swap back to dynamics

navapbc · Oct 18, 2024 · 1f21df2 · 1f21df2
1 parent 9dc57c6
commit 1f21df2
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 23 deletions.
diff --git a/infra/modules/service/events_role.tf b/infra/modules/service/events_role.tf
@@ -29,6 +29,7 @@ resource "aws_iam_policy" "run_task" {
 }
 
 data "aws_iam_policy_document" "run_task" {
+
   statement {
     sid = "StepFunctionsEvents"
     actions = [
@@ -39,19 +40,26 @@ data "aws_iam_policy_document" "run_task" {
     resources = ["arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"]
   }
 
-  statement {
-    actions = [
-      "states:StartExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.file_upload_jobs : "${job.arn}"]
-  }
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.file_upload_jobs
 
-  statement {
-    actions = [
-      "states:DescribeExecution",
-      "states:StopExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.file_upload_jobs : "${job.arn}:*"]
+    content {
+      actions = [
+        "states:StartExecution",
+      ]
+      resources = [statement.value.arn]
+    }
   }
 
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.file_upload_jobs
+
+    content {
+      actions = [
+        "states:DescribeExecution",
+        "states:StopExecution",
+      ]
+      resources = ["${statement.value.arn}:*"]
+    }
+  }
 }
diff --git a/infra/modules/service/scheduler_role.tf b/infra/modules/service/scheduler_role.tf
@@ -36,18 +36,26 @@ data "aws_iam_policy_document" "scheduler" {
     resources = ["arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"]
   }
 
-  statement {
-    actions = [
-      "states:StartExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.scheduled_jobs : "${job.arn}"]
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.scheduled_jobs
+
+    content {
+      actions = [
+        "states:StartExecution",
+      ]
+      resources = [statement.value.arn]
+    }
   }
 
-  statement {
-    actions = [
-      "states:DescribeExecution",
-      "states:StopExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.scheduled_jobs : "${job.arn}:*"]
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.scheduled_jobs
+
+    content {
+      actions = [
+        "states:DescribeExecution",
+        "states:StopExecution",
+      ]
+      resources = ["${statement.value.arn}:*"]
+    }
   }
 }