Skip to content

Commit 9a0b0ca

Browse files
antonbabenkoantonbabenko
authored
feat: Added support for partition in IAM policies to work in GovCloud (#201)
1 parent b5d6dde commit 9a0b0ca

File tree

3 files changed

+5
-2
lines changed

3 files changed

+5
-2
lines changed

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -650,6 +650,7 @@ No modules.
650650
| [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
651651
| [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
652652
| [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
653+
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
653654
| [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source |
654655

655656
## Inputs

iam.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ resource "aws_iam_role_policy_attachment" "dead_letter" {
152152
data "aws_iam_policy" "vpc" {
153153
count = local.create_role && var.attach_network_policy ? 1 : 0
154154

155-
arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess"
155+
arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess"
156156
}
157157

158158
resource "aws_iam_policy" "vpc" {
@@ -178,7 +178,7 @@ resource "aws_iam_role_policy_attachment" "vpc" {
178178
data "aws_iam_policy" "tracing" {
179179
count = local.create_role && var.attach_tracing_policy ? 1 : 0
180180

181-
arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
181+
arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess"
182182
}
183183

184184
resource "aws_iam_policy" "tracing" {

main.tf

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
data "aws_partition" "current" {}
2+
13
locals {
24
archive_filename = element(concat(data.external.archive_prepare.*.result.filename, [null]), 0)
35
archive_was_missing = element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0)

0 commit comments

Comments
 (0)