I’m importing few resources into terraform, I have the following resources:
- aws_iam_group
- aws_iam_group_policy_attachment (10 policy arn’s)
- data_aws_iam_policy_document. (for inline group policy)
- aws_iam_group_policy (attaching the inline policy to the group)
I have a removed 1policy arn , replaced it with a different arn and imported all these above resources except the replaced policy arn . This replaced policy arn does not exist in group and is a new addition.
But when i run a terraform plan command, it shows that i would be adding my 10th policy but why it’s not showing that it’s going to remove the old policy arn? Why is it showing like that?
terraform plan:
# aws_iam_group_policy_attachment.group_policy[9] will be created
+ resource "aws_iam_group_policy_attachment" "group_policy" {
+ group = "xxx"
+ id = (known after apply)
+ policy_arn = "arn:aws:iam::xxxx:policy/EC2_readonly"
}
Plan: 1 to add, 0 to change, 0 to destroy.