Skip to content

Commit 42a40bc

Browse files
jameslinnelljameslinnell
committed
Add caller identity data to the lambda module
1 parent 1b0eff8 commit 42a40bc

File tree

1 file changed

+3
-1
lines changed
  • infrastructure/modules/lambda

1 file changed

+3
-1
lines changed

infrastructure/modules/lambda/main.tf

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,8 @@ resource "aws_cloudwatch_log_group" "lambda_logs" {
3333
retention_in_days = 1
3434
}
3535

36+
data "aws_caller_identity" "current" {}
37+
3638
data "aws_iam_policy_document" "lambda_kms_policy" {
3739
statement {
3840
sid = "AllowRootAccountAccess"
@@ -41,7 +43,7 @@ data "aws_iam_policy_document" "lambda_kms_policy" {
4143
principals {
4244
type = "AWS"
4345
identifiers = [
44-
"arn:aws:iam::${var.account_id}:root"
46+
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
4547
]
4648
}
4749

0 commit comments

Comments
 (0)