From fd65a2d5faaa66ad0a0f0086952d1f63834da271 Mon Sep 17 00:00:00 2001
From: Christopher Papke <chris.papke@imperva.com>
Date: Fri, 29 Sep 2023 11:30:35 -0700
Subject: [PATCH] limit role name length

---
 modules/aws/sonar-base-instance/iam_role.tf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/aws/sonar-base-instance/iam_role.tf b/modules/aws/sonar-base-instance/iam_role.tf
index a1798ef05..79741585e 100644
--- a/modules/aws/sonar-base-instance/iam_role.tf
+++ b/modules/aws/sonar-base-instance/iam_role.tf
@@ -72,7 +72,8 @@ resource "aws_iam_instance_profile" "dsf_node_instance_iam_profile" {
 
 resource "aws_iam_role" "dsf_node_role" {
   count               = var.instance_profile_name == null ? 1 : 0
-  name                = "${var.name}-role"
+  # role name has a maximum length of 64 characters
+  name                = "${substr(var.name, 0, 64-length("-role"))}-role"
   managed_policy_arns = null
   assume_role_policy  = local.role_assume_role_policy
   inline_policy {