aws_efs_replication_configuration is missing role-arn for cross-account-replication

[rciccone91]

Description

When trying to set up a aws_efs_replication_configuration between two EFS instances on different accounts, AWS API fails as the RoleARN is not provided. This is due to the provider not allowing to set the ARN of the IAM role in the source account that allows Amazon EFS to perform replication on its behalf. For cross-account replication this is mandatory. Documentation of EFS Replication Destination

│ Error: creating EFS Replication Configuration (fs-xxxxxxxx): BadRequest: No RoleArn provided.  RoleArn is required for cross-account replication.
│ {
│   RespMetadata: {
│     StatusCode: 400,
│     RequestID: "<request-id>"
│   },
│   Message_: "No RoleArn provided.  RoleArn is required for cross-account replication."
│ }
│ 
│   with aws_efs_replication_configuration.efs_replication[0],
│   on efs-replication.tf line 1, in resource "aws_efs_replication_configuration" "efs_replication":
│    1: resource "aws_efs_replication_configuration" "efs_replication" {
│ 
╵

I'm running provider version 5.32.0 (where support for file_system_id to point to a preexistent EFS on a replication was added) but neither on that version or even the latest (v5.99.0) I'm seeing the attribute for setting this ARN.

Affected Resource(s) or Data Source(s)

aws_efs_replication_configuration

Potential Terraform Configuration

resource "aws_efs_replication_configuration" "efs_replication" {
  count = 1
  # Source File System of replication
  source_file_system_id = aws_efs_file_system.efs-instance.id

  # Destination File System of replication on other AWS account
  destination {
    # Destination File System Region
    region         = var.replication_destination_file_system_region

    # As this is cross account, the ARN of the kms key alias that should be used for encryption.
    kms_key_id     = var.replication_destination_file_system_encryption_kms_alias

    # As this is cross account, the ARN of the file system should be used.
    file_system_id = var.replication_destination_file_system_arn

   # New attribute that should be added.
    role_arn = var.replication_source_file_system_role_arn
  }
}

References

• service/efs/api_op_CreateReplicationConfiguration.go
• AWS EFS API - DestinationToCreate on Replication

Would you like to implement the enhancement?

No

[github-actions]

Community Guidelines

This comment is added to every new Issue to provide quick reference to how the Terraform AWS Provider is maintained. Please review the information below, and thank you for contributing to the community that keeps the provider thriving! 🚀

Voting for Prioritization

• Please vote on this Issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize it.
• Please see our prioritization guide for additional information on how the maintainers handle prioritization.
• Please do not leave +1 or other comments that do not add relevant new information or questions; they generate extra noise for others following the Issue and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.

[almiser]

i would like to work on this issue