如何使用 terraform 修复 AWS 中的 LimitExceeded 问题？

Question

当我 运行 应用 terraform 时，出现此错误：

running "...terraform apply" in ".../aws-config": exit status 1
module.aws_config_role.aws_iam_policy.default: Modifying... [id=arn:aws:iam::10391031030:policy/my-aws-config-role]

Error: Error updating IAM policy arn:aws:iam::10391031030:policy/my-aws-config-role: LimitExceeded: Cannot exceed quota for PolicySize: 6144
    status code: 409, request id: 313b0l20-a29d-0121-la32-01210d0103c01

实际上这个任务会更新 IAM 策略并添加许多新项目，从 terraform plan 得知：

~ update in-place

Terraform will perform the following actions:

  # module.aws_config_role.aws_iam_policy.default will be updated in-place
~ resource "aws_iam_policy" "default" {
        arn    = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        id     = "arn:aws:iam::10391031030:policy/my-aws-config-role"
        name   = "my-aws-config-role"
        path   = "/"
      ~ policy = jsonencode(
          ~ {
              ~ Statement = [
                  ~ {
                      ~ Action   = [
                            "..." // old
                            "..." // old
                            "..." // old
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          + "..." // new
                          ...

 Plan: 0 to add, 1 to change, 0 to destroy.

aws 提供商版本升级后，得到了这个变化。如何避免？忽略此任务或是否可以扩展 AWS 的策略大小？

Answer 1

托管策略的 6144 个字符限制来自 AWS，而非 TF。所以你必须 fix/workaround 从 AWS 的角度来看，而不是 TF。

大家可以按照A​​WS官方推荐s:

• How can I increase the default managed policies or character size limit for an IAM role or user?