String interpolation for account id

robertnovac1 · robertnovac1 · commit 710dfeb97577 · 2025-07-03T09:08:04.000+01:00
diff --git a/infra_old/endpoints.tf b/infra_old/endpoints.tf
@@ -243,8 +243,8 @@ resource "aws_vpc_endpoint" "kms_endpoint" {
           "kms:GenerateDataKey*"
         ],
         Resource = [
-          "arn:aws:kms:eu-west-2:084828561157:key/4e643221-4cb8-49c5-9a78-ced991ff52ae",
-          "arn:aws:kms:eu-west-2:084828561157:key/d7b3c213-3c05-4caf-bb95-fdb2a6e533b1"
+          "arn:aws:kms:eu-west-2:${var.imms_account_id}:key/4e643221-4cb8-49c5-9a78-ced991ff52ae",
+          "arn:aws:kms:eu-west-2:${var.imms_account_id}:key/d7b3c213-3c05-4caf-bb95-fdb2a6e533b1"
         ]
       }
     ]
diff --git a/infra_old/kms_dynamo.tf b/infra_old/kms_dynamo.tf
@@ -10,7 +10,7 @@ resource "aws_kms_key" "dynamodb_encryption" {
     {
       "Sid": "Allow administration of the key",
       "Effect": "Allow",
-      "Principal": { "AWS": "arn:aws:iam::084828561157:root" },
+      "Principal": { "AWS": "arn:aws:iam::${var.imms_account_id}:root" },
       "Action": [
         "kms:Create*",
         "kms:Describe*",
@@ -33,7 +33,7 @@ resource "aws_kms_key" "dynamodb_encryption" {
     {
       "Sid": "KMS KeyUser access",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/auto-ops"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/auto-ops"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -43,7 +43,7 @@ resource "aws_kms_key" "dynamodb_encryption" {
     {
       "Sid": "KMS KeyUser access for DevOps",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/DevOps"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/DevOps"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -53,7 +53,7 @@ resource "aws_kms_key" "dynamodb_encryption" {
     {
       "Sid": "KMS KeyUser access for Admin",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
diff --git a/infra_old/kms_kinesis.tf b/infra_old/kms_kinesis.tf
@@ -10,7 +10,7 @@ resource "aws_kms_key" "kinesis_stream_encryption" {
     {
     "Sid": "Allow administration of the key",
     "Effect": "Allow",
-    "Principal": { "AWS": "arn:aws:iam::084828561157:root" },
+    "Principal": { "AWS": "arn:aws:iam::${var.imms_account_id}:root" },
     "Action": [
         "kms:Create*",
         "kms:Describe*",
@@ -33,7 +33,7 @@ resource "aws_kms_key" "kinesis_stream_encryption" {
     {
     "Sid": "KMS KeyUser access",
     "Effect": "Allow",
-    "Principal": {"AWS": ["arn:aws:iam::084828561157:role/auto-ops"]},
+    "Principal": {"AWS": ["arn:aws:iam::${var.imms_account_id}:role/auto-ops"]},
     "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -43,7 +43,7 @@ resource "aws_kms_key" "kinesis_stream_encryption" {
     {
     "Sid": "KMS KeyUser access for Devops",
     "Effect": "Allow",
-    "Principal": {"AWS": ["arn:aws:iam::084828561157:role/DevOps"]},
+    "Principal": {"AWS": ["arn:aws:iam::${var.imms_account_id}:role/DevOps"]},
     "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -53,7 +53,7 @@ resource "aws_kms_key" "kinesis_stream_encryption" {
     {
       "Sid": "KMS KeyUser access for Admin",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
diff --git a/infra_old/kms_lambda.tf b/infra_old/kms_lambda.tf
@@ -10,7 +10,7 @@ resource "aws_kms_key" "lambda_env_encryption" {
     {
     "Sid": "Allow administration of the key",
     "Effect": "Allow",
-    "Principal": { "AWS": "arn:aws:iam::084828561157:root" },
+    "Principal": { "AWS": "arn:aws:iam::${var.imms_account_id}:root" },
     "Action": [
         "kms:Create*",
         "kms:Describe*",
@@ -33,7 +33,7 @@ resource "aws_kms_key" "lambda_env_encryption" {
     {
     "Sid": "KMS KeyUser access",
     "Effect": "Allow",
-    "Principal": {"AWS": ["arn:aws:iam::084828561157:role/auto-ops"]},
+    "Principal": {"AWS": ["arn:aws:iam::${var.imms_account_id}:role/auto-ops"]},
     "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -43,7 +43,7 @@ resource "aws_kms_key" "lambda_env_encryption" {
     {
     "Sid": "KMS KeyUser access for Devops",
     "Effect": "Allow",
-    "Principal": {"AWS": ["arn:aws:iam::084828561157:role/DevOps"]},
+    "Principal": {"AWS": ["arn:aws:iam::${var.imms_account_id}:role/DevOps"]},
     "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
@@ -53,7 +53,7 @@ resource "aws_kms_key" "lambda_env_encryption" {
     {
       "Sid": "KMS KeyUser access for Admin",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"
diff --git a/infra_old/kms_s3.tf b/infra_old/kms_s3.tf
@@ -9,7 +9,7 @@ resource "aws_kms_key" "s3_shared_key" {
     {
     "Sid": "Allow administration of the key",
     "Effect": "Allow",
-    "Principal": { "AWS": "arn:aws:iam::084828561157:root" },
+    "Principal": { "AWS": "arn:aws:iam::${var.imms_account_id}:root" },
     "Action": [
         "kms:Create*",
         "kms:Describe*",
@@ -45,7 +45,7 @@ resource "aws_kms_key" "s3_shared_key" {
    {
       "Sid": "KMS KeyUser access for Admin",
       "Effect": "Allow",
-      "Principal": { "AWS": ["arn:aws:iam::084828561157:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
+      "Principal": { "AWS": ["arn:aws:iam::${var.imms_account_id}:role/aws-reserved/sso.amazonaws.com/eu-west-2/AWSReservedSSO_PREPROD-IMMS-Admin_acce656dcacf6f4c"] },
       "Action": [
         "kms:Encrypt",
         "kms:GenerateDataKey*"

Original file line number	Diff line number	Diff line change
`@@ -243,8 +243,8 @@ resource "aws_vpc_endpoint" "kms_endpoint" {`
`243`	`243`	`"kms:GenerateDataKey*"`
`244`	`244`	`],`
`245`	`245`	`Resource = [`
`246`		`- "arn:aws:kms:eu-west-2:084828561157:key/4e643221-4cb8-49c5-9a78-ced991ff52ae",`
`247`		`- "arn:aws:kms:eu-west-2:084828561157:key/d7b3c213-3c05-4caf-bb95-fdb2a6e533b1"`
	`246`	`+ "arn:aws:kms:eu-west-2:${var.imms_account_id}:key/4e643221-4cb8-49c5-9a78-ced991ff52ae",`
	`247`	`+ "arn:aws:kms:eu-west-2:${var.imms_account_id}:key/d7b3c213-3c05-4caf-bb95-fdb2a6e533b1"`
`248`	`248`	`]`
`249`	`249`	`}`
`250`	`250`	`]`