feat: Dynamic Partition for IRSA to support AWS-CN Deployments (terra…

…form-aws-modules#1028)
Polyconseil · Oct 25, 2020 · d346085 · d346085
1 parent 47a8eba
commit d346085
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/irsa.tf b/irsa.tf
@@ -9,7 +9,7 @@
 
 resource "aws_iam_openid_connect_provider" "oidc_provider" {
   count           = var.enable_irsa && var.create_eks ? 1 : 0
-  client_id_list  = ["sts.amazonaws.com"]
+  client_id_list  = [local.sts_principal]
   thumbprint_list = [var.eks_oidc_root_ca_thumbprint]
   url             = flatten(concat(aws_eks_cluster.this[*].identity[*].oidc.0.issuer, [""]))[0]
 }
diff --git a/local.tf b/local.tf
@@ -31,6 +31,7 @@ locals {
   )
 
   ec2_principal = "ec2.${data.aws_partition.current.dns_suffix}"
+  sts_principal = "sts.${data.aws_partition.current.dns_suffix}"
 
   policy_arn_prefix = "arn:${data.aws_partition.current.partition}:iam::aws:policy"
   workers_group_defaults_defaults = {