feat: Convert region into an array #103

mitch-hamm · 2024-11-25T22:54:51Z

closes: #102

Allow passing an array of regions incase a customer has multiple regional deployments under one account and doesn't want to grant * access

mitch-hamm · 2024-11-25T22:58:33Z

modules/aws/vendor-access/main.tf

+  account_id                  = data.aws_caller_identity.current.account_id
+  additional_iam_policy_arns  = distinct(compact(var.additional_iam_policy_arns))
+  allowed_iam_policies        = join(", ", formatlist("\"%s\"", distinct(concat(local.additional_iam_policy_arns, local.default_allowed_iam_policies))))
+  arn_like_vpcs               = formatlist("\"arn:%s:ec2:*:%s:vpc/%s\"", local.aws_partition, local.account_id, var.vpc_allowed_ids)


This has been updated from
arn:aws:ec2:${region}:717279720372:vpc/123456789
to
arn:aws:ec2:*:717279720372:vpc/123456789
Since we don't know which region in the array the VPC belongs to ahead of time. VPC ID is also more specific than the region so this shouldn't change any scope

Convert region into an array

fe481e8

mitch-hamm requested a review from a team as a code owner November 25, 2024 22:54

github-actions bot assigned mitch-hamm Nov 25, 2024

mitch-hamm commented Nov 25, 2024

View reviewed changes

mitch-hamm changed the title ~~Convert region into an array~~ feat: Convert region into an array Nov 29, 2024

mitch-hamm requested review from maxsxu and ciiiii December 2, 2024 23:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat: Convert region into an array #103

feat: Convert region into an array #103

mitch-hamm commented Nov 25, 2024

mitch-hamm Nov 25, 2024

feat: Convert region into an array #103

Are you sure you want to change the base?

feat: Convert region into an array #103

Conversation

mitch-hamm commented Nov 25, 2024

mitch-hamm Nov 25, 2024

Choose a reason for hiding this comment