data "aws_iam_policy_document" "assume_role" {
  statement {
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = ["lambda.amazonaws.com"]
    }
    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "role" {
  name               = "DSK_Lambda_Role"
  assume_role_policy = data.aws_iam_policy_document.assume_role.json

  tags = {
    Name = "dsk-lambda-role"
  }
}

resource "aws_iam_role_policy_attachment" "role_policy_attach" {
  role       = aws_iam_role.role.name
  policy_arn = var.DSK_LambdaExecute
}