Update policies.tf

Add functionality to interpolate resource arns to use local.partition instead of hardcoded value of "aws" to prevent breaking non-commercial use cases.
terraform-aws-modules · Oct 22, 2024 · 11b0af9 · 11b0af9
1 parent 0773c17
commit 11b0af9
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/modules/iam-role-for-service-accounts-eks/policies.tf b/modules/iam-role-for-service-accounts-eks/policies.tf
@@ -200,7 +200,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["arn:aws:ec2:*:*:volume/*"]
+    resources = ["arn:${local.partition}:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -213,7 +213,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["arn:aws:ec2:*:*:volume/*"]
+    resources = ["arn:${local.partition}:ec2:*:*:volume/*"]
 
     condition {
       test     = "StringLike"
@@ -235,7 +235,7 @@ data "aws_iam_policy_document" "ebs_csi" {
 
   statement {
     actions   = ["ec2:CreateVolume"]
-    resources = ["arn:aws:ec2:*:*:snapshot/*"]
+    resources = ["arn:${local.partition}:ec2:*:*:snapshot/*"]
   }
 
   statement {