From 332920c663d00bf228ab8fe3caf921b6c639b011 Mon Sep 17 00:00:00 2001
From: Kolade Adewuyi <kolade.adewuyi@digital.justice.gov.uk>
Date: Tue, 17 Oct 2023 23:27:31 +0100
Subject: [PATCH] DPR2-165: Fix policy to role attachment

---
 terraform/environments/digital-prison-reporting/main.tf     | 5 ++---
 .../digital-prison-reporting/modules/dms_s3/iam.tf          | 6 +++---
 .../digital-prison-reporting/modules/dms_s3/variables.tf    | 2 --
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/terraform/environments/digital-prison-reporting/main.tf b/terraform/environments/digital-prison-reporting/main.tf
index 66cf8190f98..107d751e0d7 100644
--- a/terraform/environments/digital-prison-reporting/main.tf
+++ b/terraform/environments/digital-prison-reporting/main.tf
@@ -861,8 +861,8 @@ module "dms_fake_data_ingestor" {
 # DMS Nomis Data Collector
 module "dms_nomis_ingestor_s3_target" {
   source                       = "./modules/dms_s3"
-  setup_dms_instance           = false
-  enable_replication_task      = false
+  setup_dms_instance           = true
+  enable_replication_task      = true
   name                         = "${local.project}-dms-nomis-ingestor-s3-target-${local.env}"
   vpc_cidr                     = [data.aws_vpc.shared.cidr_block]
   source_engine_name           = "oracle"
@@ -872,7 +872,6 @@ module "dms_nomis_ingestor_s3_target" {
   source_address               = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["endpoint"]
   source_db_port               = jsondecode(data.aws_secretsmanager_secret_version.nomis.secret_string)["port"]
   vpc                          = data.aws_vpc.shared.id
-  s3_write_policy              = module.s3_dms_raw_bucket.bucket_arn
   project_id                   = local.project
   env                          = local.environment
   dms_source_name              = "oracle"
diff --git a/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf b/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf
index 5fd123003ec..300c4d18d79 100644
--- a/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf
+++ b/terraform/environments/digital-prison-reporting/modules/dms_s3/iam.tf
@@ -50,9 +50,9 @@ EOF
 }
 
 #DMS Role with s3 Write Access
-resource "aws_iam_role_policy_attachment" "dms-kinesis-attachment" {
+resource "aws_iam_role_policy_attachment" "dms-s3-attachment" {
   role       = aws_iam_role.dms-s3-role.name
-  policy_arn = var.s3_write_policy
+  policy_arn = aws_iam_role_policy.dms-s3-target-policy
 }
 
 #DMS Operation s3 target role
@@ -132,5 +132,5 @@ EOF
 #DMS Role with s3 Write Access
 resource "aws_iam_role_policy_attachment" "dms-operator-s3-attachment" {
   role       = aws_iam_role.dms-operator-s3-target-role.name
-  policy_arn = var.s3_write_policy
+  policy_arn = aws_iam_role_policy.dms-operator-s3-policy
 }
\ No newline at end of file
diff --git a/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf b/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf
index 2156580f4be..29fc9f0fccc 100644
--- a/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf
+++ b/terraform/environments/digital-prison-reporting/modules/dms_s3/variables.tf
@@ -56,8 +56,6 @@ variable "migration_type" {
   description = "DMS Migration Type"
 }
 
-variable "s3_write_policy" {}
-
 variable "availability_zones" {
   default = [
     {