Add resource to allow attachment of roles to mongodbatlas_cloud_provider_access
The need to do two applies to completely configure the mongodbatlas_cloud_provider_access resource should have never seen the light of day. I would like to see an additional resource that could attach a role to a mongodbatlas_cloud_provider_access after it has been created. Then you could use the attributes in the mongodbatlas_cloud_provider_access resource to create the role, then attach the role to it using the access_role_attachment resource.
Jack
shared this idea
Cloud Provider Access in v0.9.0 now has a single apply method and the original two apply method.
-
Jack
commented
I hacked together a workaround to do this without requiring the apply/modify/apply again cycle.
1. Create mongodbatlas_cloud_provider_access resource
2. Create AWS role using attributes from the mongodbatlas_cloud_provider_access created in step 1.
3. Attach policies to role.
4. Use a null resource with a local-exec provisioner to run curl to patch the mongodbatlas_cloud_provider_access and add the role ARN.This seems to work for us, but it would be much preferable to have an actual TF resource to do #4.
-
Thank you for the submission. We understand the current implementation is not ideal for all users however after the team weighed the pros and cons, along with the required timeline, the current version was the best choice. However, we continue to review and discuss the best way to implement this resource that considers the near-term and longer-term pros/cons and hope to find and provide a better solution.