From 018d1e60c16b3732ee0cfac0c9f5be15b7decf64 Mon Sep 17 00:00:00 2001
From: "J. Q" <55899496+jawadqur@users.noreply.github.com>
Date: Tue, 13 Feb 2024 16:13:29 -0600
Subject: [PATCH] Fix issues with AWS Resource Access Manager (#95)

* Fix issues with sharing resources between accounts

* Truncate roleName for nextflow
---
 hatchery/nextflow.go       |  2 +-
 hatchery/ram.go            | 12 ++++++++++--
 hatchery/transitgateway.go |  2 +-
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/hatchery/nextflow.go b/hatchery/nextflow.go
index f4afbd84..098c5180 100644
--- a/hatchery/nextflow.go
+++ b/hatchery/nextflow.go
@@ -188,7 +188,7 @@ func createNextflowResources(userName string, nextflowConfig NextflowConfig) (st
 	}
 
 	// create role for nextflow-created jobs
-	roleName := policyName
+	roleName := truncateString(policyName, 64)
 	roleResult, err := iamSvc.CreateRole(&iam.CreateRoleInput{
 		RoleName: &roleName,
 		AssumeRolePolicyDocument: aws.String(`{
diff --git a/hatchery/ram.go b/hatchery/ram.go
index b1ebaf55..cec91526 100644
--- a/hatchery/ram.go
+++ b/hatchery/ram.go
@@ -11,8 +11,16 @@ import (
 	"github.com/aws/aws-sdk-go/service/ram"
 )
 
-func acceptTransitGatewayShare(pm *PayModel, userName string, sess *session.Session, ramArn *string) error {
-	ramSvc := ram.New(sess)
+func acceptTransitGatewayShare(pm *PayModel, sess *session.Session, ramArn *string) error {
+	roleARN := "arn:aws:iam::" + pm.AWSAccountId + ":role/csoc_adminvm"
+	svc := NewSVC(sess, roleARN)
+
+	// create RAM client in remote account.
+	ramSvc := ram.New(session.Must(session.NewSession(&aws.Config{
+		Credentials: svc.creds,
+		Region:      aws.String("us-east-1"),
+	})))
+
 	// Check if the resource share is already accepted.
 	// If not, accept the resource share
 	ramName := strings.ReplaceAll(os.Getenv("GEN3_ENDPOINT"), ".", "-") + "-ram"
diff --git a/hatchery/transitgateway.go b/hatchery/transitgateway.go
index 4a112ebd..71ec645c 100644
--- a/hatchery/transitgateway.go
+++ b/hatchery/transitgateway.go
@@ -45,7 +45,7 @@ func setupTransitGateway(userName string) error {
 	}
 
 	// Accept transit gateway share in remote account
-	err = acceptTransitGatewayShare(pm, *tgwarn, sess, ramArn)
+	err = acceptTransitGatewayShare(pm, sess, ramArn)
 	if err != nil {
 		return err
 	}