# SEC-001 VIOLATION: IAM resources in a service repo
resource "aws_iam_role" "service_role" {
  name = "user-service-role"
  assume_role_policy = data.aws_iam_policy_document.assume.json
}

resource "aws_iam_policy" "s3_access" {
  name   = "user-service-s3-access"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Effect   = "Allow"
      Action   = ["s3:GetObject", "s3:PutObject"]
      Resource = "arn:aws:s3:::reltio-prod-data/*"
    }]
  })
}

# OPS-002 VIOLATION: Infrastructure provisioning in service repo
resource "aws_sqs_queue" "user_events" {
  name = "user-events-queue"
}

resource "aws_dynamodb_table" "user_cache" {
  name         = "user-cache"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "userId"
}