data "aws_region" "current" {}
data "aws_caller_identity" "current" {}
data "aws_partition" "current" {}

data "aws_availability_zones" "available" {
  state = "available"
}


data "aws_iam_policy_document" "aws_glue_mwaa_json" {
  statement {
    sid       = "GlueCommon"
    effect    = "Allow"
    resources = [ 
        "arn:${data.aws_partition.current.partition}:glue:${data.aws_region.current.id}:${local.account}:*"
    ]
    actions = [
                "glue:CreateJob",
                "glue:ListCrawlers",
                "glue:ListJobs",
                "glue:CreateCrawler"
    ]
  }
  statement {
    sid       = "GlueMetrics"
    effect    = "Allow"
    resources = [ 
        "*"
    ]
    actions = [
                "glue:GetCrawlerMetrics"
              ]
  }
  statement {
    sid       = "GlueCrawler"
    effect    = "Allow"
    resources = [ 
        "arn:${data.aws_partition.current.partition}:glue:${data.aws_region.current.id}:${local.account}:crawler/*"
    ]
    actions = [
                "glue:GetCrawler",
                "glue:StartCrawler",
                "glue:UpdateCrawler"
    ]
  }
  statement {
    sid       = "GlueJob"
    effect    = "Allow"
    resources = [ 
        "arn:${data.aws_partition.current.partition}:glue:${data.aws_region.current.id}:${local.account}:job/*"
    ]
    actions = [
                "glue:StartJobRun",
                "glue:GetJobRun",
                "glue:UpdateJob",
                "glue:GetJob"
    ]
  }

  statement {
    sid       = "Gluepassrole"
    effect    = "Allow"
    resources =  [aws_iam_role.glue_service_role.arn]
    actions = [
          "iam:PassRole",
          "iam:GetRole"
    ]
  }

  ## This statement is needed for copying weather station data ###
  statement {
    sid       = "s3Remote"
    effect    = "Allow"
    resources = [ 
        "arn:${data.aws_partition.current.partition}:s3:::noaa-ghcn-pds/*",
        "arn:${data.aws_partition.current.partition}:s3:::noaa-ghcn-pds"
    ]
    actions = [
                "s3:GetObject",
                "s3:ListBucket"
    ]
  }
  statement {
    sid       = "s3Local"
    effect    = "Allow"
    resources = [ 
        "arn:${data.aws_partition.current.partition}:s3:::${aws_s3_bucket.aws_glue_mwaa_bucket.id}/*",
        "arn:${data.aws_partition.current.partition}:s3:::${aws_s3_bucket.aws_glue_mwaa_bucket.id}"
    ]
    actions = [
                "s3:PutObject*",
                "s3:ListBucket"
    ]
  }

}