From fd9159e9a98b4cffdac629f8dbfb106aae876294 Mon Sep 17 00:00:00 2001 From: Hari Chintala Date: Mon, 21 Aug 2023 10:38:52 +0100 Subject: [PATCH 1/2] Move the resource to aws_iam_role_policy_attachment --- .../modules/compute_node/iam.tf | 14 ++++++-------- .../digital-prison-reporting/modules/ec2/iam.tf | 10 ++++------ 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf b/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf index 5e85d503ed9..e587eecb916 100644 --- a/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf +++ b/terraform/environments/digital-prison-reporting/modules/compute_node/iam.tf @@ -44,19 +44,17 @@ resource "aws_iam_instance_profile" "profile" { role = aws_iam_role.instance-role[0].name } -resource "aws_iam_policy_attachment" "ec2-ssm-core" { - count = var.enable_compute_node ? 1 : 0 +resource "aws_iam_role_policy_attachment" "ec2-ssm-core" { + count = var.enable_compute_node ? 1 : 0 - name = "${var.name}-core" - roles = [aws_iam_role.instance-role[0].name] + role = aws_iam_role.instance-role[0].name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } -resource "aws_iam_policy_attachment" "ec2-ssm" { - count = var.enable_compute_node ? 1 : 0 +resource "aws_iam_role_policy_attachment" "ec2-ssm" { + count = var.enable_compute_node ? 1 : 0 - name = "${var.name}-ssm" - roles = [aws_iam_role.instance-role[0].name] + role = aws_iam_role.instance-role[0].name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" } diff --git a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf index 6c8da6ae6df..827c178c091 100644 --- a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf +++ b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf @@ -303,15 +303,13 @@ resource "aws_iam_role_policy_attachment" "redshift-admin" { policy_arn = data.aws_iam_policy.AmazonRedshiftFullAccess.arn } -resource "aws_iam_policy_attachment" "this" { - name = "ssm_managed_instance_core" - roles = [aws_iam_role.kinesis-agent-instance-role.name] +resource "aws_iam_role_policy_attachment" "instance-core-for-ssm" { + role = aws_iam_role.kinesis-agent-instance-role.name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } -resource "aws_iam_policy_attachment" "ec2-role-for-ssm" { - name = "ssm_managed_instance_ec2_role" - roles = [aws_iam_role.kinesis-agent-instance-role.name] +resource "aws_iam_role_policy_attachment" "ec2-role-for-ssm" { + role = aws_iam_role.kinesis-agent-instance-role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" } From c988ad5967522e6bb4395c08f4f9ef7085a95c68 Mon Sep 17 00:00:00 2001 From: Hari Chintala Date: Mon, 21 Aug 2023 11:02:45 +0100 Subject: [PATCH 2/2] Rename the Resource --- .../environments/digital-prison-reporting/modules/ec2/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf index 827c178c091..356e7c0e557 100644 --- a/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf +++ b/terraform/environments/digital-prison-reporting/modules/ec2/iam.tf @@ -303,12 +303,12 @@ resource "aws_iam_role_policy_attachment" "redshift-admin" { policy_arn = data.aws_iam_policy.AmazonRedshiftFullAccess.arn } -resource "aws_iam_role_policy_attachment" "instance-core-for-ssm" { +resource "aws_iam_role_policy_attachment" "ec2-ssm-core" { role = aws_iam_role.kinesis-agent-instance-role.name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } -resource "aws_iam_role_policy_attachment" "ec2-role-for-ssm" { +resource "aws_iam_role_policy_attachment" "ec2-ssm" { role = aws_iam_role.kinesis-agent-instance-role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" }