Skip to content

Commit

Permalink
feat: Solve warning depreciated property managed policy ARNs (#79)
Browse files Browse the repository at this point in the history
Solved warning depreciated property managed_policy_arns with aws_iam_role_policy_attachments_exclusive
  • Loading branch information
borgeslima authored Oct 24, 2024
1 parent 060e894 commit 30bd5d5
Showing 1 changed file with 22 additions and 8 deletions.
30 changes: 22 additions & 8 deletions main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,16 @@ resource "aws_iam_role" "dms_access_for_endpoint" {
description = "DMS IAM role for endpoint access permissions"
permissions_boundary = var.iam_role_permissions_boundary
assume_role_policy = var.enable_redshift_target_permissions ? data.aws_iam_policy_document.dms_assume_role_redshift[0].json : data.aws_iam_policy_document.dms_assume_role[0].json
managed_policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"]
force_detach_policies = true

tags = merge(var.tags, var.iam_role_tags)
}

# Attach AmazonDMSRedshiftS3Role to endpoint role
resource "aws_iam_role_policy_attachments_exclusive" "amazon_dms_redshift_S3_role_attach" {
policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role"]
role_name = aws_iam_role.dms_access_for_endpoint[0].name
}

# DMS CloudWatch Logs
resource "aws_iam_role" "dms_cloudwatch_logs_role" {
count = var.create && var.create_iam_roles ? 1 : 0
Expand All @@ -98,12 +102,17 @@ resource "aws_iam_role" "dms_cloudwatch_logs_role" {
description = "DMS IAM role for CloudWatch logs permissions"
permissions_boundary = var.iam_role_permissions_boundary
assume_role_policy = data.aws_iam_policy_document.dms_assume_role[0].json
managed_policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"]
force_detach_policies = true

tags = merge(var.tags, var.iam_role_tags)
}

# Attach AmazonDMSCloudWatchLogsRole to endpoint role
resource "aws_iam_role_policy_attachments_exclusive" "amazon_dms_cloud_watch_logs_role_attach" {
policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole"]
role_name = aws_iam_role.dms_cloudwatch_logs_role[0].name
}

# DMS VPC
resource "aws_iam_role" "dms_vpc_role" {
count = var.create && var.create_iam_roles ? 1 : 0
Expand All @@ -112,12 +121,17 @@ resource "aws_iam_role" "dms_vpc_role" {
description = "DMS IAM role for VPC permissions"
permissions_boundary = var.iam_role_permissions_boundary
assume_role_policy = data.aws_iam_policy_document.dms_assume_role[0].json
managed_policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"]
force_detach_policies = true

tags = merge(var.tags, var.iam_role_tags)
}

# Attach AmazonDMSVPCManagementRole to endpoint role
resource "aws_iam_role_policy_attachments_exclusive" "amazon_dms_vpc_management_role_attach" {
policy_arns = ["arn:${local.partition}:iam::aws:policy/service-role/AmazonDMSVPCManagementRole"]
role_name = aws_iam_role.dms_vpc_role[0].name
}

################################################################################
# Subnet group
################################################################################
Expand Down Expand Up @@ -392,10 +406,10 @@ resource "aws_dms_replication_task" "this" {
replication_instance_arn = aws_dms_replication_instance.this[0].replication_instance_arn
replication_task_id = each.value.replication_task_id
replication_task_settings = try(each.value.replication_task_settings, null)
source_endpoint_arn = try(each.value.source_endpoint_arn, aws_dms_endpoint.this[each.value.source_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.source_endpoint_key].endpoint_arn)
source_endpoint_arn = try(aws_dms_endpoint.this[each.value.source_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.source_endpoint_key].endpoint_arn)
start_replication_task = try(each.value.start_replication_task, null)
table_mappings = try(each.value.table_mappings, null)
target_endpoint_arn = try(each.value.target_endpoint_arn, aws_dms_endpoint.this[each.value.target_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.target_endpoint_key].endpoint_arn)
target_endpoint_arn = try(aws_dms_endpoint.this[each.value.target_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.target_endpoint_key].endpoint_arn)

tags = merge(var.tags, try(each.value.tags, {}))
}
Expand All @@ -410,8 +424,8 @@ resource "aws_dms_replication_config" "this" {
resource_identifier = each.value.replication_task_id

replication_type = each.value.migration_type
source_endpoint_arn = try(each.value.source_endpoint_arn, aws_dms_endpoint.this[each.value.source_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.source_endpoint_key].endpoint_arn)
target_endpoint_arn = try(each.value.target_endpoint_arn, aws_dms_endpoint.this[each.value.target_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.target_endpoint_key].endpoint_arn)
source_endpoint_arn = try(aws_dms_endpoint.this[each.value.source_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.source_endpoint_key].endpoint_arn)
target_endpoint_arn = try(aws_dms_endpoint.this[each.value.target_endpoint_key].endpoint_arn, aws_dms_s3_endpoint.this[each.value.target_endpoint_key].endpoint_arn)
table_mappings = try(each.value.table_mappings, null)

replication_settings = try(each.value.replication_task_settings, null)
Expand Down

0 comments on commit 30bd5d5

Please sign in to comment.