From caf5d2aff166a5f2b3df85830ddf62a1e6c11b16 Mon Sep 17 00:00:00 2001 From: Shuiping Date: Sat, 26 Oct 2024 12:01:39 +0800 Subject: [PATCH 1/2] fix karpenter iam passrole to ec2 api bug, to support aws cn --- modules/karpenter/policy.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf index 456a27f417..54dc85c1fd 100644 --- a/modules/karpenter/policy.tf +++ b/modules/karpenter/policy.tf @@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = ["ec2.amazonaws.com"] + values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"] } } @@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = ["ec2.amazonaws.com"] + values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"] } } From 424f4c16e59a4f0f92829f84a86f14cefca3544c Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sat, 26 Oct 2024 19:09:06 -0500 Subject: [PATCH 2/2] fix: Use dyanmic partition value for DNS suffix --- modules/karpenter/policy.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/karpenter/policy.tf b/modules/karpenter/policy.tf index 54dc85c1fd..7fb04e47b2 100644 --- a/modules/karpenter/policy.tf +++ b/modules/karpenter/policy.tf @@ -195,7 +195,7 @@ data "aws_iam_policy_document" "v033" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"] + values = ["ec2.${local.dns_suffix}"] } } @@ -584,7 +584,7 @@ data "aws_iam_policy_document" "v1" { condition { test = "StringEquals" variable = "iam:PassedToService" - values = local.partition == "aws" ? ["ec2.amazonaws.com"] : ["ec2.amazonaws.com.cn"] + values = ["ec2.${local.dns_suffix}"] } }