search

elastic / terraform-elastic-esf

Terraform - Elastic Serverless Forwarder
Other
1 stars 0 forks source link

Make terraform work with govcloud #11

Open kaiyan-sheng opened 3 months ago

kaiyan-sheng commented 3 months ago

When testing ESF on govcloud, there are the several changes I have to make manually in this terraform repo in order to make it work:

--- a/esf.tf
+++ b/esf.tf
@@ -172,7 +172,7 @@ module "esf-lambda-function" {

   attach_policies    = true
   number_of_policies = 1
-  policies           = ["arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]
+  policies           = ["arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]

   attach_policy_statements = true

@@ -182,8 +182,8 @@ module "esf-lambda-function" {
         effect  = "Allow",
         actions = ["s3:GetObject"],
         resources = [
-          "arn:aws:s3:::${local.config-bucket-name}/config.yaml",
-          "arn:aws:s3:::${local.config-bucket-name}/${local.dependencies-file}"
+          "arn:aws-us-gov:s3:::${local.config-bucket-name}/config.yaml",
+          "arn:aws-us-gov:s3:::${local.config-bucket-name}/${local.dependencies-file}"
         ]
       },

Everything else works great!

axw commented 3 months ago

We should probably use the aws_partition data source: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition