Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plan detects changes in aws_ssm_parameter ARN when it shouldn't #14164

Open
jrobison-sb opened this issue Jul 13, 2020 · 2 comments
Open

plan detects changes in aws_ssm_parameter ARN when it shouldn't #14164

jrobison-sb opened this issue Jul 13, 2020 · 2 comments
Labels
bug Addresses a defect in current functionality. service/ssm Issues and PRs that pertain to the ssm service.

Comments

@jrobison-sb
Copy link
Contributor

Community Note

  • Please vote on this issue by adding a 馃憤 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v0.12.24
+ provider.aws v2.70.0

Affected Resource(s)

  • aws_ssm_parameter

Terraform Configuration Files

Basically any resource which uses an ARN of an SSM parameter. Such as this example where data.aws_iam_policy_document uses an SSM ARN as part of building an IAM policy:

  statement {
    sid       = "GetMyParameter"
    actions   = ["ssm:GetParameter"]
    resources = [aws_ssm_parameter.my_parameter.arn]
  }

Expected Behavior

If the value of the parameter changes, it will only change the value, it won't recreate the SSM parameter or the ARN of the parameter. And thus the resources using the parameter ARN shouldn't report a change as part of terraform plan.

Actual Behavior

If the value of the parameter changes, any resources using the ARN of the parameter will show up in terraform plan and report that they will change.

Steps to Reproduce

  1. Create an SSM parameter and use it's ARN in some other resource, such as in an IAM policy described above. Apply it.
  2. Change the value of the parameter, which does not recreate the SSM parameter or change it's ARN. Run a plan.
  3. The IAM policy (or whatever) resource will show up in the plan as if it was going to change, even though no change should be required.
@ghost ghost added the service/ssm Issues and PRs that pertain to the ssm service. label Jul 13, 2020
@github-actions github-actions bot added the needs-triage Waiting for first response or review from a maintainer. label Jul 13, 2020
@breathingdust breathingdust added bug Addresses a defect in current functionality. and removed needs-triage Waiting for first response or review from a maintainer. labels Jul 13, 2020
@rmclaughlin-nelnet
Copy link

rmclaughlin-nelnet commented Mar 15, 2021
edited

I see this issue quite often. Would love to see it fixed. For example, I changed the description of some SSM values and the plan indicated it would update all the IAM policies that used them.

@kamilturek
Copy link
Collaborator

I think it's no longer valid. I can't reproduce it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Addresses a defect in current functionality. service/ssm Issues and PRs that pertain to the ssm service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@breathingdust @kamilturek @jrobison-sb @rmclaughlin-nelnet