-01-13T12:36:35.000+01:00
diff --git a/logging.tf b/logging.tf
@@ -1,7 +1,7 @@
 resource "aws_iam_role_policy" "instance" {
   count  = var.enable_cloudwatch_logging && var.create_runner_iam_role ? 1 : 0
   name   = "${local.name_iam_objects}-logging"
-  role   = local.aws_iam_role_instance_name
+  role   = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy = templatefile("${path.module}/policies/instance-logging-policy.json", { partition = data.aws_partition.current.partition })
 }
 
diff --git a/main.tf b/main.tf
@@ -370,7 +370,7 @@ resource "aws_iam_policy" "instance_docker_machine_policy" {
 resource "aws_iam_role_policy_attachment" "instance_docker_machine_policy" {
   count = var.create_runner_iam_role ? 1 : 0
 
-  role       = local.aws_iam_role_instance_name
+  role       = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy_arn = aws_iam_policy.instance_docker_machine_policy[count.index].arn
 }
 
@@ -390,14 +390,14 @@ resource "aws_iam_policy" "instance_session_manager_policy" {
 resource "aws_iam_role_policy_attachment" "instance_session_manager_policy" {
   count = var.enable_runner_ssm_access ? 1 : 0
 
-  role       = local.aws_iam_role_instance_name
+  role       = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy_arn = aws_iam_policy.instance_session_manager_policy[0].arn
 }
 
 resource "aws_iam_role_policy_attachment" "instance_session_manager_aws_managed" {
   count = var.enable_runner_ssm_access ? 1 : 0
 
-  role       = local.aws_iam_role_instance_name
+  role       = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore"
 }
 
@@ -407,7 +407,7 @@ resource "aws_iam_role_policy_attachment" "instance_session_manager_aws_managed"
 resource "aws_iam_role_policy_attachment" "user_defined_policies" {
   count = length(var.runner_iam_policy_arns)
 
-  role       = local.aws_iam_role_instance_name
+  role       = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy_arn = var.runner_iam_policy_arns[count.index]
 }
 
@@ -420,7 +420,7 @@ resource "aws_iam_role_policy_attachment" "docker_machine_cache_instance" {
      use aws_iam_role.docker_machine.name here! See https://docs.gitlab.com/runner/configuration/advanced-configuration.html */
   count = var.cache_bucket["create"] || length(lookup(var.cache_bucket, "policy", "")) > 0 ? 1 : 0
 
-  role       = local.aws_iam_role_instance_name
+  role       = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name
   policy_arn = local.bucket_policy
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`resource "aws_iam_role_policy" "instance" {`
`2`	`2`	`count = var.enable_cloudwatch_logging && var.create_runner_iam_role ? 1 : 0`
`3`	`3`	`name = "${local.name_iam_objects}-logging"`
`4`		`- role = local.aws_iam_role_instance_name`
	`4`	`+ role = var.create_runner_iam_role ? aws_iam_role.instance[0].name : var.runner_iam_role_name`
`5`	`5`	`policy = templatefile("${path.module}/policies/instance-logging-policy.json", { partition = data.aws_partition.current.partition })`
`6`	`6`	`}`
`7`	`7`