lambda-ssm-parameter-terraform: Fix deprecated managed_policy_arns argument

kakakakakku · kakakakakku · commit 03ede7526b53 · 2025-08-29T19:52:41.000+09:00
diff --git a/lambda-ssm-parameter-terraform/main.tf b/lambda-ssm-parameter-terraform/main.tf
@@ -50,11 +50,7 @@ data "aws_iam_policy" "lambda_basic_execution_role_policy" {
 }
 
 resource "aws_iam_role" "lambda_iam_role" {
-  name_prefix         = "LambdaSSMParameterRole-"
-  managed_policy_arns = [
-    data.aws_iam_policy.lambda_basic_execution_role_policy.arn,
-    aws_iam_policy.lambda_policy.arn
-  ]
+  name_prefix = "LambdaSSMParameterRole-"
 
   assume_role_policy = <<EOF
 {
@@ -73,11 +69,21 @@ resource "aws_iam_role" "lambda_iam_role" {
 EOF
 }
 
+resource "aws_iam_role_policy_attachment" "lambda_basic_execution" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = data.aws_iam_policy.lambda_basic_execution_role_policy.arn
+}
+
+resource "aws_iam_role_policy_attachment" "lambda_ssm" {
+  role       = aws_iam_role.lambda_iam_role.name
+  policy_arn = aws_iam_policy.lambda_policy.arn
+}
+
 data "aws_iam_policy_document" "lambda_policy_document" {
   statement {
-  
+
     effect = "Allow"
-  
+
     actions = [
       "ssm:GetParameter",
       "ssm:PutParameter"
