Skip to content

Commit

Permalink
Tdrd 607 fix terraform warnings inline policy (#560)
Browse files Browse the repository at this point in the history
* removing inline policy

* attach policy not inline
  • Loading branch information
ian-hoyle authored Dec 18, 2024
1 parent 6e93962 commit e1fe7f9
Showing 1 changed file with 15 additions and 4 deletions.
19 changes: 15 additions & 4 deletions root_draft_metadata.tf
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,22 @@ module "draft_metadata_api_gateway" {
resource "aws_iam_role" "draft_metadata_api_gateway_execution_role" {
name = "TDRMetadataChecksAPIGatewayExecutionRole${title(local.environment)}"
assume_role_policy = templatefile("./templates/iam_policy/assume_role_policy.json.tpl", { service = "apigateway.amazonaws.com" })
}

inline_policy {
name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
policy = templatefile("./templates/iam_policy/api_gateway_state_machine_policy.json.tpl", { account_id = data.aws_caller_identity.current.account_id, state_machine_arn = module.draft_metadata_checks.step_function_arn })
}
resource "aws_iam_policy" "api_gateway_execution_policy" {
name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
policy = templatefile(
"./templates/iam_policy/api_gateway_state_machine_policy.json.tpl",
{
account_id = data.aws_caller_identity.current.account_id,
state_machine_arn = module.draft_metadata_checks.step_function_arn
}
)
}

resource "aws_iam_role_policy_attachment" "api_gateway_execution_policy" {
role = aws_iam_role.draft_metadata_api_gateway_execution_role.name
policy_arn = aws_iam_policy.api_gateway_execution_policy.arn
}

module "draft_metadata_bucket" {
Expand Down

0 comments on commit e1fe7f9

Please sign in to comment.