From 754005699d535c508d5e029948d1f3314fced710 Mon Sep 17 00:00:00 2001
From: joon <pirxthepilot@users.noreply.github.com>
Date: Mon, 4 Jul 2022 03:09:07 -0700
Subject: [PATCH] Remove CreateCloudFrontOriginAccessIdentity from policy, doc
 update

Signed-off-by: joon <pirxthepilot@users.noreply.github.com>
---
 README.md   | 2 +-
 policies.tf | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 2c8abdd..2dc5da5 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ module "mysite_deploy_role" {
   domain                      = "example.com"
   iam_user_arns               = ["arn:aws:iam::111111111111:user/user1", "arn:aws:iam::111111111111:user/user2"]
   s3_bucket_arn               = "arn:aws:s3:::example.com"
-  cloudfront_distribution_arn = "12345678"
+  cloudfront_distribution_arn = "arn:aws:cloudfront::111111111111:distribution/ABCDE12345"
 }
 ```
 
diff --git a/policies.tf b/policies.tf
index 74924f1..ade42a0 100644
--- a/policies.tf
+++ b/policies.tf
@@ -82,7 +82,6 @@ data "aws_iam_policy_document" "role_permissions" {
       "cloudfront:TagResource",
       "cloudfront:GetInvalidation",
       "cloudfront:CreateInvalidation",
-      "cloudfront:CreateCloudFrontOriginAccessIdentity",
       "cloudfront:GetDistribution",
       "cloudfront:ListTagsForResource",
       "cloudfront:ListInvalidations",