[Bug]: Cannot deploy more than one DMS aws_dms_replication_config due to duplicate service-linked role name

[dom0do]

Terraform Core Version

1.4.6

AWS Provider Version

5.49.0

Affected Resource(s)

aws_dms_replication_config

Expected Behavior

Create multiple replication configs

Actual Behavior

The first replication is created and programmatically in the process spawns a service-linked IAM role apparently called "AWSServiceRoleForDMSServerless". Subsequent deploying configs try to do the exact same thing, spawning a role named "AWSServiceRoleForDMSServerless" which fails because the role with that name already exists. This means only the first replication config is provisioned and all others fail.

Given that the module does not support custom roles or role suffixes, I cannot see any workaround for this behavior.

Relevant Error/Panic Output Snippet

Error: creating DMS Replication Config (dev-babel-cdc-lo-batch): InvalidParameterValueException: Caught exception while trying to create the service-linked IAM role for DMS Serverless. Please ensure the account user has permission to create service-linked roles. Please follow the steps for using SLR here: https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html


"errorCode": "InvalidInputException",
"errorMessage": "Service role name AWSServiceRoleForDMSServerless has been taken in this account, please try a different suffix."

Terraform Configuration Files

resource "aws_dms_replication_config" "dev-tsc-batch" {
  count = (local.separate_validation == true) ? 2 : 1

  replication_config_identifier = lower((count.index == 0) ?
    "${local.task_id_serverless}-cdc-lo-batch" :
  "${local.task_id_serverless}-cdc-val-batch")

  resource_identifier = lower((count.index == 0) ?
    "${local.task_id_serverless}-cdc-lo-batch" :
  "${local.task_id_serverless}-cdc-val-batch")

  tags = merge(local.default_tags, (count.index == 0) ?
    { Name = "${local.task_id_serverless}-cdc-lo-batch" } :
  { Name = "${local.task_id_serverless}-cdc-val-batch" })

  source_endpoint_arn = aws_dms_endpoint.dev-tsc-source.endpoint_arn
  target_endpoint_arn = aws_dms_endpoint.dev-tsc-target.endpoint_arn

  compute_config {
    replication_subnet_group_id  = aws_dms_replication_subnet_group.dev-primary-private.replication_subnet_group_id
    min_capacity_units           = "2"
    max_capacity_units           = "128"
    preferred_maintenance_window = "sun:03:00-sun:04:00"
    vpc_security_group_ids       = [data.aws_security_group.default.id]
  }

  replication_type = lower((count.index == 0) ?
  "full-load-and-cdc" : "cdc")

  table_mappings = file((count.index == 0) ?
    "${local.table_mapping_cdc_batch}_load.json" :
  "${local.table_mapping_cdc_batch}_validate.json")

  replication_settings = templatefile("${path.module}/dms_settings.json.tpl", (count.index == 0) ?
    merge(local.task_settings_base, local.task_settings_serverless_cdc, local.task_settings_cdc_batch) :
  merge(local.task_settings_base, local.task_settings_validationonly, local.task_settings_serverless_cdc, local.task_settings_cdc_batch))
}

Steps to Reproduce

Try to provision multiple replication configs. Watch them fail with the service-linked role error. Confirm reason for SLR failure in CloudTrail.

Debug Output

No response

Panic Output

No response

Important Factoids

No response

References

DMS docs

Would you like to implement a fix?

None

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.