How to import terraform policy attachment?

Question

Our main goal is to move some resources to a different terraform state fle. I am trying to import a policy attachment of a resource ,however seems like it does not support importing of policy attachment . i am getting an error.

What is the other alternative if it does not support?

i am trying to import this policy

 + aws_iam_role_policy_attachment.gitlab_as_attach
      id:                                                <computed>
      policy_arn:                                        "arn:aws:iam::xxxxxxxxxxxx:policy/gitlab_as_policy"
      role:                                              "gitlab_prod"

error:

terraform import aws_iam_role_policy_attachment.gitlab_as_attach arn:aws:iam::xxxxxxxxx:policy/gitlab_as_policy
aws_iam_role_policy_attachment.gitlab_as_attach: Importing from ID "arn:aws:iam::xxxxxxxx:policy/gitlab_as_policy"...
Error importing: 1 error(s) occurred:

* aws_iam_role_policy_attachment.gitlab_as_attach (import id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): import aws_iam_role_policy_attachment.gitlab_as_attach (id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): resource aws_iam_role_policy_attachment doesn't support import

terraform version:

Terraform v0.11.0
+ provider.aws v1.5.0

Answer 1

This issue is fixed in 1.37.0 for the provider.aws plugin. Do upgrade the plugins and modules related to the terraform.

To upgrade the plugins run the below command

terraform init -upgrade

To upgrade the modules run the below command

terraform get -update

For further information, look up at the defects and enhancements related to terraform

https://github.com/terraform-providers/terraform-provider-aws/blob/master/CHANGELOG.md#1370-september-19-2018

I ran import for the aws_iam_role_policy_attachment today and it's successful.

terraform import -provider=aws.{example} aws_iam_role_policy_attachment.role-attach-1 {test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess
aws_iam_role_policy_attachment.role-attach-1: Importing from ID "{test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess"...
aws_iam_role_policy_attachment.role-attach-1: Import complete!
  Imported aws_iam_role_policy_attachment (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
aws_iam_role_policy_attachment.role-attach-1: Refreshing state... (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)

I hope this helps.

Answer 2

EDIT: a new PR was written and merged, and a new version of the AWS Terraform provider (1.37.0) was released adding this feature. This answer is now not really valid anymore; see Momooo's answer for how to do this.

Unfortunately this has been an open issue in the AWS Terraform provider for a while, and the PR that would fix it was abandoned. You could try to detach the policy, refresh terraform, perform the import, then re-attach after the import.