From 3bb12771c2eebae4d46541a7944d5525619a7e62 Mon Sep 17 00:00:00 2001
From: cgeers <c.geers@gmail.com>
Date: Mon, 30 Dec 2024 11:44:17 -0600
Subject: [PATCH] fix(agentless-scanning): stackeset administration role (#30)

* per: https://github.com/hashicorp/terraform-provider-aws/issues/23464
  fixes an issue when service managed stacksets, working around an AWS provider bug
---
 modules/agentless-scanning/organizational.tf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/agentless-scanning/organizational.tf b/modules/agentless-scanning/organizational.tf
index 76d1ebc..c02ea6b 100644
--- a/modules/agentless-scanning/organizational.tf
+++ b/modules/agentless-scanning/organizational.tf
@@ -40,6 +40,10 @@ resource "aws_cloudformation_stack_set" "ou_resources_stackset" {
     retain_stacks_on_account_removal = false
   }
 
+  lifecycle {
+    ignore_changes = [administration_role_arn] # https://github.com/hashicorp/terraform-provider-aws/issues/23464
+  }
+
   template_body = <<TEMPLATE
 Resources:
   ScanningRole: