Merge pull request #415 from imperva/cpapke/max-role-name-length

Limit role name length
imperva · Jun 24, 2024 · 67f5181 · 67f5181
2 parents 11f3fea + f2ea0cd
commit 67f5181
Show file tree

Hide file tree

Showing 6 changed files with 7 additions and 7 deletions.
diff --git a/modules/aws/dam-base-instance/iam_role.tf b/modules/aws/dam-base-instance/iam_role.tf
@@ -55,7 +55,7 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 
 resource "aws_iam_role" "dsf_node_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = "${var.name}-role"
+  name                = "${substr(var.name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {

diff --git a/modules/aws/db-with-agent/iam_role.tf b/modules/aws/db-with-agent/iam_role.tf
@@ -43,7 +43,7 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 }
 
 resource "aws_iam_role" "dsf_node_role" {
-  name                = join("-", [var.friendly_name, "role"])
+  name                = "${substr(var.friendly_name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {

diff --git a/modules/aws/dra-admin/iam_role.tf b/modules/aws/dra-admin/iam_role.tf
@@ -46,7 +46,7 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 
 resource "aws_iam_role" "dsf_node_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = "${var.name}-role"
+  name                = "${substr(var.name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {

diff --git a/modules/aws/dra-analytics/iam_role.tf b/modules/aws/dra-analytics/iam_role.tf
@@ -46,7 +46,7 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 
 resource "aws_iam_role" "dsf_node_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = "${var.name}-role"
+  name                = "${substr(var.name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {

diff --git a/modules/aws/rds-mssql-db/iam_role.tf b/modules/aws/rds-mssql-db/iam_role.tf
@@ -114,7 +114,7 @@ locals {
 }
 
 resource "aws_iam_role" "rds_db_og_role" {
-  name                = join("-", [local.db_identifier, "og-role"])
+  name                = "${substr(local.db_identifier, 0, 64-length("-og-role"))}-og-role"
   managed_policy_arns = null
   assume_role_policy  = local.rds_db_og_role_assume_role_policy
   inline_policy {
@@ -133,7 +133,7 @@ resource "aws_iam_instance_profile" "lambda_mssql_infra_instance_iam_profile" {
 
 resource "aws_iam_role" "lambda_mssql_infra_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = join("-", [local.db_identifier, "infra-role"])
+  name                = "${substr(local.db_identifier, 0, 64-length("-infra-role"))}-infra-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {

diff --git a/modules/aws/sonar-base-instance/iam_role.tf b/modules/aws/sonar-base-instance/iam_role.tf
@@ -66,7 +66,7 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 
 resource "aws_iam_role" "dsf_node_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = join("-", [var.name, "role"])
+  name                = "${substr(var.name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {