From 80fb29ced3573d3c0b801905fb2a187ee9b485ff Mon Sep 17 00:00:00 2001 From: julgircast <133015764+julgircast@users.noreply.github.com> Date: Tue, 16 May 2023 17:33:28 +0300 Subject: [PATCH] Take current aws partition from data source (#8) Co-authored-by: Julius Giriunas --- main.tf | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/main.tf b/main.tf index 44028dd..51d9f08 100644 --- a/main.tf +++ b/main.tf @@ -5,8 +5,11 @@ locals { iam_policy_name = var.create_iam_resources_per_cluster ? "CastEKSPolicy-${local.resource_name_postfix}" : "CastEKSPolicy-tf" iam_role_policy_name = "castai-user-policy-${local.resource_name_postfix}" instance_profile_role_name = "castai-eks-instance-${local.resource_name_postfix}" + iam_policy_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy" } +data "aws_partition" "current" {} + # castai eks settings (provides required iam policies) data "castai_eks_settings" "eks" { @@ -33,8 +36,8 @@ resource "aws_iam_policy" "castai_iam_policy" { resource "aws_iam_role_policy_attachment" "castai_iam_readonly_policy_attachment" { for_each = toset([ - "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess", - "arn:aws:iam::aws:policy/IAMReadOnlyAccess", + "${local.iam_policy_prefix}/AmazonEC2ReadOnlyAccess", + "${local.iam_policy_prefix}/IAMReadOnlyAccess", ]) role = aws_iam_role.test_role.name policy_arn = each.value @@ -71,9 +74,9 @@ resource "aws_iam_instance_profile" "instance_profile" { resource "aws_iam_role_policy_attachment" "castai_instance_profile_policy" { for_each = toset([ - "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy", - "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly", - "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" + "${local.iam_policy_prefix}/AmazonEKSWorkerNodePolicy", + "${local.iam_policy_prefix}/AmazonEC2ContainerRegistryReadOnly", + "${local.iam_policy_prefix}/AmazonEKS_CNI_Policy" ]) role = aws_iam_instance_profile.instance_profile.role