Update EMR policies to v2 and add required tags

statgen · Mar 13, 2024 · d9af20c · d9af20c
1 parent 8eb8b1d
commit d9af20c
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -16,7 +16,7 @@ data "aws_region" "current" {}
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "5.0.0"
+  version = "5.5.3"
 
   name = "imputation-example-vpc"
   cidr = "10.120.0.0/16"

diff --git a/modules/imputation-iam/main.tf b/modules/imputation-iam/main.tf
@@ -50,7 +50,7 @@ resource "aws_iam_role" "emr" {
 
 resource "aws_iam_role_policy_attachment" "emr" {
   role       = aws_iam_role.emr.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole"
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEMRServicePolicy_v2"
 }
 
 resource "aws_iam_role" "ec2" {
@@ -62,6 +62,7 @@ resource "aws_iam_role" "ec2" {
 
 resource "aws_iam_role_policy_attachment" "ec2" {
   role       = aws_iam_role.ec2.name
+  # NOTE: Deprecated, but with no replacement policy; we'd need to develop our own
   policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role"
 }
 

diff --git a/modules/imputation-server/variables.tf b/modules/imputation-server/variables.tf
@@ -154,7 +154,9 @@ variable "ec2_iam_role_tags" {
 
 variable "emr_cluster_tags" {
   description = "Tags to be applied to the EMR cluster"
-  default     = {}
+  default     = {
+    "for-use-with-amazon-emr-managed-policies": true
+  }
   type        = map(string)
 }