Support AWS partition for SSM resources (#148)

dlundgren · actions-bot · web-flow · commit db55ac74c0a2 · 2023-01-11T19:54:41.000-05:00
* Support AWS partition for SSM resources

* Updated README.md

Co-authored-by: actions-bot &lt;58130806+actions-bot@users.noreply.github.com&gt;
diff --git a/README.md b/README.md
@@ -455,7 +455,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.
 
 ## Copyright
 
-Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)
+Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)
 
 
 
diff --git a/ssm_patch.tf b/ssm_patch.tf
@@ -1,7 +1,7 @@
 
 locals {
   ssm_patch_log_bucket_enabled = local.ssm_enabled && var.ssm_patch_manager_s3_log_bucket != "" && var.ssm_patch_manager_s3_log_bucket != null
-  ssm_policy_arn               = var.ssm_patch_manager_iam_policy_arn == null || var.ssm_patch_manager_iam_policy_arn == "" ? "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" : var.ssm_patch_manager_iam_policy_arn
+  ssm_policy_arn               = var.ssm_patch_manager_iam_policy_arn == null || var.ssm_patch_manager_iam_policy_arn == "" ? "arn:${data.aws_partition.default.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore" : var.ssm_patch_manager_iam_policy_arn
   ssm_enabled                  = local.enabled && var.ssm_patch_manager_enabled
 }
 
@@ -25,8 +25,8 @@ data "aws_iam_policy_document" "ssm_patch_s3_log_policy" {
       "s3:GetEncryptionConfiguration",
     ]
     resources = [
-      "arn:aws:s3:::${var.ssm_patch_manager_s3_log_bucket}/*",
-      "arn:aws:s3:::${var.ssm_patch_manager_s3_log_bucket}",
+      "arn:${data.aws_partition.default.partition}:s3:::${var.ssm_patch_manager_s3_log_bucket}/*",
+      "arn:${data.aws_partition.default.partition}:s3:::${var.ssm_patch_manager_s3_log_bucket}",
     ]
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -455,7 +455,7 @@ In general, PRs are welcome. We follow the typical "fork-and-pull" Git workflow.`
`455`	`455`
`456`	`456`	`## Copyright`
`457`	`457`
`458`		`-Copyright © 2017-2022 [Cloud Posse, LLC](https://cpco.io/copyright)`
	`458`	`+Copyright © 2017-2023 [Cloud Posse, LLC](https://cpco.io/copyright)`
`459`	`459`
`460`	`460`
`461`	`461`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`
`2`	`2`	`locals {`
`3`	`3`	`ssm_patch_log_bucket_enabled = local.ssm_enabled && var.ssm_patch_manager_s3_log_bucket != "" && var.ssm_patch_manager_s3_log_bucket != null`
`4`		`- ssm_policy_arn = var.ssm_patch_manager_iam_policy_arn == null \|\| var.ssm_patch_manager_iam_policy_arn == "" ? "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" : var.ssm_patch_manager_iam_policy_arn`
	`4`	`+ ssm_policy_arn = var.ssm_patch_manager_iam_policy_arn == null \|\| var.ssm_patch_manager_iam_policy_arn == "" ? "arn:${data.aws_partition.default.partition}:iam::aws:policy/AmazonSSMManagedInstanceCore" : var.ssm_patch_manager_iam_policy_arn`
`5`	`5`	`ssm_enabled = local.enabled && var.ssm_patch_manager_enabled`
`6`	`6`	`}`
`7`	`7`
`@@ -25,8 +25,8 @@ data "aws_iam_policy_document" "ssm_patch_s3_log_policy" {`
`25`	`25`	`"s3:GetEncryptionConfiguration",`
`26`	`26`	`]`
`27`	`27`	`resources = [`
`28`		`- "arn:aws:s3:::${var.ssm_patch_manager_s3_log_bucket}/*",`
`29`		`- "arn:aws:s3:::${var.ssm_patch_manager_s3_log_bucket}",`
	`28`	`+ "arn:${data.aws_partition.default.partition}:s3:::${var.ssm_patch_manager_s3_log_bucket}/*",`
	`29`	`+ "arn:${data.aws_partition.default.partition}:s3:::${var.ssm_patch_manager_s3_log_bucket}",`
`30`	`30`	`]`
`31`	`31`	`}`
`32`	`32`	`}`