From fd032a37b9f0b50bc90cad98e71e2f9ae40ea16e Mon Sep 17 00:00:00 2001
From: Conor Maher <conor.maher@fourtheorem.com>
Date: Thu, 12 Dec 2024 12:33:47 +0000
Subject: [PATCH] Swap deprecated inline_policy block for aws_iam_role_policy,
 fix example

---
 examples/complete/main.tf      |  2 +-
 examples/complete/variables.tf |  4 ++--
 main.tf                        | 13 ++++++-------
 3 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/examples/complete/main.tf b/examples/complete/main.tf
index 84d1bc1..f189378 100644
--- a/examples/complete/main.tf
+++ b/examples/complete/main.tf
@@ -31,6 +31,6 @@ data "aws_iam_policy_document" "example" {
   statement {
     actions   = ["s3:GetObject"]
     effect    = "Allow"
-    resources = ["dynamodb:CreateTable"]
+    resources = ["arn:aws:s3:::amzn-s3-demo-bucket/*"]
   }
 }
diff --git a/examples/complete/variables.tf b/examples/complete/variables.tf
index 6315d8d..6caf15b 100644
--- a/examples/complete/variables.tf
+++ b/examples/complete/variables.tf
@@ -40,9 +40,9 @@ variable "enabled" {
 }
 
 variable "enterprise_slug" {
-  default     = false
+  default     = ""
   description = "Enterprise slug for GitHub Enterprise Cloud customers."
-  type        = bool
+  type        = string
 }
 
 variable "force_detach_policies" {
diff --git a/main.tf b/main.tf
index 671d769..063ae22 100644
--- a/main.tf
+++ b/main.tf
@@ -32,14 +32,13 @@ resource "aws_iam_role" "github" {
   permissions_boundary  = var.iam_role_permissions_boundary
   tags                  = var.tags
 
-  dynamic "inline_policy" {
-    for_each = var.iam_role_inline_policies
+}
 
-    content {
-      name   = inline_policy.key
-      policy = inline_policy.value
-    }
-  }
+resource "aws_iam_role_policy" "inline_policies" {
+  for_each = { for k, v in var.iam_role_inline_policies : k => v if var.enabled }
+  name     = each.key
+  policy   = each.value
+  role     = aws_iam_role.github[0].id
 }
 
 resource "aws_iam_role_policy_attachment" "admin" {