Merge pull request #38 from rhythmictech/dd-iam-key-rotation

mtiszenkel-rhythmic · web-flow · commit 168c974f7f36 · 2026-03-10T10:51:29.000-06:00
Fix for time_rotating bug
diff --git a/README.md b/README.md
@@ -174,6 +174,7 @@ module "datadog" {
 | [terraform_data.external_id](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
 | [time_rotating.access_key](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating) | resource |
 | [time_sleep.wait_datadog_forwarder](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [time_static.access_key](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/static) | resource |
 | [archive_file.rds_enhanced_monitoring](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
diff --git a/main.tf b/main.tf
@@ -111,14 +111,20 @@ resource "time_rotating" "access_key" {
   rotation_days = var.access_key_rotation_days
 }
 
+resource "time_static" "access_key" {
+  count = var.access_method == "user" ? 1 : 0
+
+  rfc3339 = time_rotating.access_key[0].rfc3339
+}
+
 resource "aws_iam_access_key" "datadog" {
   count = var.access_method == "user" ? 1 : 0
 
   user = aws_iam_user.datadog[0].name
 
   lifecycle {
     create_before_destroy = true
-    replace_triggered_by  = [time_rotating.access_key[0]]
+    replace_triggered_by  = [time_static.access_key[0]]
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -111,14 +111,20 @@ resource "time_rotating" "access_key" {`
`111`	`111`	`rotation_days = var.access_key_rotation_days`
`112`	`112`	`}`
`113`	`113`
	`114`	`+resource "time_static" "access_key" {`
	`115`	`+ count = var.access_method == "user" ? 1 : 0`
	`116`	`+`
	`117`	`+ rfc3339 = time_rotating.access_key[0].rfc3339`
	`118`	`+}`
	`119`	`+`
`114`	`120`	`resource "aws_iam_access_key" "datadog" {`
`115`	`121`	`count = var.access_method == "user" ? 1 : 0`
`116`	`122`
`117`	`123`	`user = aws_iam_user.datadog[0].name`
`118`	`124`
`119`	`125`	`lifecycle {`
`120`	`126`	`create_before_destroy = true`
`121`		`- replace_triggered_by = [time_rotating.access_key[0]]`
	`127`	`+ replace_triggered_by = [time_static.access_key[0]]`
`122`	`128`	`}`
`123`	`129`	`}`
`124`	`130`