fix: Replace Karpenter SQS policy dynamic service princpal DNS suffixes with static amazonaws.com (#2941)

bryantbiggs · web-flow · commit 081c7624a5a4 · 2024-02-21T17:30:49.000-05:00
fix: Replace dynamic service princpal DNS suffixes with static `amazonaws.com`
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.86.0
+    rev: v1.87.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
diff --git a/modules/karpenter/main.tf b/modules/karpenter/main.tf
@@ -4,7 +4,6 @@ data "aws_caller_identity" "current" {}
 
 locals {
   account_id = data.aws_caller_identity.current.account_id
-  dns_suffix = data.aws_partition.current.dns_suffix
   partition  = data.aws_partition.current.partition
   region     = data.aws_region.current.name
 }
@@ -445,8 +444,8 @@ data "aws_iam_policy_document" "queue" {
     principals {
       type = "Service"
       identifiers = [
-        "events.${local.dns_suffix}",
-        "sqs.${local.dns_suffix}",
+        "events.amazonaws.com",
+        "sqs.amazonaws.com",
       ]
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,6 @@ data "aws_caller_identity" "current" {}`
`4`	`4`
`5`	`5`	`locals {`
`6`	`6`	`account_id = data.aws_caller_identity.current.account_id`
`7`		`- dns_suffix = data.aws_partition.current.dns_suffix`
`8`	`7`	`partition = data.aws_partition.current.partition`
`9`	`8`	`region = data.aws_region.current.name`
`10`	`9`	`}`
`@@ -445,8 +444,8 @@ data "aws_iam_policy_document" "queue" {`
`445`	`444`	`principals {`
`446`	`445`	`type = "Service"`
`447`	`446`	`identifiers = [`
`448`		`- "events.${local.dns_suffix}",`
`449`		`- "sqs.${local.dns_suffix}",`
	`447`	`+ "events.amazonaws.com",`
	`448`	`+ "sqs.amazonaws.com",`
`450`	`449`	`]`
`451`	`450`	`}`
`452`	`451`	`}`