Skip to content

Commit 382b1a9

Browse files
joelryan2kkayman-mk
joelryan2k
and
kayman-mk
authored
fix: use current partition instead of assuming aws (#1274)
## Description Don't hardcode the aws partition as it is not always `aws`, e.g. gov cloud, China. Fixes #1273 ## Verification I cherry picked this against the 9.2.0 tag and verified that it applies against a gov-cloud account. --------- Co-authored-by: Matthias Kay <matthias.kay@hlag.com>
1 parent abb98a2 commit 382b1a9

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

modules/terminate-agent-hook/iam.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -189,5 +189,5 @@ resource "aws_iam_role_policy_attachment" "spot_request_housekeeping" {
189189

190190
resource "aws_iam_role_policy_attachment" "aws_lambda_vpc_access_execution_role" {
191191
role = aws_iam_role.lambda.name
192-
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
192+
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole"
193193
}

policies/kms-policy.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
"Effect": "Allow",
3535
"Principal": {
3636
"AWS": [
37-
"arn:aws:iam::${account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
37+
"arn:${partition}:iam::${account_id}:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling"
3838
]
3939
},
4040
"Action": [

0 commit comments

Comments
 (0)