Merge pull request #372 from cookpad/coord-e/use-inline-policy-for-v1beta

coord-e · web-flow · commit 6d48a6084a33 · 2024-11-06T19:00:47.000+09:00
Use inline policy for v1beta to avoid resource recreation
diff --git a/modules/karpenter/controller_iam.tf b/modules/karpenter/controller_iam.tf
@@ -28,18 +28,18 @@ data "aws_iam_policy_document" "karpenter_controller_assume_role_policy" {
   }
 }
 
-resource "aws_iam_role_policy_attachment" "karpenter_controller_v1_beta" {
-  count      = var.v1beta ? 1 : 0
-  role       = aws_iam_role.karpenter_controller.id
-  policy_arn = aws_iam_policy.karpenter_controller_v1_beta[0].arn
-}
-
-resource "aws_iam_policy" "karpenter_controller_v1_beta" {
+resource "aws_iam_role_policy" "karpenter_controller_v1_beta" {
   count  = var.v1beta ? 1 : 0
-  name   = "${var.cluster_config.iam_policy_name_prefix}KarpenterController-v1beta-${var.cluster_config.name}"
+  name   = "KarpenterController-v1beta"
+  role   = aws_iam_role.karpenter_controller.id
   policy = data.aws_iam_policy_document.karpenter_controller_v1_beta.json
 }
 
+moved {
+  from = aws_iam_role_policy.karpenter_controller_v1_beta
+  to   = aws_iam_role_policy.karpenter_controller_v1_beta[0]
+}
+
 data "aws_iam_policy_document" "karpenter_controller_v1_beta" {
   statement {
     sid    = "AllowScopedEC2InstanceAccessActions"
