[PRMP-1318] replace aws_iam_policy references with local variables for SSM access policies

Signed-off-by: NogaNHS <127490765+NogaNHS@users.noreply.github.com>

Author: NogaNHS

infrastructure/lambda-back-channel-logout.tf

@@ -14,7 +14,7 @@ module "back_channel_logout_lambda" {
   name    = "BackChannelLogoutHandler"
   handler = "handlers.back_channel_logout_handler.lambda_handler"
   iam_role_policy_documents = [
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.auth_session_dynamodb_table.dynamodb_read_policy_document,
     module.auth_session_dynamodb_table.dynamodb_write_policy_document,
     module.ndr-app-config.app_config_policy

infrastructure/lambda-bulk-upload-metadata-processor.tf

@@ -15,7 +15,7 @@ module "bulk-upload-metadata-processor-lambda" {
     module.lg-bulk-upload-expedite-metadata-queue.sqs_read_policy_document,
     module.lg-bulk-upload-expedite-metadata-queue.sqs_write_policy_document,
     module.ndr-app-config.app_config_policy,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     data.aws_iam_policy.aws_lambda_vpc_access_execution_role.policy,
   ]
 

infrastructure/lambda-bulk-upload.tf

@@ -19,7 +19,7 @@ module "bulk-upload-lambda" {
     module.sqs-lg-bulk-upload-invalid-queue.sqs_write_policy_document,
     module.lg-bulk-upload-expedite-metadata-queue.sqs_write_policy_document,
     module.lg-bulk-upload-expedite-metadata-queue.sqs_read_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.ndr-app-config.app_config_policy
   ]
   kms_deletion_window = var.kms_deletion_window

infrastructure/lambda-create-doc-ref.tf

@@ -56,7 +56,7 @@ module "create-doc-ref-lambda" {
     module.stitch_metadata_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.ndr-app-config.app_config_policy,
   ]
   kms_deletion_window = var.kms_deletion_window

infrastructure/lambda-document-status-check-result.tf

@@ -57,7 +57,7 @@ module "document-status-check-lambda" {
   handler = "handlers.document_status_check_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.document_reference_dynamodb_table.dynamodb_read_policy_document,
     module.document_reference_dynamodb_table.dynamodb_write_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,

infrastructure/lambda-document-upload-check.tf

@@ -7,7 +7,7 @@ module "document_upload_check_lambda" {
     module.ndr-bulk-staging-store.s3_write_policy_document,
     module.ndr-lloyd-george-store.s3_write_policy_document,
     module.pdm-document-store.s3_write_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_write_policy_document,
     data.aws_iam_policy.aws_lambda_vpc_access_execution_role.policy,

infrastructure/lambda-dynamodb-migration.tf

@@ -9,7 +9,7 @@ module "migration-dynamodb-lambda" {
     module.bulk_upload_report_dynamodb_table.dynamodb_read_policy_document,
     module.ndr-bulk-staging-store.s3_read_policy_document,
     module.ndr-lloyd-george-store.s3_read_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.ndr-app-config.app_config_policy,
     module.migration-failed-items-store.s3_write_policy_document
   ]

infrastructure/lambda-feature-flags.tf

@@ -57,7 +57,7 @@ module "feature-flags-lambda" {
   handler = "handlers.feature_flags_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
   ]
   kms_deletion_window = var.kms_deletion_window
   rest_api_id         = aws_api_gateway_rest_api.ndr_doc_store_api.id

infrastructure/lambda-get-doc-ref.tf

@@ -45,7 +45,7 @@ module "get-doc-ref-lambda" {
   iam_role_policy_documents = [
     module.ndr-lloyd-george-store.s3_read_policy_document,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
+    local.ssm_access_policy_policy,
     module.ndr-app-config.app_config_policy,
     module.cloudfront_edge_dynamodb_table.dynamodb_write_policy_document
   ]

infrastructure/lambda-get-document-fhir.tf

@@ -40,8 +40,8 @@ module "get-doc-fhir-lambda" {
     module.ndr-app-config.app_config_policy,
     module.lloyd_george_reference_dynamodb_table.dynamodb_read_policy_document,
     module.core_dynamodb_table.dynamodb_read_policy_document,
-    aws_iam_policy.ssm_access_policy.policy,
-    aws_iam_policy.mtls_access_ssm_policy.policy,
+    local.ssm_access_policy_policy,
+    local.mtls_access_ssm_policy_policy,
     module.ndr-lloyd-george-store.s3_read_policy_document,
     module.pdm-document-store.s3_read_policy_document,
   ]