fix: Removed deprecated managed_policy_arns in favor of `aws_iam_ro…

…le_policy_attachments_exclusive`.

README.md

@@ -14,7 +14,7 @@ to match your desired configuration. For example:
 
 ```hcl
 module "fargate_service" {
-  source = "github.com/codeforamerica/tofu-modules-aws-fargate_service?ref=1.0.0"
+  source = "github.com/codeforamerica/tofu-modules-aws-fargate-service?ref=1.0.0"
 
   project       = "my-project"
   project_short = "my-proj"

iam.tf

@@ -41,14 +41,17 @@ resource "aws_iam_role" "execution" {
     ]
   })
 
-  managed_policy_arns = [
-    #     aws_iam_policy.execution.arn
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachments_exclusive" "execution" {
+  role_name   = aws_iam_role.execution.name
+  policy_arns = [
+    # aws_iam_policy.execution.arn
     aws_iam_policy.secrets.arn,
     "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
-    "arn:${data.aws_partition.current.partition}:iam::aws:policy/CloudWatchAgentServerPolicy",
+    "arn:${data.aws_partition.current.partition}:iam::aws:policy/CloudWatchAgentServerPolicy"
   ]
-
-  tags = var.tags
 }
 
 resource "aws_iam_role" "task" {
@@ -68,12 +71,15 @@ resource "aws_iam_role" "task" {
     ]
   })
 
-  managed_policy_arns = [
+  tags = var.tags
+}
+
+resource "aws_iam_role_policy_attachments_exclusive" "task" {
+  role_name   = aws_iam_role.execution.name
+  policy_arns = [
     aws_iam_policy.secrets.arn,
     "arn:${data.aws_partition.current.partition}:iam::aws:policy/CloudWatchFullAccess",
     "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonSSMFullAccess",
     "arn:${data.aws_partition.current.partition}:iam::aws:policy/CloudWatchAgentServerPolicy",
   ]
-
-  tags = var.tags
 }