From c93848c9b66b60b200caffb11859af087700f39f Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Wed, 14 May 2025 09:21:00 +0200 Subject: [PATCH 01/11] fix: Correct service principal to rds.amazonaws.com since ints universal across partitions. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index a16f796..14d8662 100644 --- a/main.tf +++ b/main.tf @@ -111,7 +111,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = ["rds.${data.aws_partition.current.dns_suffix}"] + identifiers = ["rds.amazonaws.com"] } } } From 1fc2397af633737e7cf777084276690166e72ee7 Mon Sep 17 00:00:00 2001 From: vladislav-orlovskiy <77527847+vladislav-orlovskiy@users.noreply.github.com> Date: Thu, 15 May 2025 11:57:32 +0200 Subject: [PATCH 02/11] Update main.tf Co-authored-by: Bryant Biggs --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 14d8662..8a6cba5 100644 --- a/main.tf +++ b/main.tf @@ -111,7 +111,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = ["rds.amazonaws.com"] + identifiers = distinct(["rds.${data.aws_partition.current.dns_suffix}", "rds.amazonaws.com"]) } } } From 7217651b598dc44a939b45a3770c28a757c95e62 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Thu, 15 May 2025 19:07:27 +0200 Subject: [PATCH 03/11] fix: replace string service principal with datasource to get rid of malformed policy error in China partition --- main.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 8a6cba5..d9cf5e6 100644 --- a/main.tf +++ b/main.tf @@ -6,7 +6,10 @@ locals { data "aws_region" "current" {} data "aws_partition" "current" {} - +data "aws_service_principal" "rds" { + service_name = "rds" + region = data.aws_region.current.region +} ################################################################################ # RDS Proxy ################################################################################ @@ -111,7 +114,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = distinct(["rds.${data.aws_partition.current.dns_suffix}", "rds.amazonaws.com"]) + identifiers = [data.aws_service_principal.rds.id] } } } From 2697d41e8995b6ab68837beb939f9d3a7a6af3f1 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Thu, 15 May 2025 19:15:27 +0200 Subject: [PATCH 04/11] fix: add count to service principal resource. --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index d9cf5e6..7d62ed9 100644 --- a/main.tf +++ b/main.tf @@ -7,6 +7,7 @@ locals { data "aws_region" "current" {} data "aws_partition" "current" {} data "aws_service_principal" "rds" { + count = var.create && var.create_iam_role ? 1 : 0 service_name = "rds" region = data.aws_region.current.region } @@ -114,7 +115,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = [data.aws_service_principal.rds.id] + identifiers = [data.aws_service_principal.rds[0].id] } } } From 324e2db86864add0d3fdbc59bd06a8ed400ec6fc Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Thu, 15 May 2025 19:41:20 +0200 Subject: [PATCH 05/11] fix: add count to service principal resource. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 7d62ed9..717406f 100644 --- a/main.tf +++ b/main.tf @@ -9,7 +9,7 @@ data "aws_partition" "current" {} data "aws_service_principal" "rds" { count = var.create && var.create_iam_role ? 1 : 0 service_name = "rds" - region = data.aws_region.current.region + region = data.aws_region.current.name } ################################################################################ # RDS Proxy From 3b0ef6983d4a4c29c21e127429728c67747dd613 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Thu, 15 May 2025 20:16:08 +0200 Subject: [PATCH 06/11] fix: replace id with suffix. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 717406f..5ce274f 100644 --- a/main.tf +++ b/main.tf @@ -115,7 +115,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = [data.aws_service_principal.rds[0].id] + identifiers = ["rds.${data.aws_service_principal.rds[0].dns_suffix}"] } } } From 6ae3759db861dfd778e1f357806902d21ac52227 Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Thu, 15 May 2025 20:17:05 +0200 Subject: [PATCH 07/11] fix: replace id with suffix. --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5ce274f..948e062 100644 --- a/main.tf +++ b/main.tf @@ -115,7 +115,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = ["rds.${data.aws_service_principal.rds[0].dns_suffix}"] + identifiers = ["rds.${data.aws_service_principal.rds[0].suffix}"] } } } From 131b35fde9c2f294d2e57f713f4448e94b0b07eb Mon Sep 17 00:00:00 2001 From: Uladzislau Orlovskiy Date: Mon, 19 May 2025 20:57:57 +0200 Subject: [PATCH 08/11] fix: replace id with name --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 948e062..aada49a 100644 --- a/main.tf +++ b/main.tf @@ -115,7 +115,7 @@ data "aws_iam_policy_document" "assume_role" { principals { type = "Service" - identifiers = ["rds.${data.aws_service_principal.rds[0].suffix}"] + identifiers = [data.aws_service_principal.rds[0].name] } } } From 9744770e710f857f60e9a56d598d8ef517f6f7db Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 22 May 2025 11:39:27 +0200 Subject: [PATCH 09/11] Apply suggestions from code review --- main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/main.tf b/main.tf index aada49a..5dcf38f 100644 --- a/main.tf +++ b/main.tf @@ -8,8 +8,9 @@ data "aws_region" "current" {} data "aws_partition" "current" {} data "aws_service_principal" "rds" { count = var.create && var.create_iam_role ? 1 : 0 + service_name = "rds" - region = data.aws_region.current.name + region = data.aws_region.current.name } ################################################################################ # RDS Proxy From 8da4f2dacfba5927a61c092c8090f35a9a1e678c Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 22 May 2025 11:39:55 +0200 Subject: [PATCH 10/11] Update main.tf --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index 5dcf38f..f622a07 100644 --- a/main.tf +++ b/main.tf @@ -10,7 +10,7 @@ data "aws_service_principal" "rds" { count = var.create && var.create_iam_role ? 1 : 0 service_name = "rds" - region = data.aws_region.current.name + region = data.aws_region.current.name } ################################################################################ # RDS Proxy From c6294edc6289a4b3fdb51e5d8d4c4f102562755d Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Thu, 22 May 2025 11:42:47 +0200 Subject: [PATCH 11/11] Fixed docs --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index c88d85a..3825e57 100644 --- a/README.md +++ b/README.md @@ -91,6 +91,7 @@ No modules. | [aws_iam_policy_document.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [aws_service_principal.rds](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/service_principal) | data source | ## Inputs