Merge pull request #18 from kookmin-sw/mhsong-dev

API IaC Code가 정상작동하지 않았던 문제 수정.
kookmin-sw · Mar 28, 2024 · e1caa97 · e1caa97
2 parents f98b0bc + 78896d0
commit e1caa97
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/IaC/serverless_api_template/lambda/main.tf b/IaC/serverless_api_template/lambda/main.tf
@@ -21,39 +21,39 @@ resource "aws_iam_role_policy_attachment" "lambda_basic_policy" {
 }
 
 resource "aws_iam_role_policy_attachment" "cloudwatch_policy" {
-  count = var.attach_cloudwatch_policy
+  count      = var.attach_cloudwatch_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/CloudWatchFullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "cloudwatchlogs_policy" {
-  count = var.attach_cloudwatch_policy
+  count      = var.attach_cloudwatch_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/CloudWatchLogsFullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "ec2_policy" {
-  count = var.attach_ec2_policy
+  count      = var.attach_ec2_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2FullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "vpc_policy" {
-  count = var.attach_vpc_policy
+  count      = var.attach_vpc_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonVPCFullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonVPCFullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "s3_policy" {
-  count = var.attach_s3_policy
+  count      = var.attach_s3_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonS3FullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
 }
 
 resource "aws_iam_role_policy_attachment" "lambda_policy" {
-  count = var.attach_lambda_policy
+  count      = var.attach_lambda_policy ? 1 : 0
   role       = aws_iam_role.lambda-role.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambda_FullAccess"
+  policy_arn = "arn:aws:iam::aws:policy/AWSLambda_FullAccess"
 }
 
 resource "aws_lambda_function" "lambda" {

diff --git a/IaC/serverless_api_template/lambdas.tf b/IaC/serverless_api_template/lambdas.tf
@@ -5,4 +5,9 @@ module "lambda" {
   container_repository = var.container_repository
   container_image_tag = var.container_image_tag
   ram_mib         = var.lambda_ram_size
+  attach_ec2_policy = var.attach_ec2_policy
+  attach_cloudwatch_policy = var.attach_cloudwatch_policy
+  attach_lambda_policy = var.attach_lambda_policy
+  attach_s3_policy = var.attach_s3_policy
+  attach_vpc_policy = var.attach_vpc_policy
 }