Skip to content

Commit

Permalink
fix: Use dynamic partition data source to determine DNS suffix for Ka…
Browse files Browse the repository at this point in the history 
…rpenter EC2 pass role permission (#3193)

* fix karpenter iam passrole to ec2 api bug, to support aws cn

* fix: Use dyanmic partition value for DNS suffix

---------

Co-authored-by: Shuiping <[email protected]>
Co-authored-by: Bryant Biggs <[email protected]>
  • Loading branch information
@joey100 @bryantbiggs
3 people authored Oct 27, 2024
1 parent 4abc779 commit dea6c44
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions modules/karpenter/policy.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" {
condition {
test = "StringEquals"
variable = "iam:PassedToService"
values = ["ec2.amazonaws.com"]
values = ["ec2.${local.dns_suffix}"]
}
}

Expand Down Expand Up @@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" {
condition {
test = "StringEquals"
variable = "iam:PassedToService"
values = ["ec2.amazonaws.com"]
values = ["ec2.${local.dns_suffix}"]
}
}

Expand Down

0 comments on commit dea6c44

Please sign in to comment.