split out created policy

terraform-modules · Jun 14, 2021 · e92e7d1 · e92e7d1
1 parent 13d9869
commit e92e7d1
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -46,7 +46,8 @@ No modules.
 | [aws_iam_access_key.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key) | resource |
 | [aws_iam_group.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group) | resource |
 | [aws_iam_group_membership.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_membership) | resource |
-| [aws_iam_group_policy_attachment.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.audit_main](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
+| [aws_iam_group_policy_attachment.audit_other](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_group_policy_attachment) | resource |
 | [aws_iam_policy.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_user.audit](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_user) | resource |
 | [null_resource.audit_output](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |

diff --git a/main.tf b/main.tf
@@ -54,7 +54,7 @@ locals {
   aws_access_key_id     = concat(aws_iam_access_key.audit[*].id, list(""))
   aws_secret_access_key = concat(aws_iam_access_key.audit[*].encrypted_secret, list(""))
 
-  policies = compact(concat([aws_iam_policy.audit.arn, data.aws_iam_policy.aws-managed-security-audit.arn], var.additional_policies))
+  policies = compact(concat([data.aws_iam_policy.aws-managed-security-audit.arn], var.additional_policies))
 }
 
 #---
@@ -129,11 +129,15 @@ data "aws_iam_policy" "aws-managed-security-audit" {
   arn = "arn:${data.aws_arn.current.partition}:iam::aws:policy/SecurityAudit"
 }
 
-resource "aws_iam_group_policy_attachment" "audit" {
+resource "aws_iam_group_policy_attachment" "audit_main" {
+  group      = aws_iam_group.audit.name
+  policy_arn = aws_iam_policy.audit.arn
+}
+
+resource "aws_iam_group_policy_attachment" "audit_other" {
   for_each   = toset(local.policies)
   group      = aws_iam_group.audit.name
   policy_arn = each.key
-  depends_on = [aws_iam_policy.audit]
 }
 
 #---