From 9af9dc3cc2f9616eb797320ed7d5af67a9f1d76e Mon Sep 17 00:00:00 2001
From: Jason Hanggi <jason@tablexi.com>
Date: Wed, 26 Aug 2020 11:54:55 -0500
Subject: [PATCH 1/4] use policy attachment rather than groups

---
 aws/iam/ses_send/main.tf      | 41 +++++++++++++++--------------------
 aws/iam/ses_send/outputs.tf   |  4 ----
 aws/iam/ses_send/variables.tf |  5 +++++
 3 files changed, 22 insertions(+), 28 deletions(-)

diff --git a/aws/iam/ses_send/main.tf b/aws/iam/ses_send/main.tf
index 3b2df70..04a1a1f 100644
--- a/aws/iam/ses_send/main.tf
+++ b/aws/iam/ses_send/main.tf
@@ -1,31 +1,24 @@
-resource "aws_iam_group" "mod" {
-  name = "ses_senders"
+data "aws_iam_policy_document" "mod" {
+  version = "2012-10-17"
+  statement {
+    effect = "Allow"
+    actions = [
+      "ses:SendRawEmail",
+      "ses:SendEmail",
+    ]
+    resources = ["*"]
+  }
 }
 
-resource "aws_iam_group_policy" "mod" {
+resource "aws_iam_policy" "mod" {
   name  = "AmazonSesSendingAccess"
-  group = aws_iam_group.mod.id
 
-  policy = jsonencode(
-    {
-      Statement = [
-        {
-          Action = [
-            "ses:SendRawEmail",
-            "ses:SendEmail",
-          ]
-          Effect   = "Allow"
-          Resource = "*"
-        },
-      ]
-      Version = "2012-10-17"
-    }
-  )
+  policy = aws_iam_policy_document.mod.json
 }
 
-resource "aws_iam_group_membership" "mod" {
-  name  = "app-server-group-membership"
-  users = var.users
-  group = aws_iam_group.mod.name
+resource "aws_iam_policy_attachment" "mod" {
+  name       = "test-attachment"
+  users      = var.users
+  roles      = var.roles
+  policy_arn = aws_iam_policy.mod.arn
 }
-
diff --git a/aws/iam/ses_send/outputs.tf b/aws/iam/ses_send/outputs.tf
index 3b4926a..e69de29 100644
--- a/aws/iam/ses_send/outputs.tf
+++ b/aws/iam/ses_send/outputs.tf
@@ -1,4 +0,0 @@
-output "group_id" {
-  value = aws_iam_group.mod.id
-}
-
diff --git a/aws/iam/ses_send/variables.tf b/aws/iam/ses_send/variables.tf
index 2852109..822a631 100644
--- a/aws/iam/ses_send/variables.tf
+++ b/aws/iam/ses_send/variables.tf
@@ -1,4 +1,9 @@
 variable "users" {
   type = list(string)
+  default = []
 }
 
+variable "roles" {
+  type = list(string)
+  default = []
+}

From 9923fe11216e45e3d921cd97b253794533dbde25 Mon Sep 17 00:00:00 2001
From: Jason Hanggi <jason@tablexi.com>
Date: Wed, 26 Aug 2020 11:58:00 -0500
Subject: [PATCH 2/4] add data

---
 aws/iam/ses_send/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/iam/ses_send/main.tf b/aws/iam/ses_send/main.tf
index 04a1a1f..1e356e1 100644
--- a/aws/iam/ses_send/main.tf
+++ b/aws/iam/ses_send/main.tf
@@ -13,7 +13,7 @@ data "aws_iam_policy_document" "mod" {
 resource "aws_iam_policy" "mod" {
   name  = "AmazonSesSendingAccess"
 
-  policy = aws_iam_policy_document.mod.json
+  policy = data.aws_iam_policy_document.mod.json
 }
 
 resource "aws_iam_policy_attachment" "mod" {

From 975ec62298073167a6a1b832d711c8ee5bc14d23 Mon Sep 17 00:00:00 2001
From: Jason Hanggi <jason@tablexi.com>
Date: Wed, 26 Aug 2020 12:01:41 -0500
Subject: [PATCH 3/4] remove outputs

---
 aws/iam/ses_send/outputs.tf | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 aws/iam/ses_send/outputs.tf

diff --git a/aws/iam/ses_send/outputs.tf b/aws/iam/ses_send/outputs.tf
deleted file mode 100644
index e69de29..0000000

From 80fe6e3d5745d7ea1e6c2ed805ee9c12e5e21217 Mon Sep 17 00:00:00 2001
From: Jason Hanggi <jason@tablexi.com>
Date: Wed, 26 Aug 2020 12:41:44 -0500
Subject: [PATCH 4/4] update name

---
 aws/iam/ses_send/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/aws/iam/ses_send/main.tf b/aws/iam/ses_send/main.tf
index 1e356e1..a455272 100644
--- a/aws/iam/ses_send/main.tf
+++ b/aws/iam/ses_send/main.tf
@@ -17,7 +17,7 @@ resource "aws_iam_policy" "mod" {
 }
 
 resource "aws_iam_policy_attachment" "mod" {
-  name       = "test-attachment"
+  name       = "ses-sending-policy-attachment"
   users      = var.users
   roles      = var.roles
   policy_arn = aws_iam_policy.mod.arn