Correct AWS CDP IDBroker role's policy definitions for Terraform templates

jimright · jimright · commit a4d8fd1c26db · 2021-12-01T10:33:26.000Z
Signed-off-by: Jim Enright &lt;jenright@cloudera.com&gt;
diff --git a/roles/platform/template/aws/plat_aws_authz_roles.tf.j2 b/roles/platform/template/aws/plat_aws_authz_roles.tf.j2
@@ -70,11 +70,18 @@ resource "aws_iam_instance_profile" "{{ plat__aws_idbroker_role_name }}-instance
 }
 
 # Attach CDP IDBroker Assume Policy to the Role
-resource "aws_iam_role_policy_attachment" "{{ plat__aws_idbroker_role_name }}-attach" {
+resource "aws_iam_role_policy_attachment" "{{ plat__aws_idbroker_role_name }}-attach1" {
   role       = aws_iam_role.{{ plat__aws_idbroker_role_name }}.name
   policy_arn = aws_iam_policy.{{ plat__aws_idbroker_policy_name }}.arn
 }
 
+# Attach AWS Log Location Policy to the Role
+resource "aws_iam_role_policy_attachment" "{{ plat__aws_idbroker_role_name }}-attach2" {
+  
+  role       = aws_iam_role.{{ plat__aws_idbroker_role_name }}.name
+  policy_arn = aws_iam_policy.{{ plat__aws_log_location_policy_name }}.arn
+}
+
 # ------- AWS Service Roles - CDP Log -------
 # First create the Assume role policy document
 data "aws_iam_policy_document" "{{ plat__aws_log_role_name }}-policy-doc" {
