Closed
Description
Is your request related to a new offering from AWS?
No.
Is your request related to a problem? Please describe.
Using customer-managed policies is not directly a problem but since the policies are only used for the Lambda function it would be cleaner to use inline policies, IMO. See also Managed policies and inline policies.
Describe the solution you'd like.
I would suggest replacing aws_iam_policy and aws_iam_role_policy_attachment resources (for additional "JSON" policies) with aws_iam_role_policy.
For example, changing
# iam.if:282
resource "aws_iam_policy" "additional_json" {
count = local.create_role && var.attach_policy_json ? 1 : 0
name = local.policy_name
path = var.policy_path
policy = var.policy_json
tags = var.tags
}
resource "aws_iam_role_policy_attachment" "additional_json" {
count = local.create_role && var.attach_policy_json ? 1 : 0
role = aws_iam_role.lambda[0].name
policy_arn = aws_iam_policy.additional_json[0].arn
}to
resource "aws_iam_role_policy" "additional_json" {
count = local.create_role && var.attach_policy_json ? 1 : 0
name = local.policy_name
role = aws_iam_role.lambda[0].name
policy = var.policy_json
tags = var.tags
}The same applies to resources related to Additional policies (list of JSON).
Describe alternatives you've considered.
The alternative is keeping it the way it is now 🙂
Additional context
If you agree with my suggestion, I'm happy to create a PR with the necessary changes 🙃
Metadata
Metadata
Assignees
Labels
No labels