From 4e0c0483073bb859f11f81f3a2e8ef9c6d839b12 Mon Sep 17 00:00:00 2001
From: Calum Lacroix <c@cypher.cc>
Date: Sat, 12 Feb 2022 01:04:40 +0000
Subject: [PATCH] Fix policy

---
 iam.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/iam.tf b/iam.tf
index f973471..920cc00 100644
--- a/iam.tf
+++ b/iam.tf
@@ -3,6 +3,13 @@ resource "aws_key_pair" "default" {
   public_key = var.key_pair_public_key
 }
 
+resource "aws_iam_policy" "default" {
+  name        = "${var.role}.${data.aws_region.current.name}.i.${var.environment}.${var.dns["domain_name"]}"
+  path        = "/"
+  description = "Allow data volume management for instances"
+  policy      = module.attached-ebs.iam_role_policy_document
+}
+
 resource "aws_iam_role" "default" {
   name  = "${count.index}.${var.role}.${data.aws_region.current.name}.i.${var.environment}.${var.dns["domain_name"]}"
   count = var.cluster_size
@@ -32,5 +39,5 @@ resource "aws_iam_instance_profile" "default" {
 resource "aws_iam_role_policy_attachment" "default" {
   count      = var.cluster_size
   role       = aws_iam_role.default[count.index].name
-  policy_arn = module.attached-ebs.iam_role_policy_arn
+  policy_arn = aws_iam_policy.default.arn
 }