From e1fe7f929ecaba13d2256cc5e899422a6e9e2a0a Mon Sep 17 00:00:00 2001 From: ian-hoyle Date: Wed, 18 Dec 2024 15:13:25 +0000 Subject: [PATCH] Tdrd 607 fix terraform warnings inline policy (#560) * removing inline policy * attach policy not inline --- root_draft_metadata.tf | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/root_draft_metadata.tf b/root_draft_metadata.tf index 0bd8ecd..0e9a838 100644 --- a/root_draft_metadata.tf +++ b/root_draft_metadata.tf @@ -48,11 +48,22 @@ module "draft_metadata_api_gateway" { resource "aws_iam_role" "draft_metadata_api_gateway_execution_role" { name = "TDRMetadataChecksAPIGatewayExecutionRole${title(local.environment)}" assume_role_policy = templatefile("./templates/iam_policy/assume_role_policy.json.tpl", { service = "apigateway.amazonaws.com" }) +} - inline_policy { - name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}" - policy = templatefile("./templates/iam_policy/api_gateway_state_machine_policy.json.tpl", { account_id = data.aws_caller_identity.current.account_id, state_machine_arn = module.draft_metadata_checks.step_function_arn }) - } +resource "aws_iam_policy" "api_gateway_execution_policy" { + name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}" + policy = templatefile( + "./templates/iam_policy/api_gateway_state_machine_policy.json.tpl", + { + account_id = data.aws_caller_identity.current.account_id, + state_machine_arn = module.draft_metadata_checks.step_function_arn + } + ) +} + +resource "aws_iam_role_policy_attachment" "api_gateway_execution_policy" { + role = aws_iam_role.draft_metadata_api_gateway_execution_role.name + policy_arn = aws_iam_policy.api_gateway_execution_policy.arn } module "draft_metadata_bucket" {