fix: Replace aws_iam_policy_attachment to aws_iam_role_policy_attachment (#195)

wsim-plaid · web-flow · commit 7c53da1642ca · 2021-09-11T11:58:47.000+02:00
diff --git a/README.md b/README.md
@@ -615,17 +615,17 @@ No modules.
 | [aws_iam_policy.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
-| [aws_iam_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
-| [aws_iam_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment) | resource |
 | [aws_iam_role.lambda](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.additional_inline](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.additional_json](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.additional_jsons](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.additional_many](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachment.additional_one](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.tracing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_lambda_event_source_mapping.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_event_source_mapping) | resource |
 | [aws_lambda_function.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function) | resource |
 | [aws_lambda_function_event_invoke_config.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_function_event_invoke_config) | resource |
diff --git a/iam.tf b/iam.tf
@@ -101,11 +101,10 @@ resource "aws_iam_policy" "logs" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "logs" {
+resource "aws_iam_role_policy_attachment" "logs" {
   count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0
 
-  name       = "${local.role_name}-logs"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.logs[0].arn
 }
 
@@ -138,11 +137,10 @@ resource "aws_iam_policy" "dead_letter" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "dead_letter" {
+resource "aws_iam_role_policy_attachment" "dead_letter" {
   count = local.create_role && var.attach_dead_letter_policy ? 1 : 0
 
-  name       = "${local.role_name}-dl"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.dead_letter[0].arn
 }
 
@@ -165,11 +163,10 @@ resource "aws_iam_policy" "vpc" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "vpc" {
+resource "aws_iam_role_policy_attachment" "vpc" {
   count = local.create_role && var.attach_network_policy ? 1 : 0
 
-  name       = "${local.role_name}-vpc"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.vpc[0].arn
 }
 
@@ -192,11 +189,10 @@ resource "aws_iam_policy" "tracing" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "tracing" {
+resource "aws_iam_role_policy_attachment" "tracing" {
   count = local.create_role && var.attach_tracing_policy ? 1 : 0
 
-  name       = "${local.role_name}-tracing"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.tracing[0].arn
 }
 
@@ -229,11 +225,10 @@ resource "aws_iam_policy" "async" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "async" {
+resource "aws_iam_role_policy_attachment" "async" {
   count = local.create_role && var.attach_async_event_policy ? 1 : 0
 
-  name       = "${local.role_name}-async"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.async[0].arn
 }
 
@@ -249,11 +244,10 @@ resource "aws_iam_policy" "additional_json" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "additional_json" {
+resource "aws_iam_role_policy_attachment" "additional_json" {
   count = local.create_role && var.attach_policy_json ? 1 : 0
 
-  name       = local.role_name
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.additional_json[0].arn
 }
 
@@ -269,11 +263,10 @@ resource "aws_iam_policy" "additional_jsons" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "additional_jsons" {
+resource "aws_iam_role_policy_attachment" "additional_jsons" {
   count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0
 
-  name       = "${local.role_name}-${count.index}"
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.additional_jsons[count.index].arn
 }
 
@@ -353,10 +346,9 @@ resource "aws_iam_policy" "additional_inline" {
   tags   = var.tags
 }
 
-resource "aws_iam_policy_attachment" "additional_inline" {
+resource "aws_iam_role_policy_attachment" "additional_inline" {
   count = local.create_role && var.attach_policy_statements ? 1 : 0
 
-  name       = local.role_name
-  roles      = [aws_iam_role.lambda[0].name]
+  role       = aws_iam_role.lambda[0].name
   policy_arn = aws_iam_policy.additional_inline[0].arn
 }

Original file line number	Diff line number	Diff line change
`@@ -101,11 +101,10 @@ resource "aws_iam_policy" "logs" {`
`101`	`101`	`tags = var.tags`
`102`	`102`	`}`
`103`	`103`
`104`		`-resource "aws_iam_policy_attachment" "logs" {`
	`104`	`+resource "aws_iam_role_policy_attachment" "logs" {`
`105`	`105`	`count = local.create_role && var.attach_cloudwatch_logs_policy ? 1 : 0`
`106`	`106`
`107`		`- name = "${local.role_name}-logs"`
`108`		`- roles = [aws_iam_role.lambda[0].name]`
	`107`	`+ role = aws_iam_role.lambda[0].name`
`109`	`108`	`policy_arn = aws_iam_policy.logs[0].arn`
`110`	`109`	`}`
`111`	`110`
`@@ -138,11 +137,10 @@ resource "aws_iam_policy" "dead_letter" {`
`138`	`137`	`tags = var.tags`
`139`	`138`	`}`
`140`	`139`
`141`		`-resource "aws_iam_policy_attachment" "dead_letter" {`
	`140`	`+resource "aws_iam_role_policy_attachment" "dead_letter" {`
`142`	`141`	`count = local.create_role && var.attach_dead_letter_policy ? 1 : 0`
`143`	`142`
`144`		`- name = "${local.role_name}-dl"`
`145`		`- roles = [aws_iam_role.lambda[0].name]`
	`143`	`+ role = aws_iam_role.lambda[0].name`
`146`	`144`	`policy_arn = aws_iam_policy.dead_letter[0].arn`
`147`	`145`	`}`
`148`	`146`
`@@ -165,11 +163,10 @@ resource "aws_iam_policy" "vpc" {`
`165`	`163`	`tags = var.tags`
`166`	`164`	`}`
`167`	`165`
`168`		`-resource "aws_iam_policy_attachment" "vpc" {`
	`166`	`+resource "aws_iam_role_policy_attachment" "vpc" {`
`169`	`167`	`count = local.create_role && var.attach_network_policy ? 1 : 0`
`170`	`168`
`171`		`- name = "${local.role_name}-vpc"`
`172`		`- roles = [aws_iam_role.lambda[0].name]`
	`169`	`+ role = aws_iam_role.lambda[0].name`
`173`	`170`	`policy_arn = aws_iam_policy.vpc[0].arn`
`174`	`171`	`}`
`175`	`172`
`@@ -192,11 +189,10 @@ resource "aws_iam_policy" "tracing" {`
`192`	`189`	`tags = var.tags`
`193`	`190`	`}`
`194`	`191`
`195`		`-resource "aws_iam_policy_attachment" "tracing" {`
	`192`	`+resource "aws_iam_role_policy_attachment" "tracing" {`
`196`	`193`	`count = local.create_role && var.attach_tracing_policy ? 1 : 0`
`197`	`194`
`198`		`- name = "${local.role_name}-tracing"`
`199`		`- roles = [aws_iam_role.lambda[0].name]`
	`195`	`+ role = aws_iam_role.lambda[0].name`
`200`	`196`	`policy_arn = aws_iam_policy.tracing[0].arn`
`201`	`197`	`}`
`202`	`198`
`@@ -229,11 +225,10 @@ resource "aws_iam_policy" "async" {`
`229`	`225`	`tags = var.tags`
`230`	`226`	`}`
`231`	`227`
`232`		`-resource "aws_iam_policy_attachment" "async" {`
	`228`	`+resource "aws_iam_role_policy_attachment" "async" {`
`233`	`229`	`count = local.create_role && var.attach_async_event_policy ? 1 : 0`
`234`	`230`
`235`		`- name = "${local.role_name}-async"`
`236`		`- roles = [aws_iam_role.lambda[0].name]`
	`231`	`+ role = aws_iam_role.lambda[0].name`
`237`	`232`	`policy_arn = aws_iam_policy.async[0].arn`
`238`	`233`	`}`
`239`	`234`
`@@ -249,11 +244,10 @@ resource "aws_iam_policy" "additional_json" {`
`249`	`244`	`tags = var.tags`
`250`	`245`	`}`
`251`	`246`
`252`		`-resource "aws_iam_policy_attachment" "additional_json" {`
	`247`	`+resource "aws_iam_role_policy_attachment" "additional_json" {`
`253`	`248`	`count = local.create_role && var.attach_policy_json ? 1 : 0`
`254`	`249`
`255`		`- name = local.role_name`
`256`		`- roles = [aws_iam_role.lambda[0].name]`
	`250`	`+ role = aws_iam_role.lambda[0].name`
`257`	`251`	`policy_arn = aws_iam_policy.additional_json[0].arn`
`258`	`252`	`}`
`259`	`253`
`@@ -269,11 +263,10 @@ resource "aws_iam_policy" "additional_jsons" {`
`269`	`263`	`tags = var.tags`
`270`	`264`	`}`
`271`	`265`
`272`		`-resource "aws_iam_policy_attachment" "additional_jsons" {`
	`266`	`+resource "aws_iam_role_policy_attachment" "additional_jsons" {`
`273`	`267`	`count = local.create_role && var.attach_policy_jsons ? var.number_of_policy_jsons : 0`
`274`	`268`
`275`		`- name = "${local.role_name}-${count.index}"`
`276`		`- roles = [aws_iam_role.lambda[0].name]`
	`269`	`+ role = aws_iam_role.lambda[0].name`
`277`	`270`	`policy_arn = aws_iam_policy.additional_jsons[count.index].arn`
`278`	`271`	`}`
`279`	`272`
`@@ -353,10 +346,9 @@ resource "aws_iam_policy" "additional_inline" {`
`353`	`346`	`tags = var.tags`
`354`	`347`	`}`
`355`	`348`
`356`		`-resource "aws_iam_policy_attachment" "additional_inline" {`
	`349`	`+resource "aws_iam_role_policy_attachment" "additional_inline" {`
`357`	`350`	`count = local.create_role && var.attach_policy_statements ? 1 : 0`
`358`	`351`
`359`		`- name = local.role_name`
`360`		`- roles = [aws_iam_role.lambda[0].name]`
	`352`	`+ role = aws_iam_role.lambda[0].name`
`361`	`353`	`policy_arn = aws_iam_policy.additional_inline[0].arn`
`362`	`354`	`}`