From 1f21df2c61335747eee1233365012877e566acaf Mon Sep 17 00:00:00 2001
From: Kai Siren <kaisiren@navapbc.com>
Date: Fri, 18 Oct 2024 10:29:27 -0700
Subject: [PATCH] swap back to dynamics

---
 infra/modules/service/events_role.tf    | 32 +++++++++++++++----------
 infra/modules/service/scheduler_role.tf | 30 ++++++++++++++---------
 2 files changed, 39 insertions(+), 23 deletions(-)

diff --git a/infra/modules/service/events_role.tf b/infra/modules/service/events_role.tf
index 61c898ef..9a401caa 100644
--- a/infra/modules/service/events_role.tf
+++ b/infra/modules/service/events_role.tf
@@ -29,6 +29,7 @@ resource "aws_iam_policy" "run_task" {
 }
 
 data "aws_iam_policy_document" "run_task" {
+
   statement {
     sid = "StepFunctionsEvents"
     actions = [
@@ -39,19 +40,26 @@ data "aws_iam_policy_document" "run_task" {
     resources = ["arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"]
   }
 
-  statement {
-    actions = [
-      "states:StartExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.file_upload_jobs : "${job.arn}"]
-  }
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.file_upload_jobs
 
-  statement {
-    actions = [
-      "states:DescribeExecution",
-      "states:StopExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.file_upload_jobs : "${job.arn}:*"]
+    content {
+      actions = [
+        "states:StartExecution",
+      ]
+      resources = [statement.value.arn]
+    }
   }
 
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.file_upload_jobs
+
+    content {
+      actions = [
+        "states:DescribeExecution",
+        "states:StopExecution",
+      ]
+      resources = ["${statement.value.arn}:*"]
+    }
+  }
 }
diff --git a/infra/modules/service/scheduler_role.tf b/infra/modules/service/scheduler_role.tf
index fefdd07b..769d7b36 100644
--- a/infra/modules/service/scheduler_role.tf
+++ b/infra/modules/service/scheduler_role.tf
@@ -36,18 +36,26 @@ data "aws_iam_policy_document" "scheduler" {
     resources = ["arn:aws:events:${data.aws_region.current.name}:${data.aws_caller_identity.current.account_id}:rule/StepFunctionsGetEventsForStepFunctionsExecutionRule"]
   }
 
-  statement {
-    actions = [
-      "states:StartExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.scheduled_jobs : "${job.arn}"]
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.scheduled_jobs
+
+    content {
+      actions = [
+        "states:StartExecution",
+      ]
+      resources = [statement.value.arn]
+    }
   }
 
-  statement {
-    actions = [
-      "states:DescribeExecution",
-      "states:StopExecution",
-    ]
-    resources = [for job in aws_sfn_state_machine.scheduled_jobs : "${job.arn}:*"]
+  dynamic "statement" {
+    for_each = aws_sfn_state_machine.scheduled_jobs
+
+    content {
+      actions = [
+        "states:DescribeExecution",
+        "states:StopExecution",
+      ]
+      resources = ["${statement.value.arn}:*"]
+    }
   }
 }