Skip to content

Commit

Permalink
Merge pull request #35 from trussworks/cblkwell-fixing-for-govcloud
Browse files Browse the repository at this point in the history 
Updating for govcloud compatibility
  • Loading branch information
@cblkwell
cblkwell authored Feb 17, 2020
2 parents e46531f + d91f701 commit e4442c2
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 5 deletions.
4 changes: 2 additions & 2 deletions config-aggregator.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ resource "aws_iam_role" "aggregator" {
resource "aws_iam_role_policy_attachment" "aggregator" {
count = var.aggregate_organization ? 1 : 0
role = aws_iam_role.aggregator[0].name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations"
policy_arn = format("arn:%s:iam::aws:policy/service-role/AWSConfigRoleForOrganizations", data.aws_partition.current.partition)
}

#
Expand All @@ -40,4 +40,4 @@ resource "aws_config_configuration_aggregator" "organization" {
all_regions = true
role_arn = aws_iam_role.aggregator[0].arn
}
}
}
7 changes: 4 additions & 3 deletions iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,9 +37,10 @@ data "template_file" "aws_config_policy" {
JSON

vars = {
bucket_arn = format("arn:aws:s3:::%s", var.config_logs_bucket)
bucket_arn = format("arn:%s:s3:::%s", data.aws_partition.current.partition, var.config_logs_bucket)
resource = format(
"arn:aws:s3:::%s/%s/AWSLogs/%s/Config/*",
"arn:%s:s3:::%s/%s/AWSLogs/%s/Config/*",
data.aws_partition.current.partition,
var.config_logs_bucket,
var.config_logs_prefix,
data.aws_caller_identity.current.account_id,
Expand Down Expand Up @@ -73,7 +74,7 @@ resource "aws_iam_role" "main" {
resource "aws_iam_policy_attachment" "managed-policy" {
name = "${var.config_name}-managed-policy"
roles = [aws_iam_role.main.name]
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSConfigRole"
policy_arn = format("arn:%s:iam::aws:policy/service-role/AWSConfigRole", data.aws_partition.current.partition)
}

resource "aws_iam_policy" "aws-config-policy" {
Expand Down
1 change: 1 addition & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
data "aws_partition" "current" {}

0 comments on commit e4442c2

Please sign in to comment.