From 94b8a431092552936a1fbb56812c5888b3349e6c Mon Sep 17 00:00:00 2001
From: Secretions <mrgus@disco-zombie.net>
Date: Thu, 12 Dec 2024 18:49:16 -0800
Subject: [PATCH] PLAT-9035: Make sure boostrap policy is attached to role
 (#313)

---
 modules/iam-bootstrap/README.md                   | 1 +
 modules/iam-bootstrap/main.tf                     | 7 +++++++
 modules/single-node/templates/linux_user_data.tpl | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/iam-bootstrap/README.md b/modules/iam-bootstrap/README.md
index 78b7c70d..99ba0774 100644
--- a/modules/iam-bootstrap/README.md
+++ b/modules/iam-bootstrap/README.md
@@ -24,6 +24,7 @@ No modules.
 |------|------|
 | [aws_iam_policy.deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_policy) | resource |
 | [aws_iam_role.deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource |
+| [aws_iam_role_policy_attachment.deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_role_policy_attachments_exclusive.deployment](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachments_exclusive) | resource |
 | [aws_caller_identity.admin](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
diff --git a/modules/iam-bootstrap/main.tf b/modules/iam-bootstrap/main.tf
index 3e275834..cdf89d17 100644
--- a/modules/iam-bootstrap/main.tf
+++ b/modules/iam-bootstrap/main.tf
@@ -45,6 +45,13 @@ resource "aws_iam_role" "deployment" {
 }
 
 
+resource "aws_iam_role_policy_attachment" "deployment" {
+  count      = length(aws_iam_policy.deployment)
+  role       = aws_iam_role.deployment.name
+  policy_arn = aws_iam_policy.deployment[count.index].arn
+}
+
+
 resource "aws_iam_role_policy_attachments_exclusive" "deployment" {
   role_name   = aws_iam_role.deployment.name
   policy_arns = aws_iam_policy.deployment[*].arn
diff --git a/modules/single-node/templates/linux_user_data.tpl b/modules/single-node/templates/linux_user_data.tpl
index 3b2a32ab..7079916d 100644
--- a/modules/single-node/templates/linux_user_data.tpl
+++ b/modules/single-node/templates/linux_user_data.tpl
@@ -8,4 +8,4 @@ spec:
     certificateAuthority: ${cluster_auth_base64}
     cidr: ${cluster_service_ipv4_cidr}
   kubelet:
-    flags: ["${bootstrap_extra_args}"]
\ No newline at end of file
+    flags: ["${bootstrap_extra_args}"]