fix

terraform-modules · Apr 26, 2022 · 091293e · 091293e
1 parent 91b50c9
commit 091293e
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/terraform-state/README.md b/terraform-state/README.md
@@ -67,7 +67,8 @@ No modules.
 |------|------|
 | [aws_dynamodb_table.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
 | [aws_iam_group.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
-| [aws_iam_group_policy_attachment.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.terraform_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.terraform_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
 | [aws_iam_policy.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |

diff --git a/terraform-state/group.tf b/terraform-state/group.tf
@@ -1,6 +1,5 @@
 locals {
   group_name                   = format("%v%v", lookup(local._prefixes, "group", ""), "inf-terraform")
-  group_policies               = [aws_iam_policy.tfstate_write.arn]
   group_managed_policies_names = ["ReadOnlyAccess"]
   group_managed_policies       = [for k, p in data.aws_iam_policy.managed_policies : p.arn]
 }
@@ -10,8 +9,13 @@ resource "aws_iam_group" "terraform" {
   path = "/"
 }
 
-resource "aws_iam_group_policy_attachment" "terraform" {
-  for_each   = { for p in concat(local.group_policies, local.group_managed_policies) : p => p }
+resource "aws_iam_group_policy_attachment" "terraform_write" {
+  group      = aws_iam_group.terraform.name
+  policy_arn = aws_iam_policy.tfstate_write.arn
+}
+
+resource "aws_iam_group_policy_attachment" "terraform_managed" {
+  for_each   = { for p in local.group_managed_policies : p => p }
   group      = aws_iam_group.terraform.name
   policy_arn = each.value
 }