fix: Remove deprecated inline_policy from cluster role (#3163)

2026-04-17 14:29:39 +02:00 · 2024-09-21 09:45:50 -05:00
parent 2965d99e1e
commit 8b90872983
15 changed files with 41 additions and 64 deletions
--- a/main.tf
+++ b/main.tf
@@ -411,29 +411,6 @@ resource "aws_iam_role" "this" {
  permissions_boundary  = var.iam_role_permissions_boundary
  force_detach_policies = true

-  # https://github.com/terraform-aws-modules/terraform-aws-eks/issues/920
-  # Resources running on the cluster are still generating logs when destroying the module resources
-  # which results in the log group being re-created even after Terraform destroys it. Removing the
-  # ability for the cluster role to create the log group prevents this log group from being re-created
-  # outside of Terraform due to services still generating logs during destroy process
-  dynamic "inline_policy" {
-    for_each = var.create_cloudwatch_log_group ? [1] : []
-    content {
-      name = local.iam_role_name
-
-      policy = jsonencode({
-        Version = "2012-10-17"
-        Statement = [
-          {
-            Action   = ["logs:CreateLogGroup"]
-            Effect   = "Deny"
-            Resource = "*"
-          },
-        ]
-      })
-    }
-  }
-
  tags = merge(var.tags, var.iam_role_tags)
 }