fix karpenter iam passrole to ec2 api bug, to support aws cn

Shuiping · Shuiping · commit caf5d2aff166 · 2024-10-26T12:01:39.000+08:00
diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
@@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["ec2.amazonaws.com"]
+      values   = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"]
     }
   }
 
@@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["ec2.amazonaws.com"]
+      values   = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"]
     }
   }
 

Original file line number	Diff line number	Diff line change
`@@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" {`
`195`	`195`	`condition {`
`196`	`196`	`test = "StringEquals"`
`197`	`197`	`variable = "iam:PassedToService"`
`198`		`- values = ["ec2.amazonaws.com"]`
	`198`	`+ values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"]`
`199`	`199`	`}`
`200`	`200`	`}`
`201`	`201`
`@@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" {`
`584`	`584`	`condition {`
`585`	`585`	`test = "StringEquals"`
`586`	`586`	`variable = "iam:PassedToService"`
`587`		`- values = ["ec2.amazonaws.com"]`
	`587`	`+ values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"]`
`588`	`588`	`}`
`589`	`589`	`}`
`590`	`590`