Merge pull request #10 from trussworks/cblkwell-fix-for-govcloud

Updating for GovCloud compatibility

.circleci/config.yml

@@ -2,7 +2,7 @@ version: 2
 jobs:
   validate:
     docker:
-      - image: trussworks/circleci-docker-primary:tf12-86954077a1d6587de6c636ed6163001fd0575d87
+      - image: trussworks/circleci-docker-primary:2d679f4bc2c1ab1fc46e2ef440d8ef300da607b8
     steps:
       - checkout
       - restore_cache:

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: git://github.com/pre-commit/pre-commit-hooks
-    rev: v2.4.0
+    rev: v2.5.0
     hooks:
       - id: check-json
       - id: check-merge-conflict
@@ -12,18 +12,18 @@ repos:
       - id: trailing-whitespace
 
   - repo: git://github.com/igorshubovych/markdownlint-cli
-    rev: v0.19.0
+    rev: v0.22.0
     hooks:
       - id: markdownlint
 
   - repo: git://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.19.0
+    rev: v1.25.0
     hooks:
       - id: terraform_docs
       - id: terraform_fmt
 
   - repo: git://github.com/golangci/golangci-lint
-    rev: v1.21.0
+    rev: v1.23.6
     hooks:
       - id: golangci-lint
         entry: golangci-lint run --verbose

.terraform-version

@@ -1 +1 @@
-0.12.12
+0.12.19

README.md

@@ -1,3 +1,4 @@
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 Configures IAM policy to enforce MFA when accessing the AWS API.
 
 This configured policy also requires users to assume a role for most API calls.
@@ -8,12 +9,6 @@ Creates the following resources:
 * IAM group policy attachment for defining which IAM groups to enforce MFA on.
 * IAM user policy attachment for defining which IAM users to enforce MFA on.
 
-## Terraform Versions
-
-Terraform 0.12. Pin module version to ~> 2.X. Submit pull-requests to master branch.
-
-Terraform 0.11. Pin module version to ~> 1.X. Submit pull-requests to terraform011 branch.
-
 ## Usage
 
 ```hcl
@@ -25,13 +20,22 @@ module "aws_mfa" {
 }
 ```
 
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| aws | n/a |
+
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| iam\_groups | List of IAM groups to enforce MFA when accessing the AWS API. | list(string) | `[]` | no |
-| iam\_users | List of IAM users to enforce MFA when accessing the AWS API. | list(string) | `[]` | no |
+|------|-------------|------|---------|:-----:|
+| iam\_groups | List of IAM groups to enforce MFA when accessing the AWS API. | `list(string)` | `[]` | no |
+| iam\_users | List of IAM users to enforce MFA when accessing the AWS API. | `list(string)` | `[]` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

main.tf

@@ -21,6 +21,9 @@
  * ```
  */
 
+data "aws_partition" "current" {
+}
+
 data "aws_iam_policy_document" "main" {
   statement {
     sid    = "AllowAllUsersToListAccounts"
@@ -57,7 +60,7 @@ data "aws_iam_policy_document" "main" {
     ]
 
     resources = [
-      "arn:aws:iam::*:user/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:user/&{aws:username}",
     ]
   }
 
@@ -70,8 +73,8 @@ data "aws_iam_policy_document" "main" {
     ]
 
     resources = [
-      "arn:aws:iam::*:mfa/*",
-      "arn:aws:iam::*:user/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:mfa/*",
+      "arn:${data.aws_partition.current.partition}:iam::*:user/&{aws:username}",
     ]
   }
 
@@ -87,8 +90,8 @@ data "aws_iam_policy_document" "main" {
     ]
 
     resources = [
-      "arn:aws:iam::*:mfa/&{aws:username}",
-      "arn:aws:iam::*:user/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:mfa/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:user/&{aws:username}",
     ]
   }
 
@@ -101,8 +104,8 @@ data "aws_iam_policy_document" "main" {
     ]
 
     resources = [
-      "arn:aws:iam::*:mfa/&{aws:username}",
-      "arn:aws:iam::*:user/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:mfa/&{aws:username}",
+      "arn:${data.aws_partition.current.partition}:iam::*:user/&{aws:username}",
     ]
 
     condition {