From 5751789be58939d69cfa1ae55155182ce166ae25 Mon Sep 17 00:00:00 2001 From: Tim Cheung <152907271+timckt@users.noreply.github.com> Date: Thu, 15 Feb 2024 13:56:37 +0000 Subject: [PATCH 1/2] split the combined block as it hits the aws limit --- aws.tf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/aws.tf b/aws.tf index 4733695..29bb48d 100644 --- a/aws.tf +++ b/aws.tf @@ -39,6 +39,7 @@ resource "aws_iam_role" "github_access" { max_session_duration = 10 * 3600 } +#This combined policy hits the AWS IAM PolicySize 6144 limit, please use combined_2 block instead. data "aws_iam_policy_document" "combined" { source_policy_documents = [ data.aws_iam_policy_document.cloudwatch_for_github.json, @@ -53,6 +54,11 @@ data "aws_iam_policy_document" "combined" { data.aws_iam_policy_document.sqs_for_github.json, data.aws_iam_policy_document.vpc_for_github.json, data.aws_iam_policy_document.secretsmanager_for_github.json, + ] +} + +data "aws_iam_policy_document" "combined_2" { + source_policy_documents = [ data.aws_iam_policy_document.elasticache_for_github.json, ] } @@ -65,6 +71,14 @@ resource "aws_iam_policy" "github_access" { } } +resource "aws_iam_policy" "github_access_2" { + policy = data.aws_iam_policy_document.combined_2.json + name = "access-via-github-02" + tags = { + GithubTeam = "webops" + } +} + resource "aws_iam_role_policy_attachment" "github_access" { role = aws_iam_role.github_access.name policy_arn = aws_iam_policy.github_access.arn From 7483bbc5035471e53e045374f8b73e1d1d02c889 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 15 Feb 2024 13:57:21 +0000 Subject: [PATCH 2/2] terraform-docs: automated action --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index cc6a01a..6e0c29d 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ No modules. | [auth0_rule_config.aws_saml_provider_name](https://registry.terraform.io/providers/auth0/auth0/latest/docs/resources/rule_config) | resource | | [aws_iam_policy.api_gateway_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_policy.github_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | +| [aws_iam_policy.github_access_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource | | [aws_iam_role.github_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | | [aws_iam_role_policy_attachment.api_gateway_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | | [aws_iam_role_policy_attachment.github_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | @@ -53,6 +54,7 @@ No modules. | [aws_iam_policy_document.cloudwatch_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.cognito_idp_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.combined](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.combined_2](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.elasticache_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.federated_role_trust_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.iam_for_github](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |