Partition (#35)

* Update main.tf * Update variables.tf * Auto Format * Update README.md * Auto Format Co-authored-by: cloudpossebot <[email protected]>
cloudposse · Aug 31, 2021 · c70209d · c70209d
1 parent c22c073
commit c70209d
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -191,6 +191,7 @@ Available targets:
 | [aws_iam_policy_document.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.core](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -38,6 +38,7 @@
 | [aws_iam_policy_document.all](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.core](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
 | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
 
 ## Inputs

diff --git a/main.tf b/main.tf
@@ -1,3 +1,5 @@
+data "aws_partition" "current" {}
+
 data "aws_caller_identity" "current" {
   count = module.this.enabled ? 1 : 0
 }
@@ -39,7 +41,7 @@ data "aws_iam_policy_document" "assume_role" {
       type = "AWS"
 
       identifiers = [
-        "arn:aws:iam::${var.datadog_aws_account_id}:root"
+        "arn:${data.aws_partition.current.partition}:iam::${var.datadog_aws_account_id}:root"
       ]
     }
 

diff --git a/variables.tf b/variables.tf
@@ -53,13 +53,13 @@ variable "dd_api_key_source" {
 
   # Check KMS ARN format
   validation {
-    condition     = var.dd_api_key_source.resource == "kms" ? can(regex("arn:aws:kms:.*:key/.*", var.dd_api_key_source.identifier)) : true
+    condition     = var.dd_api_key_source.resource == "kms" ? can(regex("arn:.*:kms:.*:key/.*", var.dd_api_key_source.identifier)) : true
     error_message = "ARN for KMS key does not appear to be valid format (example: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab)."
   }
 
   # Check ASM ARN format
   validation {
-    condition     = var.dd_api_key_source.resource == "asm" ? can(regex("arn:aws:secretsmanager:.*:secret:.*", var.dd_api_key_source.identifier)) : true
+    condition     = var.dd_api_key_source.resource == "asm" ? can(regex("arn:.*:secretsmanager:.*:secret:.*", var.dd_api_key_source.identifier)) : true
     error_message = "ARN for AWS Secrets Manager (asm) does not appear to be valid format (example: arn:aws:secretsmanager:us-west-2:111122223333:secret:aes128-1a2b3c)."
   }