I am trying to use Terraform to set up a Snowflake "Storage Integration" object that links to an AWS S3 bucket. I'm using the "chanzuckerberg" Snowflake provider from the Terraform registry in addition to the standard AWS provider.
The issue I have is that part of the process to create the integration requires the following sequence of actions:
- Create an IAM Role with S3 access policy
- Create a Snowflake Storage Integration object, specifying the IAM Role created in step 1
- Modify the IAM Role access policy using values from the Storage Integration object
(complete list of steps here)
Hence there is a circular dependency between the IAM Role and Storage Integration. Steps 1 and 2 are straightforward but I'm not sure how to implement step 3 with Terraform as in involves modifying an object's state after it has been created.
Unfortunately it looks like the IAM Role access policy cannot be modified separate from the role itself.
Is such a thing possible or does the circular relationship between the resources mean this can't be handled by Terraform?