Fixed incorrect understanding of Terraforms application of IAM policies

main.tf

@@ -34,10 +34,10 @@ variable "cloudwatch_schedule" {
 #############################################################################################################
 # IAM
 #############################################################################################################
-data "aws_iam_policy_document" "main" {
+data "aws_iam_policy_document" "policy" {
   statement {
-    effect = "Allow"
-    actions = [
+    effect    = "Allow"
+    actions   = [
       "logs:*",
     ]
     resources = [
@@ -46,8 +46,8 @@ data "aws_iam_policy_document" "main" {
   }
 
   statement {
-    effect = "Allow"
-    actions = [
+    effect    = "Allow"
+    actions   = [
       "ec2:Describe*",
     ]
     resources = [
@@ -56,8 +56,8 @@ data "aws_iam_policy_document" "main" {
   }
 
   statement {
-    effect = "Allow"
-    actions = [
+    effect    = "Allow"
+    actions   = [
       "ec2:CreateSnapshot",
       "ec2:DeleteSnapshot",
       "ec2:CreateTags",
@@ -70,9 +70,28 @@ data "aws_iam_policy_document" "main" {
   }
 }
 
+data "aws_iam_policy_document" "trust" {
+  statement {
+    effect  = "Allow"
+    principals {
+      type        = "Service"
+      identifiers = ["lambda.amazonaws.com"]
+    }
+    actions = [
+      "sts:AssumeRole",
+    ]
+  }
+}
+
+resource "aws_iam_role_policy" "main" {
+  name   = "lambda_ebs_snapshots"
+  role   = "${aws_iam_role.main.id}"
+  policy = "${data.aws_iam_policy_document.policy.json}"
+}
+
 resource "aws_iam_role" "main" {
   name               = "lambda_ebs_snapshots"
-  assume_role_policy = "${data.aws_iam_policy_document.main.json}"
+  assume_role_policy = "${data.aws_iam_policy_document.trust.json}"
 }
 
 #############################################################################################################