From c1650efd9827262b64fd393a1e41043871faef1f Mon Sep 17 00:00:00 2001
From: Phileas Lebada <phileas.lebada+github@bluereport.net>
Date: Thu, 12 Aug 2021 15:52:57 +0200
Subject: [PATCH] fix: discourage usage of iam_policy_attachment

The comment above also links to an IAM role policy attachment.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy_attachment is discouraging, pointing out issues/limitations using iam_policy_attachment.

This should allow the same functionality
---
 examples/bottlerocket/main.tf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/examples/bottlerocket/main.tf b/examples/bottlerocket/main.tf
index 86166df0e5..b254af0a12 100644
--- a/examples/bottlerocket/main.tf
+++ b/examples/bottlerocket/main.tf
@@ -57,8 +57,7 @@ EOT
 
 # SSM policy for bottlerocket control container access
 # https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#enabling-ssm
-resource "aws_iam_policy_attachment" "ssm" {
-  name       = "ssm"
-  roles      = [module.eks.worker_iam_role_name]
+resource "aws_iam_role_policy_attachment" "ssm" {
+  role       = module.eks.worker_iam_role_name
   policy_arn = data.aws_iam_policy.ssm.arn
 }