Skip to content

fix: Attach policies to IAM user (not role) #595

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: Attach policies to IAM user (not role) #595

wants to merge 1 commit into from
+3 −3

Conversation

emuesuenu
Copy link

@emuesuenu emuesuenu commented Aug 14, 2025
edited
Loading

Description

Replace the incorrect resource type aws_iam_role_policy_attachment with aws_iam_user_policy_attachment.

Update arguments accordingly (role -> user) so attachments target the created IAM user (aws_iam_user.this[0].name).

No changes to input variables: var.policies remains a map and the for_each logic is unchanged.

Motivation and Context

The previous implementation attempted to attach policies using the role attachment resource for an IAM user, which is invalid.

Breaking Changes

Resource address change: from aws_iam_role_policy_attachment.additional to aws_iam_user_policy_attachment.additional.
Terraform will plan to replace these attachment resources on the next apply (destroy old, create new).

Impact: Brief re‑creation of policy attachments during apply. No persistent permission loss is expected.

How Has This Been Tested?

  • I have updated at least one of the examples/* to demonstrate and validate my change(s)
  • I have tested and validated these changes using one or more of the provided examples/* projects

@emuesuenu
fix(iam-user): attach policies to IAM user (not role)
87a4070 
Replace aws_iam_role_policy_attachment with aws_iam_user_policy_attachment
and switch the attribute from `role` to `user`. This ensures `var.policies`
are correctly attached to the created IAM user and prevents apply errors.
@emuesuenu emuesuenu changed the title fix(iam-user): attach policies to IAM user (not role) fix: attach policies to IAM user (not role) Aug 14, 2025
@emuesuenu emuesuenu changed the title fix: attach policies to IAM user (not role) fix: Attach policies to IAM user (not role) Aug 14, 2025
@emuesuenu emuesuenu marked this pull request as ready for review August 14, 2025 23:43
@bryantbiggs
Copy link
Member

This was corrected in #594

@emuesuenu emuesuenu closed this Aug 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@emuesuenu @bryantbiggs