From 091293ebe85f9aaa006fa0c454883e54b399c9ab Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 26 Apr 2022 16:16:17 -0400
Subject: [PATCH] fix

---
 terraform-state/README.md |  3 ++-
 terraform-state/group.tf  | 10 +++++++---
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/terraform-state/README.md b/terraform-state/README.md
index da3d54f..00bd41b 100644
--- a/terraform-state/README.md
+++ b/terraform-state/README.md
@@ -67,7 +67,8 @@ No modules.
 |------|------|
 | [aws_dynamodb_table.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table) | resource |
 | [aws_iam_group.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
-| [aws_iam_group_policy_attachment.terraform](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.terraform_managed](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.terraform_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
 | [aws_iam_policy.tfstate](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_read](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_policy.tfstate_write](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
diff --git a/terraform-state/group.tf b/terraform-state/group.tf
index 07a57b3..c0fc394 100644
--- a/terraform-state/group.tf
+++ b/terraform-state/group.tf
@@ -1,6 +1,5 @@
 locals {
   group_name                   = format("%v%v", lookup(local._prefixes, "group", ""), "inf-terraform")
-  group_policies               = [aws_iam_policy.tfstate_write.arn]
   group_managed_policies_names = ["ReadOnlyAccess"]
   group_managed_policies       = [for k, p in data.aws_iam_policy.managed_policies : p.arn]
 }
@@ -10,8 +9,13 @@ resource "aws_iam_group" "terraform" {
   path = "/"
 }
 
-resource "aws_iam_group_policy_attachment" "terraform" {
-  for_each   = { for p in concat(local.group_policies, local.group_managed_policies) : p => p }
+resource "aws_iam_group_policy_attachment" "terraform_write" {
+  group      = aws_iam_group.terraform.name
+  policy_arn = aws_iam_policy.tfstate_write.arn
+}
+
+resource "aws_iam_group_policy_attachment" "terraform_managed" {
+  for_each   = { for p in local.group_managed_policies : p => p }
   group      = aws_iam_group.terraform.name
   policy_arn = each.value
 }