From e43d8b780c1be696554e192423a9f53da1c167a1 Mon Sep 17 00:00:00 2001
From: ian-hoyle <ian.hoyle@nationalarchives.gov.uk>
Date: Wed, 18 Dec 2024 10:01:39 +0000
Subject: [PATCH] removing inline policy

---
 root_draft_metadata.tf | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/root_draft_metadata.tf b/root_draft_metadata.tf
index 0bd8ecd..bba1bbb 100644
--- a/root_draft_metadata.tf
+++ b/root_draft_metadata.tf
@@ -48,11 +48,18 @@ module "draft_metadata_api_gateway" {
 resource "aws_iam_role" "draft_metadata_api_gateway_execution_role" {
   name               = "TDRMetadataChecksAPIGatewayExecutionRole${title(local.environment)}"
   assume_role_policy = templatefile("./templates/iam_policy/assume_role_policy.json.tpl", { service = "apigateway.amazonaws.com" })
+}
 
-  inline_policy {
-    name   = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
-    policy = templatefile("./templates/iam_policy/api_gateway_state_machine_policy.json.tpl", { account_id = data.aws_caller_identity.current.account_id, state_machine_arn = module.draft_metadata_checks.step_function_arn })
-  }
+resource "aws_iam_role_policy" "api_gateway_execution_policy" {
+  name = "TDRMetadataChecksAPIGatewayStepFunctionExecutionPolicy${title(local.environment)}"
+  role = aws_iam_role.draft_metadata_api_gateway_execution_role.id
+  policy = templatefile(
+    "./templates/iam_policy/api_gateway_state_machine_policy.json.tpl",
+    {
+      account_id        = data.aws_caller_identity.current.account_id,
+      state_machine_arn = module.draft_metadata_checks.step_function_arn
+    }
+  )
 }
 
 module "draft_metadata_bucket" {