From ec108f3411e0b7eb6ff6547c47e3f575240fc89b Mon Sep 17 00:00:00 2001
From: rajgandhi9 <82183844+rajgandhi9@users.noreply.github.com>
Date: Thu, 4 Nov 2021 16:59:51 -0700
Subject: [PATCH] fix: add tags to IAM Policy (#30)

---
 main.tf      | 9 +++++----
 variables.tf | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/main.tf b/main.tf
index ab1fa98..6fe0e52 100644
--- a/main.tf
+++ b/main.tf
@@ -1,7 +1,7 @@
 locals {
-  iam_role_arn               = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.arn : var.iam_role_arn
-  iam_role_name              = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.name : var.iam_role_name
-  iam_role_external_id       = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.external_id : var.iam_role_external_id
+  iam_role_arn         = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.arn : var.iam_role_arn
+  iam_role_name        = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.name : var.iam_role_name
+  iam_role_external_id = module.lacework_cfg_iam_role.created ? module.lacework_cfg_iam_role.external_id : var.iam_role_external_id
   lacework_audit_policy_name = (
     length(var.lacework_audit_policy_name) > 0 ? var.lacework_audit_policy_name : "lwaudit-policy-${random_id.uniq.hex}"
   )
@@ -42,6 +42,7 @@ resource "aws_iam_policy" "lacework_audit_policy" {
   name        = local.lacework_audit_policy_name
   description = "An audit policy to allow Lacework to read configs (extends SecurityAudit)"
   policy      = data.aws_iam_policy_document.lacework_audit_policy.json
+  tags        = var.tags
 }
 
 resource "aws_iam_role_policy_attachment" "lacework_audit_policy_attachment" {
@@ -54,7 +55,7 @@ resource "aws_iam_role_policy_attachment" "lacework_audit_policy_attachment" {
 # before trying to create the Lacework external integration
 resource "time_sleep" "wait_time" {
   create_duration = var.wait_time
-  depends_on      = [
+  depends_on = [
     aws_iam_role_policy_attachment.security_audit_policy_attachment,
     aws_iam_role_policy_attachment.lacework_audit_policy_attachment,
   ]
diff --git a/variables.tf b/variables.tf
index 4101df1..c91f11f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -42,8 +42,8 @@ variable "lacework_integration_name" {
 }
 
 variable "lacework_audit_policy_name" {
-  type    = string
-  default = ""
+  type        = string
+  default     = ""
   description = "The name of the custom audit policy (which extends SecurityAudit) to allow Lacework to read configs.  Defaults to lwaudit-policy-$${random_id.uniq.hex} when empty"
 }