* 2.0.5 -- 2025-01-03

  - change inline role policy to aws_iam_role_policy

CHANGELOG.md

@@ -144,3 +144,6 @@
   - code 2.0.4
     - add context info and event id to SNS messages
     - add heritage mismatch information to output
+
+* 2.0.5 -- 2025-01-03
+  - change inline role policy to aws_iam_role_policy

README.md

@@ -71,6 +71,7 @@ No modules.
 | [aws_cloudwatch_log_group.log](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_log_group) | resource |
 | [aws_dynamodb_table.table](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
 | [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource |
 | [aws_iam_role_policy_attachment.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_kms_alias.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource |
 | [aws_kms_key.key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource |
@@ -104,13 +105,13 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_account_alias"></a> [account\_alias](#input\_account\_alias) | AWS Account Alias | `string` | `""` | no |
 | <a name="input_account_id"></a> [account\_id](#input\_account\_id) | AWS Account ID (default will pull from current user) | `string` | `""` | no |
-| <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br>  "ddb": {},<br>  "kms": {},<br>  "s3": {}<br>}</pre> | no |
+| <a name="input_component_tags"></a> [component\_tags](#input\_component\_tags) | Additional tags for Components (s3, kms, ddb) | `map(map(string))` | <pre>{<br/>  "ddb": {},<br/>  "kms": {},<br/>  "s3": {}<br/>}</pre> | no |
 | <a name="input_create"></a> [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no |
 | <a name="input_dynamodb_table_name"></a> [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | Different DynamoDB table name to override default of var.name | `string` | `null` | no |
 | <a name="input_enable_sns"></a> [enable\_sns](#input\_enable\_sns) | Enable use of SNS for reporting errors | `bool` | `false` | no |
 | <a name="input_enable_sqs"></a> [enable\_sqs](#input\_enable\_sqs) | Enable use of SQS for SNS to send errors. Requires the use of enable\_sns as well | `bool` | `false` | no |
 | <a name="input_kms_key_name"></a> [kms\_key\_name](#input\_kms\_key\_name) | Different KMS Key (for SNS and SQS) to override default of var.name | `string` | `null` | no |
-| <a name="input_lambda_environment_variables"></a> [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | <pre>{<br>  "DNS_RR_TimeToLive": 60,<br>  "DebugLogLevel": "INFO",<br>  "DynamoDBName": null,<br>  "EMRTagPrefix": "aws",<br>  "HeritageIdentifier": "dynr53",<br>  "HeritageTXTRecordPrefix": "_txt",<br>  "MaxApiRetry": 10,<br>  "RemoteRoleArnFormat": "arn:%s:iam::%s:role/r-inf-dynamic-route53-actions",<br>  "SleepTime": 60,<br>  "SnsEnable": false,<br>  "SnsTopicArn": "",<br>  "TagKeyCname": "boc:dns:cname",<br>  "TagKeyFlags": "boc:dns:flags",<br>  "TagKeyHostName": "boc:dns:name",<br>  "TagKeyPtrname": "boc:dns:ptrname",<br>  "TagKeyZone": "boc:dns:zone"<br>}</pre> | no |
+| <a name="input_lambda_environment_variables"></a> [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | <pre>{<br/>  "DNS_RR_TimeToLive": 60,<br/>  "DebugLogLevel": "INFO",<br/>  "DynamoDBName": null,<br/>  "EMRTagPrefix": "aws",<br/>  "HeritageIdentifier": "dynr53",<br/>  "HeritageTXTRecordPrefix": "_txt",<br/>  "MaxApiRetry": 10,<br/>  "RemoteRoleArnFormat": "arn:%s:iam::%s:role/r-inf-dynamic-route53-actions",<br/>  "SleepTime": 60,<br/>  "SnsEnable": false,<br/>  "SnsTopicArn": "",<br/>  "TagKeyCname": "boc:dns:cname",<br/>  "TagKeyFlags": "boc:dns:flags",<br/>  "TagKeyHostName": "boc:dns:name",<br/>  "TagKeyPtrname": "boc:dns:ptrname",<br/>  "TagKeyZone": "boc:dns:zone"<br/>}</pre> | no |
 | <a name="input_lambda_environment_variables_override"></a> [lambda\_environment\_variables\_override](#input\_lambda\_environment\_variables\_override) | Map of lambda environment variables and values to override from the defaults | `map(string)` | `{}` | no |
 | <a name="input_lambda_name"></a> [lambda\_name](#input\_lambda\_name) | Different Lambda name to override default of var.name | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | Name to use within all the created resources (default: inf-dynamic-route53) | `string` | `"inf-dynamic-route53"` | no |

role.tf

@@ -11,10 +11,10 @@ resource "aws_iam_role" "role" {
   max_session_duration  = local._defaults["max_session_duration"]
   assume_role_policy    = data.aws_iam_policy_document.lambda_assume.json
 
-  inline_policy {
-    name   = var.name
-    policy = data.aws_iam_policy_document.lambda_policy.json
-  }
+  #  inline_policy {
+  #    name   = var.name
+  #    policy = data.aws_iam_policy_document.lambda_policy.json
+  #  }
 
   lifecycle {
     ignore_changes = [tags["boc:tf_module_version"]]
@@ -28,9 +28,16 @@ resource "aws_iam_role" "role" {
   )
 }
 
+# moved from inline policy
+resource "aws_iam_role_policy" "role" {
+  for_each = var.create ? 1 : 0
+  role     = try(aws_iam_role.role[0].id, null)
+  policy   = data.aws_iam_policy_document.lambda_policy.json
+  name     = var.name
+}
+
 resource "aws_iam_role_policy_attachment" "role" {
   for_each   = var.create ? toset([for k, v in data.aws_iam_policy.lambda_policies : v.arn]) : toset([])
-  role       = var.create ? aws_iam_role.role[0].name : ""
   policy_arn = each.value
 }
 

version.tf

@@ -1,3 +1,3 @@
 locals {
-  _module_version = "2.0.4"
+  _module_version = "2.0.5"
 }