Skip to content

fix: ensure IAM Role name length does not exceed 64 characters #4696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: ensure IAM Role name length does not exceed 64 characters #4696

wants to merge 1 commit into from

Conversation

aarongorka
Copy link

When using a long enough prefix, the IAM Roles can exceed the maximum length allowed by AWS.

For example:

│ Error: expected length of name to be in the range (1 - 64), got github-runners-prod-xxxxxxxxxxxxxx-prod-action-scale-down-lambda-role
│
│   with module.multi_runner.module.runners["xxxxxxxxxxxxxx-prod"].aws_iam_role.scale_down,
│   on .terraform/modules/multi_runner/modules/runners/scale-down.tf line 88, in resource "aws_iam_role" "scale_down":
│   88:   name                 = "${var.prefix}-action-scale-down-lambda-role"

There is nowhere to override this, so your only options are to change the prefix for the entire module. This commit resolves this by truncating the name to fit under the maximum length.

This primarily happens on the scale-up and scale-down Lambdas, but I've added it everywhere for consistency.

Fixes: #3973

@aarongorka aarongorka requested a review from a team as a code owner August 6, 2025 01:44
@aarongorka
Copy link
Author

Worth noting that there is one caveat to this approach: if the prefix is long enough, you'll end up with the same IAM Role names for both scale-up and scale-down. The other approach would be to truncate just the prefix, but you still end up with a similar problem in that multiple instantiations of this module could have a conflict. The only real way to avoid this completely is with name_prefix, but that would be a breaking (ish?) change.

@npalm npalm self-requested a review August 7, 2025 20:27
@aarongorka
fix: ensure IAM Role name length does not exceed 64 characters
2bdcd44 
When using a long enough `prefix`, the IAM Roles can exceed the maximum
length allowed by AWS.

For example:

```
│ Error: expected length of name to be in the range (1 - 64), got github-runners-prod-xxxxxxxxxxxxxx-prod-action-scale-down-lambda-role
│
│   with module.multi_runner.module.runners["xxxxxxxxxxxxxx-prod"].aws_iam_role.scale_down,
│   on .terraform/modules/multi_runner/modules/runners/scale-down.tf line 88, in resource "aws_iam_role" "scale_down":
│   88:   name                 = "${var.prefix}-action-scale-down-lambda-role"
```

There is nowhere to override this, so your only options are to change
the prefix for the entire module. This commit resolves this by
truncating the name to fit under the maximum length.

This primarily happens on the scale-up and scale-down Lambdas, but I've
added it everywhere for consistency.

Fixes: github-aws-runners#3973
@aarongorka aarongorka force-pushed the fix-iam-role-name-length branch from f7768eb to 2bdcd44 Compare August 11, 2025 04:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npalm npalm Awaiting requested review from npalm

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

IAM role name too long
1 participant
@aarongorka