From 3f08252a07c0010d20b60637e9d344b51df09eb0 Mon Sep 17 00:00:00 2001
From: Loren Gordon <lorengordon@users.noreply.github.com>
Date: Fri, 20 Sep 2024 07:43:57 -0700
Subject: [PATCH] Updates iam role module to use new exclusive pattern for
 inline policies

---
 modules/role/main.tf     | 21 +++++++++++++--------
 modules/role/versions.tf |  2 +-
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/modules/role/main.tf b/modules/role/main.tf
index 409dae2..4b1261e 100644
--- a/modules/role/main.tf
+++ b/modules/role/main.tf
@@ -10,14 +10,6 @@ resource "aws_iam_role" "this" {
   path                  = var.path
   permissions_boundary  = var.permissions_boundary
 
-  dynamic "inline_policy" {
-    for_each = var.inline_policies
-    content {
-      name   = inline_policy.value.name
-      policy = inline_policy.value.policy
-    }
-  }
-
   tags = merge(
     {
       Name = var.name
@@ -33,6 +25,19 @@ resource "aws_iam_role" "this" {
   }
 }
 
+resource "aws_iam_role_policy" "this" {
+  for_each = { for policy in var.inline_policies : policy.name => policy }
+
+  name   = each.value.name
+  policy = each.value.policy
+  role   = aws_iam_role.this.name
+}
+
+resource "aws_iam_role_policies_exclusive" "this" {
+  role_name    = aws_iam_role.this.name
+  policy_names = [for name, policy in aws_iam_role_policy.this : policy.name]
+}
+
 # attach an instance profile to the IAM role
 resource "aws_iam_instance_profile" "this" {
   count = var.instance_profile != null ? 1 : 0
diff --git a/modules/role/versions.tf b/modules/role/versions.tf
index 039ec1e..84bf5cc 100644
--- a/modules/role/versions.tf
+++ b/modules/role/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     aws = {
       source  = "hashicorp/aws"
-      version = ">= 3.35.0"
+      version = ">= 5.68.0"
     }
   }
 }