From 2b172a658537c273023d05e3da3ff71724bcc26e Mon Sep 17 00:00:00 2001
From: Artem Nefedov <requiem1337@gmail.com>
Date: Thu, 22 Aug 2024 11:05:11 +0200
Subject: [PATCH] fix: "iam:PassRole" defined in CFN to work properly in AWS
 China

---
 .../getting-started-with-karpenter/cloudformation.yaml          | 2 +-
 website/content/en/preview/reference/cloudformation.md          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml b/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml
index 567808be5830..a688e863fe6e 100644
--- a/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml
+++ b/website/content/en/preview/getting-started/getting-started-with-karpenter/cloudformation.yaml
@@ -212,7 +212,7 @@ Resources:
               "Action": "iam:PassRole",
               "Condition": {
                 "StringEquals": {
-                  "iam:PassedToService": "ec2.amazonaws.com"
+                  "iam:PassedToService": "ec2.${AWS::URLSuffix}"
                 }
               }
             },
diff --git a/website/content/en/preview/reference/cloudformation.md b/website/content/en/preview/reference/cloudformation.md
index 9fcfbf306a71..67d5e565d7b1 100644
--- a/website/content/en/preview/reference/cloudformation.md
+++ b/website/content/en/preview/reference/cloudformation.md
@@ -375,7 +375,7 @@ This gives EC2 permission explicit permission to use the `KarpenterNodeRole-${Cl
   "Action": "iam:PassRole",
   "Condition": {
     "StringEquals": {
-      "iam:PassedToService": "ec2.amazonaws.com"
+      "iam:PassedToService": "ec2.${AWS::URLSuffix}"
     }
   }
 }