AWS TAG POLICY CONTENT LIMIT EXCEEDED WHILE IN WEB CONSOLE IT'S INTERPRETED AS CORRECT #12597
Labels
service/organizations
Issues and PRs that pertain to the organizations service.
Comments
ghost
mentioned this issue
ghost
added
the
service/organizations
github-actions
bot
added
the
needs-triage
|
I tried to reproduce this error, but I couldn't. resource "aws_organizations_policy" "aws_master_parent_policy" {
name = "test_policy_for_terraform_provider_aws"
type = "TAG_POLICY"
description = "https://github.com/terraform-providers/terraform-provider-aws/issues/12597"
content = file("test_policy.json")
}{
"tags": {
"CostCenter01": {
"tag_key": {
"@@assign": "CostCenter01"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter02": {
"tag_key": {
"@@assign": "CostCenter02"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter03": {
"tag_key": {
"@@assign": "CostCenter03"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter04": {
"tag_key": {
"@@assign": "CostCenter04"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter05": {
"tag_key": {
"@@assign": "CostCenter05"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter06": {
"tag_key": {
"@@assign": "CostCenter06"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter07": {
"tag_key": {
"@@assign": "CostCenter07"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter08": {
"tag_key": {
"@@assign": "CostCenter08"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter09": {
"tag_key": {
"@@assign": "CostCenter09"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter10": {
"tag_key": {
"@@assign": "CostCenter10"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter11": {
"tag_key": {
"@@assign": "CostCenter11"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter12": {
"tag_key": {
"@@assign": "CostCenter12"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
},
"CostCenter13": {
"tag_key": {
"@@assign": "CostCenter13"
},
"tag_value": {
"@@assign": [
"Home",
"Work"
]
}
}
}
} |
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_organizations_policy.aws_master_parent_policy will be created
+ resource "aws_organizations_policy" "aws_master_parent_policy" {
+ arn = (known after apply)
+ content = jsonencode(
{
+ tags = {
+ CostCenter01 = {
+ tag_key = {
+ @@assign = "CostCenter01"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter02 = {
+ tag_key = {
+ @@assign = "CostCenter02"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter03 = {
+ tag_key = {
+ @@assign = "CostCenter03"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter04 = {
+ tag_key = {
+ @@assign = "CostCenter04"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter05 = {
+ tag_key = {
+ @@assign = "CostCenter05"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter06 = {
+ tag_key = {
+ @@assign = "CostCenter06"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter07 = {
+ tag_key = {
+ @@assign = "CostCenter07"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter08 = {
+ tag_key = {
+ @@assign = "CostCenter08"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter09 = {
+ tag_key = {
+ @@assign = "CostCenter09"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter10 = {
+ tag_key = {
+ @@assign = "CostCenter10"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter11 = {
+ tag_key = {
+ @@assign = "CostCenter11"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter12 = {
+ tag_key = {
+ @@assign = "CostCenter12"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
+ CostCenter13 = {
+ tag_key = {
+ @@assign = "CostCenter13"
}
+ tag_value = {
+ @@assign = [
+ "Home",
+ "Work",
]
}
}
}
}
)
+ description = "https://github.com/terraform-providers/terraform-provider-aws/issues/12597"
+ id = (known after apply)
+ name = "test_policy_for_terraform_provider_aws"
+ type = "TAG_POLICY"
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_organizations_policy.aws_master_parent_policy: Creating...
aws_organizations_policy.aws_master_parent_policy: Creation complete after 2s [id=p-95j06yzgnz]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed. |
|
|
I am seeing this issue also and i copy pasta this policy from AWS Console Error: error updating Organizations Policy: ConstraintViolationException: You have exceeded the maximum policy size. Policy used was |
|
I'm getting the same issue as well. The only method that worked was using jsonencode() with the policy. The file function, template resource, and data.aws_iam_policy_document resource all had the same "POLICY_CONTENT_LIMIT_EXCEEDED" error. |
You have an example? |
figured it out, created a local variable and wrapped the json inside jsonencode(JSON) this also worked for me |
|
This is due to the json file exceeding the size limit. It would work if you minify the json file ( |
|
I had the same problem. Notice that if you are using Ansible to provision, this is how you can get the minified output: - name: Set policy check fact
set_fact:
policy_res: "{{ check_policy_result.stdout | from_json | first }}"
- name: Load policy
set_fact:
_policy: "{{ lookup(_lookup, '{{ _file }}') | from_json | to_json(separators=(',',':')) }}"
- name: Update policy - {{ _name }}
command: |
aws organizations update-policy
--policy-id {{ policy_res.Id }}
--name {{ _name }}
--description "{{ _description }}"
--content '{{ _policy }}'
when:
- check_policy_result.stdout != '[]' |
|
Closing as it looks like a way forward was found via the comments from the community! 🚀 |
breathingdust
removed
the
needs-triage
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
This issue was originally opened by @rlig as hashicorp/terraform#24512. It was migrated here as a result of the provider split. The original body of the issue is below.
Hello,
Terraform Version
0.12.19
Terraform Configuration Files
I'm trying to create a tag policy using aws_organizations_policy resource just by passing json file as template to content argument, example below:
Tried also using templatefile(https://www.terraform.io/docs/configuration/functions/templatefile.html) function. Same issue.
Actual Behavior
Problem is, when I create that using aws console I do not meet any errors as the whole policy has about 2000 characters (limit is 2500). When I try to create that using terraform I meet error:
Expected Behaviour
Policy created. Its size is valid.
Regards
Rlig
The text was updated successfully, but these errors were encountered: