DPR2-165: Fix policy to role attachment

ministryofjustice · Oct 17, 2023 · 332920c · 332920c
1 parent 7e2e537
commit 332920c
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 8 deletions.
diff --git a/terraform/environments/digital-prison-reporting/main.tf b/terraform/environments/digital-prison-reporting/main.tf
@@ -861,8 +861,8 @@ module "dms_fake_data_ingestor" {
 # DMS Nomis Data Collector
 module "dms_nomis_ingestor_s3_target" {
   source                       = "./modules/dms_s3"
-  setup_dms_instance           = false
-  enable_replication_task      = false
+  setup_dms_instance           = true
+  enable_replication_task      = true
   name                         = "${local.project}-dms-nomis-ingestor-s3-target-${local.env}"
   vpc_cidr                     = [data.aws_vpc.shared.cidr_block]
   source_engine_name           = "oracle"
@@ -872,7 +872,6 @@ module "dms_nomis_ingestor_s3_target" {
   source_address               = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["endpoint"]
   source_db_port               = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["port"]
   vpc                          = data.aws_vpc.shared.id
-  s3_write_policy              = module.s3_dms_raw_bucket.bucket_arn
   project_id                   = local.project
   env                          = local.environment
   dms_source_name              = "oracle"

diff --git a/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf b/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf
@@ -50,9 +50,9 @@ EOF
 }
 
 #DMS Role with s3 Write Access
-resource "aws_iam_role_policy_attachment" "dms-kinesis-attachment" {
+resource "aws_iam_role_policy_attachment" "dms-s3-attachment" {
   role       = aws_iam_role.dms-s3-role.name
-  policy_arn = var.s3_write_policy
+  policy_arn = aws_iam_role_policy.dms-s3-target-policy
 }
 
 #DMS Operation s3 target role
@@ -132,5 +132,5 @@ EOF
 #DMS Role with s3 Write Access
 resource "aws_iam_role_policy_attachment" "dms-operator-s3-attachment" {
   role       = aws_iam_role.dms-operator-s3-target-role.name
-  policy_arn = var.s3_write_policy
+  policy_arn = aws_iam_role_policy.dms-operator-s3-policy
 }
diff --git a/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf b/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf
@@ -56,8 +56,6 @@ variable "migration_type" {
   description = "DMS Migration Type"
 }
 
-variable "s3_write_policy" {}
-
 variable "availability_zones" {
   default = [
     {