s3 iam pol

modules/infra/submodules/storage/iam.tf

@@ -4,7 +4,6 @@ moved {
 }
 
 data "aws_iam_policy_document" "s3" {
-  count = local.create_s3 ? 1 : 0
   statement {
     effect    = "Allow"
     resources = [for b in local.s3_buckets : b.arn]
@@ -32,16 +31,10 @@ data "aws_iam_policy_document" "s3" {
   }
 }
 
-moved {
-  from = aws_iam_policy.s3
-  to   = aws_iam_policy.s3[0]
-}
-
 resource "aws_iam_policy" "s3" {
-  count  = local.create_s3 ? 1 : 0
   name   = "${var.deploy_id}-S3"
   path   = "/"
-  policy = data.aws_iam_policy_document.s3[0].json
+  policy = data.aws_iam_policy_document.s3.json
 }
 
 moved {

modules/infra/submodules/storage/outputs.tf

@@ -33,7 +33,7 @@ output "info" {
         name = aws_fsx_ontap_volume.eks[0].name
       }
     } : null
-    s3 = local.create_s3 ? {
+    s3 = {
       buckets = { for k, b in local.s3_buckets : k => {
         "bucket_name"               = b.bucket_name,
         "arn"                       = b.arn
@@ -42,8 +42,8 @@ output "info" {
         "fips_regional_domain_name" = b.fips_regional_domain_name
         }
       }
-      iam_policy_arn = aws_iam_policy.s3[0].arn
-    } : null
+      iam_policy_arn = aws_iam_policy.s3.arn
+    }
     ecr = local.create_ecr ? {
       container_registry    = join("/", concat(slice(split("/", aws_ecr_repository.this["environment"].repository_url), 0, 1), [var.deploy_id]))
       iam_policy_arn        = aws_iam_policy.ecr[0].arn