From d6b4bfa6e9397d766550217be8e5756d192fbff3 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 29 Jul 2025 13:32:54 -0400
Subject: [PATCH] change policy attachment

---
 rolesanywhere/role.tf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rolesanywhere/role.tf b/rolesanywhere/role.tf
index b5f1156..eeaab6b 100644
--- a/rolesanywhere/role.tf
+++ b/rolesanywhere/role.tf
@@ -26,8 +26,7 @@ resource "aws_iam_role" "role" {
   force_detach_policies = local._defaults["force_detach_policies"]
   max_session_duration  = var.max_session_duration
   assume_role_policy    = data.aws_iam_policy_document.role_anywhere_assume.json
-  managed_policy_arns   = var.managed_policy_arns
-
+  #  managed_policy_arns   = var.managed_policy_arns
 
   tags = merge(
     local.base_tags,
@@ -38,7 +37,7 @@ resource "aws_iam_role" "role" {
 }
 
 resource "aws_iam_role_policy_attachment" "role" {
-  for_each   = toset(var.attached_policies)
+  for_each   = toset(distinct(compact(concat(var.attached_policies, var.managed_policy_arns))))
   role       = aws_iam_role.role.name
   policy_arn = each.value
 }