Skip to content

fix: Allow non-aws partitions to be used, including GovCloud #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 5, 2025
Merged

fix: Allow non-aws partitions to be used, including GovCloud #89

merged 1 commit into from
Jan 5, 2025

Conversation

@suprememoocow
Copy link
Contributor

@suprememoocow suprememoocow commented Oct 17, 2024
edited
Loading

↪️ Pull Request

  • Make sure you are opening from a feature/feat/docs/fix/bug/hotfix/stable/chore (right side) and not your master branch!
  • Ensure that the pull request title represents the desired changelog entry

📒 Description

Currently, this module assumes this will always be run in the aws partition. This means that if this is applied in GovCloud, it fails with an invalid partition.

This change uses the current partition, rather than hardcoding to aws. For GovCloud, it will use aws-us-gov.

🕶️ Types of changes

  • Core
  • Bugfix
  • New feature
  • Enhancement/optimization
  • Documentation
  • Dependencies

🤯 List of changes

👫 Relationships

🔎 Review hints

🚨 Test instructions

Checklist

  • My code follows the code style of this project.
  • I have read the CONTRIBUTING document.
  • Added/updated unit tests for this change
  • I have tested the changes and verified that they work and don't break anything (as well as I can manage).
  • Filled out test instructions (In case there aren't any unit tests)
  • I followed the existing code standards and didn't mess up the formatting.
  • My change requires a change to the documentation.
  • I did my best to add documentation to any public classes or methods I added.
  • Included links to related issues/PRs

@suprememoocow
fix: Allow non-aws partitions to be used
4a14bfc 
Currently, this module assumes this will always be run in the `aws`
partition. This means that if this is applied in GovCloud, it fails with
an invalid partition.

This change uses the current partition, rather than hardcoding to `aws`.
For GovCloud, it will use `aws-us-gov`.
@suprememoocow suprememoocow changed the title Allow non-aws partitions to be used fix: Allow non-aws partitions to be used Oct 17, 2024
@suprememoocow suprememoocow changed the title fix: Allow non-aws partitions to be used fix: Allow non-aws partitions to be used, including GovCloud Oct 17, 2024
@suprememoocow
Copy link
Contributor Author

suprememoocow commented Oct 17, 2024

@ivankatliarchuk good day! I'm hitting a problem when trying to use this module in AWS GovCloud.

I get the following error: Partition "aws" is not valid for resource.

╷
│ Error: creating IAM Policy (EnforceMFA): operation error IAM: CreatePolicy, https response error StatusCode: 400, RequestID: XXXX, MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:iam::XXXX:mfa/${aws:username}".
│ 
│   with module.aws.module.user_group_membership.module.enforce_mfa[0].aws_iam_policy.this,
│   on .terraform/modules/aws.user_group_membership.enforce_mfa/main.tf line 1, in resource "aws_iam_policy" "this":
│    1: resource "aws_iam_policy" "this" {
│ 
╵

This is because GovCloud does not use arn:aws but rather arn:aws-us-gov. Likewise, AWS China uses a different partition scheme too.

Would you mind reviewing this change please?

@ivankatliarchuk ivankatliarchuk merged commit 902488d into terraform-module:master Jan 5, 2025
6 checks passed
@suprememoocow suprememoocow deleted the partition-aware branch January 14, 2025 13:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suprememoocow @ivankatliarchuk