From a694019b1912aa30e36896b234ec296395c9006b Mon Sep 17 00:00:00 2001
From: hiromi-ogawa <hiromi-ogawa@cookpad.com>
Date: Wed, 30 Oct 2024 12:06:19 +0900
Subject: [PATCH] Use inline policy for v1beta to avoid resource recreation

---
 modules/karpenter/controller_iam.tf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/karpenter/controller_iam.tf b/modules/karpenter/controller_iam.tf
index e510e77..95d0fdc 100644
--- a/modules/karpenter/controller_iam.tf
+++ b/modules/karpenter/controller_iam.tf
@@ -28,18 +28,18 @@ data "aws_iam_policy_document" "karpenter_controller_assume_role_policy" {
   }
 }
 
-resource "aws_iam_role_policy_attachment" "karpenter_controller_v1_beta" {
-  count      = var.v1beta ? 1 : 0
-  role       = aws_iam_role.karpenter_controller.id
-  policy_arn = aws_iam_policy.karpenter_controller_v1_beta[0].arn
-}
-
-resource "aws_iam_policy" "karpenter_controller_v1_beta" {
+resource "aws_iam_role_policy" "karpenter_controller_v1_beta" {
   count  = var.v1beta ? 1 : 0
-  name   = "${var.cluster_config.iam_policy_name_prefix}KarpenterController-v1beta-${var.cluster_config.name}"
+  name   = "KarpenterController-v1beta"
+  role   = aws_iam_role.karpenter_controller.id
   policy = data.aws_iam_policy_document.karpenter_controller_v1_beta.json
 }
 
+moved {
+  from = aws_iam_role_policy.karpenter_controller_v1_beta
+  to   = aws_iam_role_policy.karpenter_controller_v1_beta[0]
+}
+
 data "aws_iam_policy_document" "karpenter_controller_v1_beta" {
   statement {
     sid    = "AllowScopedEC2InstanceAccessActions"