diff --git a/README.md b/README.md index 5ac0b87b..e120d62a 100644 --- a/README.md +++ b/README.md @@ -650,6 +650,7 @@ No modules. | [aws_iam_policy_document.async](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.dead_letter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.logs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source | | [external_external.archive_prepare](https://registry.terraform.io/providers/hashicorp/external/latest/docs/data-sources/external) | data source | ## Inputs diff --git a/iam.tf b/iam.tf index 4d03f52d..6d1bf569 100644 --- a/iam.tf +++ b/iam.tf @@ -152,7 +152,7 @@ resource "aws_iam_role_policy_attachment" "dead_letter" { data "aws_iam_policy" "vpc" { count = local.create_role && var.attach_network_policy ? 1 : 0 - arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" + arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" } resource "aws_iam_policy" "vpc" { @@ -178,7 +178,7 @@ resource "aws_iam_role_policy_attachment" "vpc" { data "aws_iam_policy" "tracing" { count = local.create_role && var.attach_tracing_policy ? 1 : 0 - arn = "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + arn = "arn:${data.aws_partition.current.partition}:iam::aws:policy/AWSXrayWriteOnlyAccess" } resource "aws_iam_policy" "tracing" { diff --git a/main.tf b/main.tf index c8a84317..7c4a10be 100644 --- a/main.tf +++ b/main.tf @@ -1,3 +1,5 @@ +data "aws_partition" "current" {} + locals { archive_filename = element(concat(data.external.archive_prepare.*.result.filename, [null]), 0) archive_was_missing = element(concat(data.external.archive_prepare.*.result.was_missing, [false]), 0)