From 052bba89a09f3f4e0cf5ff86faeb1b79c0df7193 Mon Sep 17 00:00:00 2001
From: Oliver Smith <osmith@netvirta.com>
Date: Thu, 17 Jul 2025 10:25:56 +0100
Subject: [PATCH 1/2] Allow for both amazonaws.com.cn and amazonaws.com
 conditions as required for AWS CN

---
 modules/karpenter/policy.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index 26c0b235c0..300ef1707b 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["ec2.${local.dns_suffix}"]
+      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
     }
   }
 

From 88fde5a41366e81ac7a1c719314df8fd68adcd0e Mon Sep 17 00:00:00 2001
From: Oliver Smith <osmith@netvirta.com>
Date: Thu, 17 Jul 2025 11:01:07 +0100
Subject: [PATCH 2/2] Allow for both amazonaws.com.cn and amazonaws.com
 conditions as required for AWS CN - set in correct policy

---
 modules/karpenter/policy.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf
index 300ef1707b..b9068d7b60 100644
--- a/modules/karpenter/policy.tf
+++ b/modules/karpenter/policy.tf
@@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
+      values   = ["ec2.${local.dns_suffix}"]
     }
   }
 
@@ -585,7 +585,7 @@ data "aws_iam_policy_document" "v1" {
     condition {
       test     = "StringEquals"
       variable = "iam:PassedToService"
-      values   = ["ec2.${local.dns_suffix}"]
+      values   = distinct(["ec2.${local.dns_suffix}", "ec2.amazonaws.com"])
     }
   }