cross account pulls

lab/_envcommon/common-variables.hcl

@@ -17,13 +17,21 @@ locals {
     }
   }
   eecr_account_id = local.enterprise_ecr_account.lab["account_id"]
-
+  eecr_alias = local.enterprise_ecr_account.lab["alias"]
+  eecr_role = local.enterprise_ecr_account.lab["role"]
+  eecr_profile = format("%v-%v.%v", local.eecr_account_id, local.eecr_alias, local.eecr_role)
   enterprise_ecr_account = {
     lab = {
       "account_id" = "269222635945"
+      "alias"      = "lab-gov-shared-nonprod"
+      "region"     = "us-gov-east-1"
+      "role"       = "inf-admin-t1"
     }
     prod = {
       "account_id" = "067074201825"
+      "alias"      = "ent-gov-shared-prod"
+      "region"     = "us-gov-east-1"
+      "role"       = "inf-admin-t1"
     }
   }
 }

lab/root.hcl

@@ -39,7 +39,7 @@ locals {
   aws_region            = local.region_vars.locals.aws_region
   cluster_name          = local.cluster_vars.locals.cluster_name
   eecr_account_id       = local.common_vars.locals.eecr_account_id
-  eecr_profile          = replace(local.aws_profile, local.account_id, local.eecr_account_id)
+  eecr_profile          = local.common_vars.locals.eecr_profile
   environment_abbr      = local.account_vars.locals.environment_abbr
   finops_project_name   = local.cluster_vars.locals.finops_project_name
   finops_project_number = local.cluster_vars.locals.finops_project_number
@@ -162,11 +162,8 @@ generate "eecr-provider" {
   contents  = <<-EOF
   provider "aws" {
     alias   = "eecr"
-    profile = var.profile
-    assume_role {
-      role_arn     = format("arn:%v:iam::%v:role/r-ent-ecr", data.aws_arn.current.partition, data.aws_caller_identity.current.account_id)
-      session_name = var.os_username
-    }
+    profile = "${local.eecr_profile}"
+    region = "${local.aws_region}"
   }
 EOF
 }