From 915e716e3d25cc832ad5d7bdbd76aeeeccefff38 Mon Sep 17 00:00:00 2001
From: Simon Kok <sbkok@users.noreply.github.com>
Date: Tue, 9 Apr 2024 14:26:55 +0200
Subject: [PATCH] Fix updating old global-iam stacks in the deployment account
 (#711)

**Why?**

With PR #568, the policy names in the
`adf-bootstrap/deployment/example-global-iam.yml` file were updated to
ensure that they are unique. However, if the `example-global-iam.yml` was not
updated recently, then copied/renamed to `global-iam.yml` it would overwrite,
and or delete policies that were created by the `global.yml` stack instead.

This creates an issue that is hard to debug unfortunately.

**What?**

This proposed change will introduce the ADF managed policy as defined in
the `global.yml` stack of the deployment account. This way the policies are
(re)created correctly.
---
 .../bootstrap_repository/adf-bootstrap/deployment/global.yml    | 2 +-
 .../deployment/lambda_codebase/enable_cross_account_access.py   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml
index 9aa2fd522..ef395e36d 100644
--- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml
+++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/global.yml
@@ -549,7 +549,7 @@ Resources:
   CloudFormationDeploymentPolicy:
     Type: AWS::IAM::Policy
     Properties:
-      PolicyName: "adf-cloudformation-deployment-role-policy"
+      PolicyName: "adf-cloudformation-deployment-role-policy-kms"
       PolicyDocument:
         Version: "2012-10-17"
         Statement:
diff --git a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/enable_cross_account_access.py b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/enable_cross_account_access.py
index 42e9390dc..b44cca42b 100644
--- a/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/enable_cross_account_access.py
+++ b/src/lambda_codebase/initial_commit/bootstrap_repository/adf-bootstrap/deployment/lambda_codebase/enable_cross_account_access.py
@@ -46,7 +46,7 @@
         "adf-codepipeline-role-policy-kms",
     ],
     "adf-cloudformation-deployment-role": [
-        "adf-cloudformation-deployment-role-policy",
+        "adf-cloudformation-deployment-role-policy-kms",
     ],
     "adf-cloudformation-role": [
         "adf-cloudformation-role-policy",