Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Enhancement]: Export Neptune Cluster Resource ARN in Required Format #39877

Open
shazi57 opened this issue Oct 24, 2024 · 1 comment
Open

[Enhancement]: Export Neptune Cluster Resource ARN in Required Format #39877

shazi57 opened this issue Oct 24, 2024 · 1 comment
Labels
enhancement Requests to existing resources that expand the functionality or scope. needs-triage Waiting for first response or review from a maintainer. service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service.

Comments

@shazi57
Copy link

shazi57 commented Oct 24, 2024
edited
Loading

Description

Currently, the Terraform Neptune resource exports the administrative ARN as arn, which works fine for actions requiring administrative access to the cluster. However, for IAM policies, the resource ARN in the format:

arn:aws:neptune-db:region:account-id:cluster-resource-id/*

is often required in the Resource field. From what I’ve observed, Terraform doesn’t directly export this ARN, despite providing the cluster_resource_id attribute. Users are forced to build this ARN manually, typically like so:

data "aws_caller_identity" "current" {}

locals {
  neptune_cluster_arn = "arn:aws:neptune-db:${var.aws_region}:${data.aws_caller_identity.current.account_id}:${aws_neptune_cluster.db.cluster_resource_id}/*"
}

This method requires additional steps and string interpolation, which is both tedious and prone to errors, especially in environments where the resource ARN is frequently needed in IAM policies. By having Terraform natively export this ARN from the cluster resource, users would save time and reduce the risk of mistakes during deployment.

Affected Resource(s) and/or Data Source(s)

aws_neptune_cluster

Potential Terraform Configuration

resource "aws_iam_policy" "neptune_data_access_policy" {
  name        = "neptune-data-access-policy"
  path        = "/"
  description = "allows all data api actions on neptune cluster"

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = [
          "neptune:*",
        ]
        Effect   = "Allow"
        Resource = aws_neptune_cluster.db.resource_arn
      },
    ]
  })
}

References

aws doc link

Would you like to implement a fix?

No
@shazi57 shazi57 added the enhancement Requests to existing resources that expand the functionality or scope. label Oct 24, 2024
@github-actions GitHub Actions
Copy link

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please see our prioritization guide for information on how we prioritize.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@github-actions github-actions bot added service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service. needs-triage Waiting for first response or review from a maintainer. labels Oct 24, 2024
@shazi57 shazi57 changed the title [Enhancement]: Support exporting data resource arn from neptune cluster. [Enhancement]: Export Neptune Cluster Resource ARN in Required Format Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope. needs-triage Waiting for first response or review from a maintainer. service/iam Issues and PRs that pertain to the iam service. service/sts Issues and PRs that pertain to the sts service.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shazi57