DPR2-165: Fix policy role attachment

terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf

@@ -20,9 +20,8 @@ EOF
 }
 
 # Attach s3 target operation policy to the role
-resource "aws_iam_role_policy" "dms-s3-target-policy" {
+resource "aws_iam_policy" "dms-s3-target-policy" {
   name = "dms-${var.short_name}-s3-target-policy"
-  role = aws_iam_role.dms-operator-s3-target-role.id
 
   policy = <<EOF
 {
@@ -52,7 +51,7 @@ EOF
 #DMS Role with s3 Write Access
 resource "aws_iam_role_policy_attachment" "dms-s3-attachment" {
   role       = aws_iam_role.dms-s3-role.name
-  policy_arn = aws_iam_role_policy.dms-s3-target-policy
+  policy_arn = aws_iam_policy.dms-s3-target-policy.arn
 }
 
 #DMS Operation s3 target role
@@ -77,9 +76,8 @@ EOF
 }
 
 # Attach an admin policy to the Operator role
-resource "aws_iam_role_policy" "dms-operator-s3-policy" {
+resource "aws_iam_policy" "dms-operator-s3-policy" {
   name = "dms-${var.short_name}-operator-s3-target-policy"
-  role = aws_iam_role.dms-operator-s3-target-role.id
 
   policy = <<EOF
 {
@@ -132,5 +130,5 @@ EOF
 #DMS Role with s3 Write Access
 resource "aws_iam_role_policy_attachment" "dms-operator-s3-attachment" {
   role       = aws_iam_role.dms-operator-s3-target-role.name
-  policy_arn = aws_iam_role_policy.dms-operator-s3-policy
+  policy_arn = aws_iam_policy.dms-operator-s3-policy.arn
 }

terraform/environments/digital-prison-reporting/modules/dms_s3/main.tf

@@ -94,7 +94,7 @@ resource "aws_dms_s3_endpoint" "dms-s3-target-endpoint" {
   include_op_for_full_load = true
   cdc_inserts_and_updates = true
 
-  depends_on = [aws_iam_role_policy.dms-s3-target-policy]
+  depends_on = [aws_iam_policy.dms-s3-target-policy, aws_iam_policy.dms-operator-s3-policy]
 
   tags = {
     Resource_Type = "DMS Target"