From 055e44f3aafb275bd6e195a443ce029a8a2f3e75 Mon Sep 17 00:00:00 2001 From: Dorra ELBoukari Date: Thu, 13 Feb 2025 17:04:03 +0100 Subject: [PATCH 1/2] fix module.genai_doc_ingestion.module.document_ingestion.aws_iam_role.ingestion_api_datasource --- modules/document-ingestion/iam.tf | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/modules/document-ingestion/iam.tf b/modules/document-ingestion/iam.tf index 5993ec9..78d23ce 100644 --- a/modules/document-ingestion/iam.tf +++ b/modules/document-ingestion/iam.tf @@ -41,11 +41,6 @@ resource "aws_iam_role" "ingestion_api_datasource" { }] }) - managed_policy_arns = [ - "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess", - ] - tags = local.combined_tags } @@ -55,6 +50,23 @@ resource "aws_iam_role_policy" "ingestion_api_datasource" { policy = data.aws_iam_policy_document.ingestion_api_datasource.json } +data "aws_iam_policy" "AWSLambdaBasicExecutionRole" { + arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" +} + +data "aws_iam_policy" "AmazonEventBridgeFullAccess" { + arn = "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess" +} + +resource "aws_iam_role_policy_attachment" "ingestion_api_datasource_lambda_managed_policies_attach" { + role = aws_iam_role.ingestion_api_datasource.name + policy_arn = data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn +} + +resource "aws_iam_role_policy_attachment" "ingestion_api_datasource_eventbridge_managed_policies_attach" { + role = aws_iam_role.ingestion_api_datasource.name + policy_arn = data.aws_iam_policy.AmazonEventBridgeFullAccess.arn +} ############################################################################################################ # IAM Role for Ingestion Input Validation Lambda ############################################################################################################ From 20c3e8145c035ae49f3a942b6d689abdf0b470bb Mon Sep 17 00:00:00 2001 From: Dorra ELBoukari Date: Mon, 17 Feb 2025 13:56:17 +0100 Subject: [PATCH 2/2] define aws_iam_role_policy_attachments_exclusive for ingestion api ds --- modules/document-ingestion/iam.tf | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/document-ingestion/iam.tf b/modules/document-ingestion/iam.tf index 78d23ce..4faa350 100644 --- a/modules/document-ingestion/iam.tf +++ b/modules/document-ingestion/iam.tf @@ -58,15 +58,15 @@ data "aws_iam_policy" "AmazonEventBridgeFullAccess" { arn = "arn:aws:iam::aws:policy/AmazonEventBridgeFullAccess" } -resource "aws_iam_role_policy_attachment" "ingestion_api_datasource_lambda_managed_policies_attach" { - role = aws_iam_role.ingestion_api_datasource.name - policy_arn = data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn +resource "aws_iam_role_policy_attachments_exclusive" "ingestion_api_datasource_lambda_managed_policies_attach" { + role_name = aws_iam_role.ingestion_api_datasource.name + policy_arns = [ + data.aws_iam_policy.AWSLambdaBasicExecutionRole.arn, + data.aws_iam_policy.AmazonEventBridgeFullAccess.arn + ] } -resource "aws_iam_role_policy_attachment" "ingestion_api_datasource_eventbridge_managed_policies_attach" { - role = aws_iam_role.ingestion_api_datasource.name - policy_arn = data.aws_iam_policy.AmazonEventBridgeFullAccess.arn -} + ############################################################################################################ # IAM Role for Ingestion Input Validation Lambda ############################################################################################################