From f63b38cdefda1fc9f02bfd88b41cfd1d74e0f7d1 Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Thu, 8 Aug 2024 13:42:55 +0100
Subject: [PATCH 1/8] update secret manager policy

---
 iam.tf    | 49 +++++++++++++++++++++++++------------------------
 locals.tf | 10 +++++-----
 output.tf |  4 ++--
 3 files changed, 32 insertions(+), 31 deletions(-)

diff --git a/iam.tf b/iam.tf
index 35d6b8e..0dfa60b 100644
--- a/iam.tf
+++ b/iam.tf
@@ -1,4 +1,4 @@
-data "aws_iam_policy_document" "truefoundry_platform_feature_user_s3_policy_document" {
+data "aws_iam_policy_document" "truefoundry_platform_feature_s3_policy_document" {
   count = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
   statement {
     effect = "Allow"
@@ -13,7 +13,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_user_s3_policy_docu
   }
 }
 
-data "aws_iam_policy_document" "truefoundry_platform_feature_user_parameter_store_policy_document" {
+data "aws_iam_policy_document" "truefoundry_platform_feature_parameter_store_policy_document" {
   count = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
   statement {
     effect = "Allow"
@@ -31,7 +31,7 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_user_parameter_stor
   }
 }
 
-data "aws_iam_policy_document" "truefoundry_platform_feature_user_secrets_manager_policy_document" {
+data "aws_iam_policy_document" "truefoundry_platform_feature_secrets_manager_policy_document" {
   count = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
   statement {
     effect = "Allow"
@@ -41,15 +41,16 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_user_secrets_manage
       "secretsmanager:CreateSecret",
       "secretsmanager:DeleteSecret",
       "secretsmanager:UpdateSecret",
-      "secretsmanager:ListSecrets"
+      "secretsmanager:ListSecrets",
+      "secretsmanager:PutSecretValue",
     ]
     resources = [
-      "arn:aws:secretsmanager:${var.aws_region}:${var.aws_account_id}:secret:tfy-secret/*"
+      "arn:aws:secretsmanager:${var.aws_region}:${var.aws_account_id}:secret:/tfy-secret/*"
     ]
   }
 }
 
-data "aws_iam_policy_document" "truefoundry_platform_feature_user_ecr_policy_document" {
+data "aws_iam_policy_document" "truefoundry_platform_feature_ecr_policy_document" {
   count = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
   statement {
     effect = "Allow"
@@ -139,35 +140,35 @@ data "aws_iam_policy_document" "truefoundry_platform_feature_cluster_integration
 }
 
 
-resource "aws_iam_policy" "truefoundry_platform_feature_user_s3_policy" {
+resource "aws_iam_policy" "truefoundry_platform_feature_s3_policy" {
   count       = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
   name_prefix = "${local.truefoundry_unique_name}-s3-access"
   description = "IAM policy for TrueFoundry user for platform features blob storage"
-  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_s3_policy_document[0].json
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_s3_policy_document[0].json
   tags        = local.tags
 }
 
-resource "aws_iam_policy" "truefoundry_platform_feature_user_parameter_store_policy" {
+resource "aws_iam_policy" "truefoundry_platform_feature_parameter_store_policy" {
   count       = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-ssm-access"
+  name_prefix = "${local.truefoundry_unique_name}-paramet-access"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
-  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_parameter_store_policy_document[0].json
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document[0].json
   tags        = local.tags
 }
 
-resource "aws_iam_policy" "truefoundry_platform_feature_user_secrets_manager_policy" {
+resource "aws_iam_policy" "truefoundry_platform_feature_secrets_manager_policy" {
   count       = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
   name_prefix = "${local.truefoundry_unique_name}-secrets-manager-access"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
-  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_secrets_manager_policy_document[0].json
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_secrets_manager_policy_document[0].json
   tags        = local.tags
 }
 
-resource "aws_iam_policy" "truefoundry_platform_feature_user_ecr_policy" {
+resource "aws_iam_policy" "truefoundry_platform_feature_ecr_policy" {
   count       = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
   name_prefix = "${local.truefoundry_unique_name}-ecr-access"
   description = "IAM policy for TrueFoundry user for platform features docker registry"
-  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_user_ecr_policy_document[0].json
+  policy      = data.aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document[0].json
   tags        = local.tags
 }
 
@@ -205,31 +206,31 @@ resource "aws_iam_role" "truefoundry_platform_feature_iam_role" {
   tags = local.tags
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_s3_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_s3_policy_attachment" {
   count      = var.platform_feature_enabled ? var.feature_blob_storage_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
-  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_s3_policy[0].arn
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_s3_policy[0].arn
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_parameter_store_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_parameter_store_policy_attachment" {
   count      = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
-  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy[0].arn
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_parameter_store_policy[0].arn
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_secrets_manager_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_secrets_manager_policy_attachment" {
   count      = var.platform_feature_enabled ? var.feature_secrets_manager_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
-  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy[0].arn
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy[0].arn
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_ecr_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_ecr_policy_attachment" {
   count      = var.platform_feature_enabled ? var.feature_docker_registry_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
-  policy_arn = aws_iam_policy.truefoundry_platform_feature_user_ecr_policy[0].arn
+  policy_arn = aws_iam_policy.truefoundry_platform_feature_ecr_policy[0].arn
 }
 
-resource "aws_iam_role_policy_attachment" "truefoundry_platform_user_cluster_integration_policy_attachment" {
+resource "aws_iam_role_policy_attachment" "truefoundry_platform_cluster_integration_policy_attachment" {
   count      = var.platform_feature_enabled ? var.feature_cluster_integration_enabled ? 1 : 0 : 0
   role       = aws_iam_role.truefoundry_platform_feature_iam_role[0].name
   policy_arn = aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy[0].arn
diff --git a/locals.tf b/locals.tf
index 8355a24..e57c517 100644
--- a/locals.tf
+++ b/locals.tf
@@ -10,10 +10,10 @@ locals {
   truefoundry_unique_name = "${var.cluster_name}-platform"
   bucket_name             = var.blob_storage_enable_override ? var.blob_storage_override_name : "${var.cluster_name}-ml"
   policy_arns = [
-    var.feature_blob_storage_enabled ? aws_iam_policy.truefoundry_platform_feature_user_s3_policy[0].arn : null,
-    var.feature_parameter_store_enabled ? aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy[0].arn : null,
-    var.feature_secrets_manager_enabled ? aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy[0].arn : null,
-    var.feature_docker_registry_enabled ? aws_iam_policy.truefoundry_platform_feature_user_ecr_policy[0].arn : null,
+    var.feature_blob_storage_enabled ? aws_iam_policy.truefoundry_platform_feature_s3_policy[0].arn : null,
+    var.feature_parameter_store_enabled ? aws_iam_policy.truefoundry_platform_feature_parameter_store_policy[0].arn : null,
+    var.feature_secrets_manager_enabled ? aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy[0].arn : null,
+    var.feature_docker_registry_enabled ? aws_iam_policy.truefoundry_platform_feature_ecr_policy[0].arn : null,
   ]
-  truefoundry_platform_user_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]
+  truefoundry_platform_policy_arns = [for arn in local.policy_arns : tostring(arn) if arn != null]
 }
diff --git a/output.tf b/output.tf
index e616b6d..45004f4 100644
--- a/output.tf
+++ b/output.tf
@@ -21,7 +21,7 @@ output "platform_iam_role_assume_role_arns" {
 
 output "platform_iam_role_policy_arns" {
   description = "The list of ARNs of policies directly assigned to the IAM user"
-  value       = local.truefoundry_platform_user_policy_arns
+  value       = local.truefoundry_platform_policy_arns
 }
 
 ################################################################################
@@ -43,4 +43,4 @@ output "platform_user_bucket_arn" {
 output "platform_user_ecr_url" {
   description = "The ECR url to connect"
   value       = var.feature_docker_registry_enabled ? "${var.aws_account_id}.dkr.ecr.${var.aws_region}.amazonaws.com" : ""
-}
\ No newline at end of file
+}

From 1eb3f55c93698cec496f4a7ea572ad4311359e75 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 8 Aug 2024 12:43:47 +0000
Subject: [PATCH 2/8] terraform-docs: automated action

---
 README.md | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 5dfa24c..1148997 100644
--- a/README.md
+++ b/README.md
@@ -26,21 +26,21 @@ Truefoundry AWS platform features
 | Name | Type |
 |------|------|
 | [aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.truefoundry_platform_feature_user_ecr_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.truefoundry_platform_feature_user_parameter_store_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.truefoundry_platform_feature_user_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
-| [aws_iam_policy.truefoundry_platform_feature_user_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_ecr_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_parameter_store_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_s3_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
+| [aws_iam_policy.truefoundry_platform_feature_secrets_manager_policy](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_policy) | resource |
 | [aws_iam_role.truefoundry_platform_feature_iam_role](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_ecr_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_parameter_store_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_s3_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
-| [aws_iam_role_policy_attachment.truefoundry_platform_user_secrets_manager_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_cluster_integration_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_ecr_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_parameter_store_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_s3_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
+| [aws_iam_role_policy_attachment.truefoundry_platform_secrets_manager_policy_attachment](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/resources/iam_role_policy_attachment) | resource |
 | [aws_iam_policy_document.truefoundry_platform_feature_cluster_integration_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.truefoundry_platform_feature_user_ecr_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.truefoundry_platform_feature_user_parameter_store_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.truefoundry_platform_feature_user_s3_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
-| [aws_iam_policy_document.truefoundry_platform_feature_user_secrets_manager_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_ecr_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_s3_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.truefoundry_platform_feature_secrets_manager_policy_document](https://registry.terraform.io/providers/hashicorp/aws/5.14.0/docs/data-sources/iam_policy_document) | data source |
 
 ## Inputs
 

From 6e27d287bf0e197268f2e776922053db6bc9865c Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Thu, 8 Aug 2024 13:51:00 +0100
Subject: [PATCH 3/8] update name-pre-fix

---
 iam.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iam.tf b/iam.tf
index 0dfa60b..9db1f21 100644
--- a/iam.tf
+++ b/iam.tf
@@ -150,7 +150,7 @@ resource "aws_iam_policy" "truefoundry_platform_feature_s3_policy" {
 
 resource "aws_iam_policy" "truefoundry_platform_feature_parameter_store_policy" {
   count       = var.platform_feature_enabled ? var.feature_parameter_store_enabled ? 1 : 0 : 0
-  name_prefix = "${local.truefoundry_unique_name}-paramet-access"
+  name_prefix = "${local.truefoundry_unique_name}-parameter-store-access"
   description = "IAM policy for TrueFoundry user for platform features Secrets manager"
   policy      = data.aws_iam_policy_document.truefoundry_platform_feature_parameter_store_policy_document[0].json
   tags        = local.tags

From bc995fa5bf6e6b4937ad46c8dfe2f7508e06745b Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Thu, 8 Aug 2024 14:21:19 +0100
Subject: [PATCH 4/8] update secret manager enabled default variable

---
 variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/variables.tf b/variables.tf
index f612634..de8c54a 100644
--- a/variables.tf
+++ b/variables.tf
@@ -111,7 +111,7 @@ variable "feature_parameter_store_enabled" {
 variable "feature_secrets_manager_enabled" {
   description = "Enable secrets manager feature in the platform"
   type        = bool
-  default     = true
+  default     = false
 }
 
 ################################################################################

From da143642132897776ba2462098cf827de3bac419 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 8 Aug 2024 13:21:48 +0000
Subject: [PATCH 5/8] terraform-docs: automated action

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1148997..fd24999 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ Truefoundry AWS platform features
 | <a name="input_feature_cluster_integration_enabled"></a> [feature\_cluster\_integration\_enabled](#input\_feature\_cluster\_integration\_enabled) | Enable cluster integration feature in the platform | `bool` | `true` | no |
 | <a name="input_feature_docker_registry_enabled"></a> [feature\_docker\_registry\_enabled](#input\_feature\_docker\_registry\_enabled) | Enable docker registry feature in the platform | `bool` | `true` | no |
 | <a name="input_feature_parameter_store_enabled"></a> [feature\_parameter\_store\_enabled](#input\_feature\_parameter\_store\_enabled) | Enable parameter store feature in the platform | `bool` | `true` | no |
-| <a name="input_feature_secrets_manager_enabled"></a> [feature\_secrets\_manager\_enabled](#input\_feature\_secrets\_manager\_enabled) | Enable secrets manager feature in the platform | `bool` | `true` | no |
+| <a name="input_feature_secrets_manager_enabled"></a> [feature\_secrets\_manager\_enabled](#input\_feature\_secrets\_manager\_enabled) | Enable secrets manager feature in the platform | `bool` | `false` | no |
 | <a name="input_platform_feature_enabled"></a> [platform\_feature\_enabled](#input\_platform\_feature\_enabled) | Enable platform features like docker registry, secrets manager and blob storage | `bool` | `true` | no |
 | <a name="input_platform_role_enable_override"></a> [platform\_role\_enable\_override](#input\_platform\_role\_enable\_override) | Enable overriding the platform role name. You need to pass s3\_override\_name to pass the bucket name | `bool` | `false` | no |
 | <a name="input_platform_role_override_name"></a> [platform\_role\_override\_name](#input\_platform\_role\_override\_name) | Platform IAM role name which will have access to S3 bucket, SSM and ECR | `string` | `""` | no |

From 7795cf2aeceafe075f34c87b32a1b88b437b8311 Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Thu, 8 Aug 2024 15:01:54 +0100
Subject: [PATCH 6/8] add upgrade guide

---
 upgrade-guide.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 upgrade-guide.md

diff --git a/upgrade-guide.md b/upgrade-guide.md
new file mode 100644
index 0000000..df570e8
--- /dev/null
+++ b/upgrade-guide.md
@@ -0,0 +1,11 @@
+# AWS Platform Features Upgrade Guide
+This guide helps in migration from the old terraform modules to the new one.
+
+# Updgrade guide to AWS platform features module from 0.2.x to 0.3.x
+1. When upgrading terraform version for platform features ensure that you are running on version `0.2.x` and the platform features is upgraded to the newer 0.3.x version.
+2. Update the following variables;
+   - `feature_cloud_integration_enabled` to `feature_cluster_integration_enabled`
+   - `feature_secrets_enabled` to `feature_parameter_store_enabled`
+3. Run `terraform migrate state` to update the state file to the new version.
+4. Run `terraform plan` to see the changes that will be applied.
+5. Run `terraform apply` to apply the changes.

From efc98ffa6cf295e7387cb784728cb0e86c5ebdaf Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Thu, 8 Aug 2024 15:11:03 +0100
Subject: [PATCH 7/8] update upgrade guide

---
 upgrade-guide.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/upgrade-guide.md b/upgrade-guide.md
index df570e8..7e2ddd0 100644
--- a/upgrade-guide.md
+++ b/upgrade-guide.md
@@ -6,6 +6,7 @@ This guide helps in migration from the old terraform modules to the new one.
 2. Update the following variables;
    - `feature_cloud_integration_enabled` to `feature_cluster_integration_enabled`
    - `feature_secrets_enabled` to `feature_parameter_store_enabled`
-3. Run `terraform migrate state` to update the state file to the new version.
-4. Run `terraform plan` to see the changes that will be applied.
-5. Run `terraform apply` to apply the changes.
+3. Run `terraform state list` to list all the resources that will be affected by the upgrade.
+4. Run `terraform state mv old_resource_name new_resource_name` to move the resources to the new name.
+5. Run `terraform plan` to see the changes that will be applied.
+6. Run `terraform apply` to apply the changes.

From 56ad9ea5dd22a6513505e959d36c4ff019f37840 Mon Sep 17 00:00:00 2001
From: Dipo Ajayi <ajayidipo@ymail.com>
Date: Fri, 9 Aug 2024 18:40:11 +0100
Subject: [PATCH 8/8] update upgrade-guide

---
 upgrade-guide.md | 33 +++++++++++++++++++++++++++------
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/upgrade-guide.md b/upgrade-guide.md
index 7e2ddd0..4a7bac8 100644
--- a/upgrade-guide.md
+++ b/upgrade-guide.md
@@ -1,12 +1,33 @@
 # AWS Platform Features Upgrade Guide
 This guide helps in migration from the old terraform modules to the new one.
 
-# Updgrade guide to AWS platform features module from 0.2.x to 0.3.x
+# Updgrade guide to AWS platform features module from 0.2.2 to 0.3.0
 1. When upgrading terraform version for platform features ensure that you are running on version `0.2.x` and the platform features is upgraded to the newer 0.3.x version.
 2. Update the following variables;
-   - `feature_cloud_integration_enabled` to `feature_cluster_integration_enabled`
    - `feature_secrets_enabled` to `feature_parameter_store_enabled`
-3. Run `terraform state list` to list all the resources that will be affected by the upgrade.
-4. Run `terraform state mv old_resource_name new_resource_name` to move the resources to the new name.
-5. Run `terraform plan` to see the changes that will be applied.
-6. Run `terraform apply` to apply the changes.
+3. Run `terraform state mv old_resource_name new_resource_name` to move the resources to the new name. Run the following commands to update state;
+```bash
+   terraform state mv module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_ecr_policy_attachment module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_ecr_policy_attachment
+   terraform state mv module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_ssm_policy_attachment module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_parameter_store_policy_attachment
+   terraform state mv module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_cluster_integration_policy_attachment
+   terraform state mv module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_s3_policy_attachment module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_s3_policy_attachment
+   
+   terraform state mv module.<module-name>.aws_iam_policy.truefoundry_platform_feature_user_ecr_policy module.<module-name>.aws_iam_policy.truefoundry_platform_feature_ecr_policy
+   terraform state mv module.<module-name>.aws_iam_policy.truefoundry_platform_feature_user_ssm_policy module.<module-name>.aws_iam_policy.truefoundry_platform_feature_parameter_store_policy
+   terraform state mv module.<module-name>.aws_iam_policy.truefoundry_platform_feature_user_s3_policy module.<module-name>.aws_iam_policy.truefoundry_platform_feature_s3_policy
+```
+4. Run `terraform plan` to see the changes that will be applied. 
+5. Run `terraform apply` to apply the changes.
+
+
+# Updgrade guide to AWS platform features module from 0.2.1 to 0.2.2
+1. When upgrading terraform version for platform features ensure that you are running on version `0.2.x` and the platform features is upgraded to the newer 0.2.2 version.
+2. Update the following variables;
+   - `feature_cloud_integration_enabled` to `feature_cluster_integration_enabled`
+3. Run `terraform state mv old_resource_name new_resource_name` to move the resources to the new name. Run the following commands to update state;
+```bash
+  terraform state mv module.<module-name>.aws_iam_policy.truefoundry_platform_feature_cloud_integration_policy module.<module-name>.aws_iam_policy.truefoundry_platform_feature_cluster_integration_policy
+  terraform state mv module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_cloud_integration_policy_attachment module.<module-name>.aws_iam_role_policy_attachment.truefoundry_platform_user_cluster_integration_policy_attachment
+```
+4. Run `terraform plan` to see the changes that will be applied.
+5. Run `terraform apply` to apply the changes.