Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Allow non-aws partitions to be used, including GovCloud #89

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: Allow non-aws partitions to be used, including GovCloud #89

wants to merge 1 commit into from

Conversation

suprememoocow
Copy link

@suprememoocow suprememoocow commented Oct 17, 2024
edited
Loading

↪️ Pull Request

  • Make sure you are opening from a feature/feat/docs/fix/bug/hotfix/stable/chore (right side) and not your master branch!
  • Ensure that the pull request title represents the desired changelog entry

📒 Description

Currently, this module assumes this will always be run in the aws partition. This means that if this is applied in GovCloud, it fails with an invalid partition.

This change uses the current partition, rather than hardcoding to aws. For GovCloud, it will use aws-us-gov.

🕶️ Types of changes

  • Core
  • Bugfix
  • New feature
  • Enhancement/optimization
  • Documentation
  • Dependencies

🤯 List of changes

👫 Relationships

🔎 Review hints

🚨 Test instructions

Checklist

  • My code follows the code style of this project.
  • I have read the CONTRIBUTING document.
  • Added/updated unit tests for this change
  • I have tested the changes and verified that they work and don't break anything (as well as I can manage).
  • Filled out test instructions (In case there aren't any unit tests)
  • I followed the existing code standards and didn't mess up the formatting.
  • My change requires a change to the documentation.
  • I did my best to add documentation to any public classes or methods I added.
  • Included links to related issues/PRs

@suprememoocow
fix: Allow non-aws partitions to be used
4a14bfc 
Currently, this module assumes this will always be run in the `aws`
partition. This means that if this is applied in GovCloud, it fails with
an invalid partition.

This change uses the current partition, rather than hardcoding to `aws`.
For GovCloud, it will use `aws-us-gov`.
@suprememoocow suprememoocow changed the title Allow non-aws partitions to be used fix: Allow non-aws partitions to be used Oct 17, 2024
@suprememoocow suprememoocow changed the title fix: Allow non-aws partitions to be used fix: Allow non-aws partitions to be used, including GovCloud Oct 17, 2024
@suprememoocow
Copy link
Author

@ivankatliarchuk good day! I'm hitting a problem when trying to use this module in AWS GovCloud.

I get the following error: Partition "aws" is not valid for resource.

╷
│ Error: creating IAM Policy (EnforceMFA): operation error IAM: CreatePolicy, https response error StatusCode: 400, RequestID: XXXX, MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:iam::XXXX:mfa/${aws:username}".
│ 
│   with module.aws.module.user_group_membership.module.enforce_mfa[0].aws_iam_policy.this,
│   on .terraform/modules/aws.user_group_membership.enforce_mfa/main.tf line 1, in resource "aws_iam_policy" "this":
│    1: resource "aws_iam_policy" "this" {
│ 
╵

This is because GovCloud does not use arn:aws but rather arn:aws-us-gov. Likewise, AWS China uses a different partition scheme too.

Would you mind reviewing this change please?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@suprememoocow