use correct policy arns for CN regions (cn-north-1, cn-northwest-1) #765
Conversation
|
cc @max-rocket-internet |
cofyc
force-pushed
the
configure-policy-arns
branch
from
1dbc2a0 to
0abed32
Compare
| role = aws_iam_role.workers[0].name | ||
| } | ||
|
|
||
| resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" { | ||
| count = var.manage_worker_iam_resources && var.attach_worker_cni_policy && var.create_eks ? 1 : 0 | ||
| policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy" | ||
| policy_arn = "${local.policy_arn_prefix}/AmazonEKS_CNI_Policy" |
There was a problem hiding this comment.
What about using aws_partition data resource instead?
data "aws_partition" "current" {}
resource "aws_iam_role_policy_attachment" "workers_AmazonEKSWorkerNodePolicy" {
count = var.manage_worker_iam_resources && var.create_eks ? 1 : 0
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.workers[0].name
}
resource "aws_iam_role_policy_attachment" "workers_AmazonEKS_CNI_Policy" {
count = var.manage_worker_iam_resources && var.attach_worker_cni_policy && var.create_eks ? 1 : 0
policy_arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AmazonEKS_CNI_Policy"
}
There was a problem hiding this comment.
ah, this looks perfect! Send a PR for this?
There was a problem hiding this comment.
There was a problem hiding this comment.
Sure, will send a PR shortly 😄
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
PR o'clock
Description
Please explain the changes you made here and link to any relevant issues.
Checklist