search

lablabs / terraform-aws-eks-external-dns

Apache License 2.0
33 stars 26 forks source link

bug: The iam policy can't be created in AWS China #31

Closed Wyifei closed 1 year ago

Wyifei commented 1 year ago

Summary

The iam policy can't be created in AWS China, because AWS china the arn format is: arn:awscn

Issue Type

Bug Report

Terraform Version

terraform --version
Terraform v1.3.6
on linux_amd64
+ provider registry.terraform.io/cloudposse/utils v1.6.0
+ provider registry.terraform.io/hashicorp/aws v4.45.0
+ provider registry.terraform.io/hashicorp/external v2.2.3
+ provider registry.terraform.io/hashicorp/helm v2.7.1
+ provider registry.terraform.io/hashicorp/kubernetes v2.11.0

Steps to Reproduce

module "external_dns" { count = var.environment == "dev" ? 1 : 0 source = "lablabs/eks-external-dns/aws" version = "1.1.0"

cluster_identity_oidc_issuer = data.aws_iam_openid_connect_provider.meid_eks_oidc.url cluster_identity_oidc_issuer_arn = data.aws_iam_openid_connect_provider.meid_eks_oidc.arn

irsa_role_name_prefix = "irsa-external-dns-${var.projectname}-${var.environment}-${var.region}" irsa_tags = { Name = "external-dns-${var.projectname}-${var.environment}-${var.region}" Region = var.region Environment = var.environment Managedby = "Terraform" }

helm_chart_version = "6.8.1"

values = yamlencode({ policy = "sync" triggerLoopOnEvent = true txtPrefix = "z-external-dns-" global = { imageRegistry = "${var.accountid}.dkr.ecr.${var.region}.${var.awsdomain}" } }) }

Expected Results

The iam policy cloud be created successfully

Actual Results

Error: error creating IAM Policy irsa-external-dns-meid-cn-dev-cn-north-1-external-dns: MalformedPolicyDocument: Partition "aws" is not valid for resource "arn:aws:route53:::hostedzone/*".
│       status code: 400, request id: ecc835f4-88df-401b-a4a5-36a16e692e8b
│ 
│   with module.external_dns[0].aws_iam_policy.this[0],
│   on .terraform/modules/external_dns/iam.tf line 49, in resource "aws_iam_policy" "this":
│   49: resource "aws_iam_policy" "this" {
Wyifei commented 1 year ago

Looking forward version update

Wyifei commented 1 year ago

=.=

tomas-balaz commented 1 year ago

Hi @Wyifei

We've just released the new version of this module (v1.2.0)

You can use aws_partition variable now, as you can see in https://github.com/lablabs/terraform-aws-eks-external-dns/pull/35#issuecomment-1611780101